Okay, I read draft-ietf-uta-tls-bcp[0] for REAL this time. Sorry about that. Most of my prior comments are addressed, I still have a few.
1) "will very likely obsolete the current document" Suggest it be "will very likely obsolete this document" 2) There are a few attacks on TLS that are omitted. In particular, I would have expected information on securing deploying a configuration that also avoids: - The ECC algorithm confusion attack[1] - Triple Handshake - TLS stripping (And using HSTS to prevent) 3) I think it is worth mentioning that TLS Servers have an asymetric workload with the client, and thus can be subject to computational DoS attacks. 4) I would like to say something about using PKP to mitigate certificate forgeries, but that'll have to be in an update when PKP gets standardized. 5) I would love to say something about section 3.2 and using (if/when it becomes available) the SCSV, but I suppose that doesn't actually help anyone because it's not available now either. 6) In the attacks document, I still think it's a little awkward to mention Lucky 13. I would suggest mentioning explicitly this is an implementation error that has been corrected in up to date libraries. I would also say in BEAST that the flaw was corrected in TLS 1.1. 7) Is it worth mentioning that an operator should not deploy a server that does not meet the TLS spec. In particular, the deployment of servers that are intolerant of long handshake messages, ciphersuites or extensions they don't recognize, or that hang on newer versions of TLS? 8) My opinion is that OCSP information, stapled in the response, is a 'Best Current Practice' for TLS. Again, sorry for my prior confusion. -tom [0] http://tools.ietf.org/html/draft-ietf-uta-tls-bcp-00 [1] https://www.cosic.esat.kuleuven.be/publications/article-2216.pdf _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
