Last Call Review of draft-mavrogiannopoulos-ssl-version3-
review-mavrogiannopoulos-ssl-version3-secdir-lc-harkins-2011-05-19-00
| Request | Review of | draft-mavrogiannopoulos-ssl-version3 |
|---|---|---|
| Requested revision | No specific revision (document currently at 06) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2011-05-03 | |
| Requested | 2011-04-06 | |
| Authors | Alan O. Freier , Philip Karlton , Paul C. Kocher | |
| I-D last updated | 2011-05-19 | |
| Completed reviews |
Secdir Last Call review of -??
by Dan Harkins
|
|
| Assignment | Reviewer | Dan Harkins |
| State | Completed | |
| Request | Last Call review on draft-mavrogiannopoulos-ssl-version3 by Security Area Directorate Assigned | |
| Completed | 2011-05-19 |
review-mavrogiannopoulos-ssl-version3-secdir-lc-harkins-2011-05-19-00
Hello,
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
This draft is a formal description of SSL 3.0 which was never formally
published by the IETF. TLS has made it obsolete but having a stable
reference would be valuable, so it's being published as historical.
This is a very well-written draft (I wish more I-Ds were written this
clearly, my own included). It notes, in the Foreward, that no changes
from the original SSL 3.0 document were made except to remove portions
that no longer apply and a few trivial editorial changes. I would like to
suggest some changes that I believe would fall into those buckets as well.
Trivial editorial changes to give normative behavior normative wording:
- section 5.6.1.1 Hello request, "After sending a hello request,
servers SHOULD NOT repeat the request...."
- section 5.6.1.2 Client hello after description of the contents
of the SessionID, "Warning: Servers MUST NOT place confidential
information in session identifiers, and MUST NOT let the contents
of fake session identifiers cause any breach of security."
- section 5.6.4, Certificate request, "Note: An anonymous server
requesting client information MUST result in a fatal
handshake_failure alert."
- section 5.6.9, Finished, "It SHALL be a fatal error if a finished
message is not preceded [spelling?] by by a change cipher spec
message at the appropriate point in the handshake."
Removal of wording that no longer applies in the current environment
(and was not really unique to the US anyway):
- section 5.6.3, remove note about US export law restricting RSA
moduli to 512 bits or less.
- Appendix D.1, remove mention of US export restrictions limiting
RSA keys used for encryption to 512 bits.
Trivial editorial change to conform to RFC structure
- make section 7 into section 8 and move Appendix F into a new
section 7 entitled "Security Considerations".
regards,
Dan.