Here's the post-WGLC version of the BCP. Thanks to everybody who reviewed the
draft and those who participated in the discussion leading to this version.
Quite a few changes from -04:
- More clarity and guidance on session resumption.
- Clarity on TLS 1.2 renegotiation.
- Wording on the 0-RTT feature aligned with RFC 8446.
- SHOULD NOT guidance on static and ephemeral finite field DH
cipher suites.
- Revamped the recommended TLS 1.2 cipher suites, removing DHE
and adding ECDSA. The latter due to the wide adoption of ECDSA
certificates and in line with RFC 8446.
- Recommendation to use deterministic ECDSA.
- Finally deprecated the old TLS 1.2 MTI cipher suite.
- Deeper discussion of ECDH public key reuse issues, and as a
result, recommended support of X25519.
- Reworded the section on certificate revocation and OCSP
following a long mailing list thread.
The authors believe the draft is ready to move forward. Chairs, please make a
call on the next steps.
Thanks,
Peter, Thomas and Yaron
On 2/3/22, 13:25, "internet-dra...@ietf.org" <internet-dra...@ietf.org> wrote:
A new version of I-D, draft-ietf-uta-rfc7525bis-05.txt
has been successfully submitted by Yaron Sheffer and posted to the
IETF repository.
Name: draft-ietf-uta-rfc7525bis
Revision: 05
Title: Recommendations for Secure Use of Transport Layer
Security (TLS) and Datagram Transport Layer Security (DTLS)
Document date: 2022-02-03
Group: uta
Pages: 38
URL:
https://www.ietf.org/archive/id/draft-ietf-uta-rfc7525bis-05.txt
Status: https://datatracker.ietf.org/doc/draft-ietf-uta-rfc7525bis/
Html:
https://www.ietf.org/archive/id/draft-ietf-uta-rfc7525bis-05.html
Htmlized:
https://datatracker.ietf.org/doc/html/draft-ietf-uta-rfc7525bis
Diff:
https://www.ietf.org/rfcdiff?url2=draft-ietf-uta-rfc7525bis-05
Abstract:
Transport Layer Security (TLS) and Datagram Transport Layer Security
(DTLS) are widely used to protect data exchanged over application
protocols such as HTTP, SMTP, IMAP, POP, SIP, and XMPP. Over the
years, the industry has witnessed several serious attacks on TLS and
DTLS, including attacks on the most commonly used cipher suites and
their modes of operation. This document provides recommendations for
improving the security of deployed services that use TLS and DTLS.
The recommendations are applicable to the majority of use cases.
This document was published as RFC 7525 when the industry was in the
midst of its transition to TLS 1.2. Years later this transition is
largely complete and TLS 1.3 is widely available. Given the new
environment, updated guidance is needed.
The IETF Secretariat
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
