On 11/19/18 8:26 AM, Michael Richardson wrote:
Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx> wrote:
> Would it be appropriate for IETF to issue an RFC that states that
> despite the similarity in names, use of such variants of TLS MUST NOT
> be used to claim compliance with IETF specifications requiring TLS,
> and generally warning the IETF community of deliberate efforts to
> weaken application security?
Can you give me an example of what you mean?
(i.e. "Use "TLS MUST NOT in a sentence" :-)
One example I was thinking of was RFC 8314, which states (again, for
example) that an MUA "SHOULD require negotiation of TLS version 1.1 or
greater" to establish a minimum confidentiality level that's suitable
for interaction with a mail server. It needs to be clear that some TLS
variant that's designed to compromise the user's privacy isn't ever
suitable to establish a minimum confidentiality level, no matter what
version number it claims to use.
More generally, while we try to make TLS version y more secure than TLS
version x, for y > x, you can't really compare versions of real TLS with
versions of compromised TLS and expect that comparison to be meaningful
in terms of the level of confidentiality provided.
Keith
