----- Original Message ----- > > The IESG has received a request from the Transport Layer Security WG > (tls) to consider the following document: > - 'TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing > Protocol Downgrade Attacks' > <draft-ietf-tls-downgrade-scsv-03.txt> as Proposed Standard > > The IESG plans to make a decision in the next few weeks, and solicits > final comments on this action. Please send substantive comments to the > ietf@xxxxxxxx mailing lists by 2015-01-23. Exceptionally, comments may be > sent to iesg@xxxxxxxx instead. In either case, please retain the > beginning of the Subject line to allow automated sorting. > This document defines a Signaling Cipher Suite Value (SCSV) that > prevents protocol downgrade attacks on the Transport Layer Security > (TLS) protocol. It updates RFC 2246, RFC 4346, and RFC 5246. The "TLS Fallback Signaling Cipher Suite" fix cannot be a proposed standard. The mechanism it fixes (the browser's special downgrade of TLS) is not an IETF protocol, nor related to the TLS WG. Making this a proposed standard, would imply that the flawed technique is into standards track. I believe that this text should be informational. regards, Nikos