----- Original Message -----
The IESG has received a request from the Transport Layer Security WG
(tls) to consider the following document:
- 'TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing
Protocol Downgrade Attacks'
<draft-ietf-tls-downgrade-scsv-03.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2015-01-23. Exceptionally, comments
may be
sent to iesg(_at_)ietf(_dot_)org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.
This document defines a Signaling Cipher Suite Value (SCSV) that
prevents protocol downgrade attacks on the Transport Layer Security
(TLS) protocol. It updates RFC 2246, RFC 4346, and RFC 5246.
The "TLS Fallback Signaling Cipher Suite" fix cannot be a proposed standard.
The mechanism it fixes (the browser's special downgrade of TLS) is not an IETF
protocol, nor related to the TLS WG. Making this a proposed standard, would
imply that the flawed technique is into standards track. I believe that this
text should be informational.
regards,
Nikos