Skip to main content

The Secure Sockets Layer (SSL) Protocol Version 3.0
draft-mavrogiannopoulos-ssl-version3-06

Revision differences

Document history

Date Rev. By Action
2012-08-22
06 (System) post-migration administrative database adjustment to the No Objection position for Adrian Farrel
2011-06-16
06 (System) IANA Action state changed to No IC from In Progress
2011-06-16
06 (System) IANA Action state changed to In Progress
2011-06-16
06 Amy Vezza State changed to RFC Ed Queue from Approved-announcement sent.
2011-06-15
06 Cindy Morgan IESG state changed to Approved-announcement sent
2011-06-15
06 Cindy Morgan IESG has approved the document
2011-06-15
06 Cindy Morgan Closed "Approve" ballot
2011-06-15
06 Cindy Morgan Approval announcement text regenerated
2011-06-15
06 Cindy Morgan Ballot writeup text changed
2011-06-14
06 Sean Turner Ballot writeup text changed
2011-06-10
06 Adrian Farrel [Ballot Position Update] Position for Adrian Farrel has been changed to No Objection from Discuss
2011-06-10
06 (System) Sub state has been changed to AD Follow up from New Id Needed
2011-06-10
06 (System) New version available: draft-mavrogiannopoulos-ssl-version3-06.txt
2011-06-09
06 Cindy Morgan Removed from agenda for telechat
2011-06-09
06 Cindy Morgan State changed to IESG Evaluation::Revised ID Needed from IESG Evaluation.
2011-06-09
06 Sean Turner Ballot writeup text changed
2011-06-09
06 Jari Arkko [Ballot comment]
I agree with Adrian's Discuss.
2011-06-09
06 Jari Arkko [Ballot Position Update] New position, No Objection, has been recorded
2011-06-09
06 Gonzalo Camarillo [Ballot Position Update] New position, No Objection, has been recorded
2011-06-08
06 Ron Bonica [Ballot Position Update] New position, No Objection, has been recorded
2011-06-07
06 Wesley Eddy [Ballot comment]
I support Adrian's DISCUSS
2011-06-07
06 Wesley Eddy [Ballot Position Update] New position, No Objection, has been recorded
2011-06-07
06 Adrian Farrel
[Ballot discuss]
Thank you for taking the trouble to produce this document and for including the Foreword to explain why the document is being published. …
[Ballot discuss]
Thank you for taking the trouble to produce this document and for including the Foreword to explain why the document is being published.

I find that despite the Foreword and the Historic status, the tone of the document tends toward implying that the IETF supports implementation of SSL v3.0. This problem is caused by:

- The Abstract not mentioning Historic or "do not implement"

- The Introduction being copied from the original I-D (which obviously
  intended implementation)

- The document containing a section "Goals of this document" which
  reflect the original aims of the document not the actual aims of the
  RFC.

I don't want to cause a lot of work or heartache, but we need to make it abundantly clear what is going on. Can I make the following suggestions...                                 

1. Abstract

  s/specifies/describes/

2. Add a second short paragraph to the Abstract.

  This document is published as a historical record of the SSL v3.0
  protocol. New implementations of SSL v3.0 are not recommended
  because the protocol has been made obsolete by Transport Layer
  Security (TLS) described in RFC 5246.

3. Remove section 3

  You might salvage some of the text by adding the following to the
  end of the Introduction...

  This document is not intended to supply any details of service
  definition nor interface definition, although it does cover select
  areas of policy as they are required for the maintenance of solid
  security.
2011-06-07
06 Adrian Farrel [Ballot Position Update] New position, Discuss, has been recorded
2011-06-07
06 Robert Sparks [Ballot Position Update] New position, No Objection, has been recorded
2011-06-07
06 Sean Turner State changed to IESG Evaluation from Waiting for AD Go-Ahead::AD Followup.
2011-06-03
06 Stephen Farrell [Ballot Position Update] New position, Yes, has been recorded
2011-06-03
06 Stewart Bryant [Ballot Position Update] New position, No Objection, has been recorded
2011-06-03
06 Peter Saint-Andre [Ballot Position Update] New position, No Objection, has been recorded
2011-06-02
06 Pete Resnick [Ballot Position Update] New position, No Objection, has been recorded
2011-06-02
06 Russ Housley [Ballot Position Update] New position, No Objection, has been recorded
2011-06-02
06 Sean Turner [Ballot Position Update] New position, Yes, has been recorded for Sean Turner
2011-06-02
06 Sean Turner Ballot has been issued
2011-06-02
06 Sean Turner Created "Approve" ballot
2011-06-02
06 Sean Turner
2011-06-02
06 Sean Turner Placed on agenda for telechat - 2011-06-09
2011-06-02
06 Sean Turner Status Date has been changed to 2011-06-02 from 2011-05-05
2011-06-02
06 (System) Sub state has been changed to AD Follow up from New Id Needed
2011-06-02
05 (System) New version available: draft-mavrogiannopoulos-ssl-version3-05.txt
2011-06-02
06 Sean Turner Ballot writeup text changed
2011-06-02
06 Sean Turner State changed to Waiting for AD Go-Ahead::Revised ID Needed from Waiting for AD Go-Ahead::AD Followup.
2011-05-19
06 Sam Weiler Request for Last Call review by SECDIR Completed. Reviewer: Dan Harkins.
2011-05-16
06 (System) Sub state has been changed to AD Follow up from New ID Needed
2011-05-16
04 (System) New version available: draft-mavrogiannopoulos-ssl-version3-04.txt
2011-05-11
06 Sean Turner State changed to Waiting for AD Go-Ahead::Revised ID Needed from Waiting for AD Go-Ahead.
2011-05-05
06 Sean Turner
2011-05-05
06 Sean Turner Status Date has been changed to 2011-05-05 from 2011-04-05
2011-05-03
06 (System) State changed to Waiting for AD Go-Ahead from In Last Call.
2011-04-12
06 Amanda Baber
IANA notes that this document does not contain a standard IANA
Considerations section. After examining the draft, IANA understands
that, upon approval of this document, …
IANA notes that this document does not contain a standard IANA
Considerations section. After examining the draft, IANA understands
that, upon approval of this document, there are no IANA Actions that
need completion.
2011-04-11
03 (System) New version available: draft-mavrogiannopoulos-ssl-version3-03.txt
2011-04-06
06 Sam Weiler Request for Last Call review by SECDIR is assigned to Dan Harkins
2011-04-06
06 Sam Weiler Request for Last Call review by SECDIR is assigned to Dan Harkins
2011-04-05
06 Amy Vezza Last call sent
2011-04-05
06 Amy Vezza
State changed to In Last Call from Last Call Requested.

The following Last Call Announcement was sent out:

From: The IESG
To: IETF-Announce , tls@ietf.org …
State changed to In Last Call from Last Call Requested.

The following Last Call Announcement was sent out:

From: The IESG
To: IETF-Announce , tls@ietf.org
Reply-To: ietf@ietf.org
Subject: Last Call:  (The SSL Protocol Version 3.0) to Historic


The IESG has received a request from an individual submitter to consider
the following document:
- 'The SSL Protocol Version 3.0'
  as a Historic

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2011-05-03. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

The file can be obtained via
http://datatracker.ietf.org/doc/draft-mavrogiannopoulos-ssl-version3/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-mavrogiannopoulos-ssl-version3/

2011-04-05
06 Sean Turner Last Call was requested
2011-04-05
06 Sean Turner State changed to Last Call Requested from Publication Requested.
2011-04-05
06 Sean Turner Last Call text changed
2011-04-05
06 (System) Ballot writeup text was added
2011-04-05
06 (System) Last call text was added
2011-04-05
06 (System) Ballot approval text was added
2011-04-05
02 (System) New version available: draft-mavrogiannopoulos-ssl-version3-02.txt
2011-04-05
06 Sean Turner
[Note]: changed to 'Nikos Mavrogiannopoulos (nmav@gnutls.org) is the document shepherd; Please note the person submitting this draft is *NOT* one of the authors; …
[Note]: changed to 'Nikos Mavrogiannopoulos (nmav@gnutls.org) is the document shepherd; Please note the person submitting this draft is *NOT* one of the authors; however we felt it extremely important to retain their names and affiliations on this draft. '
2011-04-05
06 Sean Turner Status Date has been changed to 2011-04-05 from None
2011-04-04
06 Cindy Morgan
  (1.a) Who is the Document Shepherd for this document? Has the
        Document Shepherd personally reviewed this version of the
  …
  (1.a) Who is the Document Shepherd for this document? Has the
        Document Shepherd personally reviewed this version of the
        document and, in particular, does he or she believe this
        version is ready for forwarding to the IESG for publication?
Nikos Mavrogiannopoulos
Yes and Yes.


  (1.b) Has the document had adequate review both from key WG members
        and from key non-WG members? Does the Document Shepherd have
        any concerns about the depth or breadth of the reviews that
        have been performed? 
No WG is associated with the document. The document has been reviewed
by people in the TLS-WG.


  (1.c) Does the Document Shepherd have concerns that the document
        needs more review from a particular or broader perspective,
        e.g., security, operational complexity, someone familiar with
        AAA, internationalization or XML?
No.

  (1.d) Does the Document Shepherd have any specific concerns or
        issues with this document that the Responsible Area Director
        and/or the IESG should be aware of? For example, perhaps he
        or she is uncomfortable with certain parts of the document, or
        has concerns whether there really is a need for it. In any
        event, if the WG has discussed those issues and has indicated
        that it still wishes to advance the document, detail those
        concerns here. Has an IPR disclosure related to this document
        been filed? If so, please include a reference to the
        disclosure and summarize the WG discussion and conclusion on
        this issue.
No.

  (1.e) How solid is the WG consensus behind this document? Does it
        represent the strong concurrence of a few individuals, with
        others being silent, or does the WG as a whole understand and
        agree with it? 
There is a general agreement that a document describing the latest
version of SSL 3.0 is needed. People from the IETF TLS WG reacted positively
in publishing this document. (http://comments.gmane.org/gmane.ietf.tls/8143)

  (1.f) Has anyone threatened an appeal or otherwise indicated extreme
        discontent? If so, please summarise the areas of conflict in
        separate email messages to the Responsible Area Director. (It
        should be in a separate email because this questionnaire is
        entered into the ID Tracker.)
No.

  (1.g) Has the Document Shepherd personally verified that the
        document satisfies all ID nits? (See the Internet-Drafts Checklist
        and http://tools.ietf.org/tools/idnits/). Boilerplate checks are
        not enough; this check needs to be thorough. Has the document
        met all formal review criteria it needs to, such as the MIB
        Doctor, media type and URI type reviews?
Yes.

  (1.h) Has the document split its references into normative and
        informative? Are there normative references to documents that
        are not ready for advancement or are otherwise in an unclear
        state? If such normative references exist, what is the
        strategy for their completion? Are there normative references
        that are downward references, as described in [RFC3967]? If
        so, list these downward references to support the Area
        Director in the Last Call procedure for them [RFC3967].
Yes. There are no normative references in this document.


  (1.i) Has the Document Shepherd verified that the document IANA
        consideration section exists and is consistent with the body
        of the document? If the document specifies protocol
        extensions, are reservations requested in appropriate IANA
        registries? Are the IANA registries clearly identified? If
        the document creates a new registry, does it define the
        proposed initial contents of the registry and an allocation
        procedure for future registrations? Does it suggest a
        reasonable name for the new registry? See [RFC5226]. If the
        document describes an Expert Review process has Shepherd
        conferred with the Responsible Area Director so that the IESG
        can appoint the needed Expert during the IESG Evaluation?
This is an old document intended to be published as Historic and
the original document was barely changed. Thus no IANA considerations
section was added (there were not any).

  (1.j) Has the Document Shepherd verified that sections of the
        document that are written in a formal language, such as XML
        code, BNF rules, MIB definitions, etc., validate correctly in
        an automated checker?
N/A.

  (1.k) The IESG approval announcement includes a Document
        Announcement Write-Up. Please provide such a Document
        Announcement Write-Up? Recent examples can be found in the
        "Action" announcements for approved documents. The approval
        announcement contains the following sections:

    Technical Summary
        Relevant content can frequently be found in the abstract
        and/or introduction of the document. If not, this may be
        an indication that there are deficiencies in the abstract
        or introduction.

This document specifies Version 3.0 of the Secure Sockets Layer (SSL
V3.0) protocol, a security protocol that provides communications
privacy over the Internet.  The protocol allows client/server
applications to communicate in a way that is designed to prevent
eavesdropping, tampering, or message forgery.


    Working Group Summary
        Was there anything in WG process that is worth noting? For
        example, was there controversy about particular points or
        were there decisions where the consensus was particularly
        rough?
The document was proposed to be published as a TLS WG item, but
the consensus to the discussion was that the WG was not needed
to publish a Historic document.

    Document Quality
        Are there existing implementations of the protocol? Have a
        significant number of vendors indicated their plan to
        implement the specification? Are there any reviewers that
        merit special mention as having done a thorough review,
        e.g., one that resulted in important changes or a
        conclusion that the document had no substantive issues? If
        there was a MIB Doctor, Media Type or other expert review,
        what was its course (briefly)? In the case of a Media Type
        review, on what date was the request posted?

The document describes the SSL 3.0 protocol which is widely
implemented by various vendors.

Personnel

    Who is the Document Shepherd for this document? Who is the Responsible Area Director?

Nikos Mavrogiannopoulos is the Document Shepherd. Sean Turner is the Area Director.

2011-04-04
06 Cindy Morgan Draft added in state Publication Requested
2011-04-04
06 Cindy Morgan
[Note]: 'Nikos Mavrogiannopoulos (nmav@gnutls.org) is the document shepherd.  Please note the person submitting this draft is *NOT* one of the authors; however we …
[Note]: 'Nikos Mavrogiannopoulos (nmav@gnutls.org) is the document shepherd.  Please note the person submitting this draft is *NOT* one of the authors; however we felt it extremely important to retain their names and affiliations on this draft. ' added
2011-02-25
01 (System) New version available: draft-mavrogiannopoulos-ssl-version3-01.txt
2011-02-11
00 (System) New version available: draft-mavrogiannopoulos-ssl-version3-00.txt