The IESG has received a request from the Using TLS in Applications WG (uta) to consider the following document: - 'Recommendations for Secure Use of TLS and DTLS' <draft-ietf-uta-tls-bcp-08.txt> as Best Current Practice The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2015-02-10. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) are widely used to protect data exchanged over application protocols such as HTTP, SMTP, IMAP, POP, SIP, and XMPP. Over the last few years, several serious attacks on TLS have emerged, including attacks on its most commonly used cipher suites and modes of operation. This document provides recommendations for improving the security of deployed services that use TLS and DTLS. The recommendations are applicable to the majority of use cases. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-uta-tls-bcp/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-uta-tls-bcp/ballot/ No IPR declarations have been submitted directly on this I-D.
