Yes, I know the deficiencies list as reported in this document is not exhaustive but it's worth mentionning this one even in a rejected errata. It had a greater impact than the MITM reset, the latter being mentionned.
Le jeu. 11 oct. 2018 à 15:27, RFC Errata System <rfc-edi...@rfc-editor..org> a écrit : > The following errata report has been rejected for RFC6176, > "Prohibiting Secure Sockets Layer (SSL) Version 2.0". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata/eid5520 > > -------------------------------------- > Status: Rejected > Type: Editorial > > Reported by: Eugene Adell <eugene.ad...@gmail.com> > Date Reported: 2018-10-11 > Rejected by: EKR (IESG) > > Section: 2 > > Original Text > ------------- > o Sessions can be easily terminated. A man-in-the-middle can easily > insert a TCP FIN to close the session, and the peer is unable to > determine whether or not it was a legitimate end of the session. > > Corrected Text > -------------- > o Sessions can be easily terminated. A man-in-the-middle can easily > insert a TCP FIN to close the session, and the peer is unable to > determine whether or not it was a legitimate end of the session. > > o The root certificate authority keys are overexposed. The server > sends only one certificate signed by a root certificate authority, > which means a frequent use of this authority keys for signing new > certificates. This use can lead to key loss and the compromise of > all certificates previously signed including the root certificate. > > Notes > ----- > Adding a deficiency. > Recent history showed that well-known authorities could loose their keys > and it had a wide impact on security. > SSL 2.0 limits the certificate handshake message to one single > certificate, thus making it impossible to send a certificate chain. > A certificate chain doesn't completely prevent key loss, but it gives more > protection to the root certificate keys which can be stored and hidden > until we need them again, which is much less often than without chaining. > > > > --VERIFIER NOTES-- > This isn't an error in the original document. It's new text you want to > add. > > -------------------------------------- > RFC6176 (draft-ietf-tls-ssl2-must-not-04) > -------------------------------------- > Title : Prohibiting Secure Sockets Layer (SSL) Version 2.0 > Publication Date : March 2011 > Author(s) : S. Turner, T. Polk > Category : PROPOSED STANDARD > Source : Transport Layer Security > Area : Security > Stream : IETF > Verifying Party : IESG >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
