The IESG has received a request from the Transport Layer Security WG (tls) to consider the following document: - 'Encrypt-then-MAC for TLS and DTLS' <draft-ietf-tls-encrypt-then-mac-02.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2014-06-20. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document describes a means of negotiating the use of the encrypt-then-MAC security mechanism in place of TLS'/DTLS' existing MAC-then-encrypt one, which has been the subject of a number of security vulnerabilities over a period of many years. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-tls-encrypt-then-mac/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-tls-encrypt-then-mac/ballot/ No IPR declarations have been submitted directly on this I-D. ID nits found an Obsolete normative reference: "RFC 4366 (ref. '3') (Obsoleted by RFC 5246, RFC 6066)" which will be replaced.
