Hi Watson,
On 08/06/2014 06:53 AM, Watson Ladd wrote:
Dear all,
We seem to be woefully short on advice dealing with hostname
validation. This is probably the real world problem that most often
trips people up, in part because OpenSSL versions prior to 0.9.8 don't
do it, and many TLS libraries have poor interfaces for it.
I would appreciate proposed text about hostname validation. I suspect
this simply amounts to "please implement the RFC correctly", but if
there's something better we can say, let's do it.
We're also
ignoring a discussion of how to avoid being victimized by Triple
Handshake.
Added in our working copy.
We're also missing ephemeral key reuse
The TLS WG keeps ignoring the need to standardize this issue (cf. RFC
6989). I you can offer some text that would NOT add normative TLS
behavior but would still be useful, please do so.
and I think the section of
draft-ietf-uta-tls-bcp-01 discussing PFS should include (because it
isn't clear) that the suites with ECDHE or DHE in the name are the
correct ones, not the ECDH or DH ones.
Sure, done.
Thanks,
Yaron
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
