Deprecating Secure Sockets Layer Version 3.0
draft-ietf-tls-sslv3-diediedie-03
Yes
(Ben Campbell)
(Brian Haberman)
(Joel Jaeggli)
(Kathleen Moriarty)
(Martin Stiemerling)
(Stephen Farrell)
No Objection
(Alia Atlas)
(Alvaro Retana)
(Deborah Brungard)
(Jari Arkko)
(Terry Manderson)
Note: This ballot was opened for revision 02 and is now closed.
Barry Leiba Former IESG member
Yes
Yes
(2015-04-07 for -02)
Unknown
The abstract says (as it should) that this updates all versions of TLS... yet the metadata only updates 1.2. For most situations I'd think that appropriate (no need to update the ones that are obsoleted), but in this case the deployment of earlier versions is sufficiently widespread (and, after all, you do have them as normative references) that I think we should add 2246 and 4346 to the "updates" list. Note, though, that this is not a DISCUSS, so I'll leave it to y'all to decide what's best. I think prohibiting-rc4 doesn't need to be a normative reference; I'd make it informative. I think the same is true for RFC 4492. -- Section 3 -- Pretty short litany, here, really. I guess it's not the whole megillah. Jus' sayin'.
Ben Campbell Former IESG member
Yes
Yes
(for -02)
Unknown
Brian Haberman Former IESG member
Yes
Yes
(for -02)
Unknown
Joel Jaeggli Former IESG member
Yes
Yes
(for -02)
Unknown
Kathleen Moriarty Former IESG member
Yes
Yes
(for -02)
Unknown
Martin Stiemerling Former IESG member
Yes
Yes
(for -02)
Unknown
Stephen Farrell Former IESG member
Yes
Yes
(for -02)
Unknown
Alia Atlas Former IESG member
No Objection
No Objection
(for -02)
Unknown
Alvaro Retana Former IESG member
No Objection
No Objection
(for -02)
Unknown
Deborah Brungard Former IESG member
No Objection
No Objection
(for -02)
Unknown
Jari Arkko Former IESG member
No Objection
No Objection
(for -02)
Unknown
Spencer Dawkins Former IESG member
No Objection
No Objection
(2015-04-06 for -02)
Unknown
Thank you for writing this. Even the transport dorks know it matters. I wish you had used the word "die" in the draft name more than three times, but you're the experts :-) I'm not parsing this text the way I think you want me to: The predecessor of SSLv3, SSL version 2 [RFC6101], is no longer considered secure [RFC6176]. SSLv3 now follows. I'm struggling with "is no longer considered secure" in the present tense, describing an action taken several years ago. Is the point that negotiating SSLv2 was prohibited in 2011 because SSLv2 was no longer considered secure, and negotiating SSLv3 is now being prohibited in the same way, for the reasons listed in this document? If so, saying something like that might be clearer ...
Terry Manderson Former IESG member
No Objection
No Objection
(for -02)
Unknown