< draft-ietf-tls-downgrade-scsv-02.txt		draft-ietf-tls-downgrade-scsv-03.txt >
	Network Working Group B. Moeller		Network Working Group B. Moeller
	Internet-Draft A. Langley		Internet-Draft A. Langley
	Updates: 2246, 4346, 4347, 5246, 6347 Google		Updates: 2246, 4346, 4347, 5246, 6347 Google
	(if approved) November 12, 2014		(if approved) December 15, 2014
	Intended status: Standards Track		Intended status: Standards Track
	Expires: May 16, 2015		Expires: June 18, 2015
	TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol		TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol
	Downgrade Attacks		Downgrade Attacks
	draft-ietf-tls-downgrade-scsv-02		draft-ietf-tls-downgrade-scsv-03
	Abstract		Abstract
	This document defines a Signaling Cipher Suite Value (SCSV) that		This document defines a Signaling Cipher Suite Value (SCSV) that
	prevents protocol downgrade attacks on the Transport Layer Security		prevents protocol downgrade attacks on the Transport Layer Security
	(TLS) protocol. It updates RFC 2246, RFC 4346, and RFC 5246.		(TLS) protocol. It updates RFC 2246, RFC 4346, and RFC 5246.
	Status of This Memo		Status of This Memo
	This Internet-Draft is submitted in full conformance with the		This Internet-Draft is submitted in full conformance with the
	skipping to change at page 1, line 35 ¶		skipping to change at page 1, line 35 ¶
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute		Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-		working documents as Internet-Drafts. The list of current Internet-
	Drafts is at http://datatracker.ietf.org/drafts/current/.		Drafts is at http://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	This Internet-Draft will expire on May 16, 2015.		This Internet-Draft will expire on June 18, 2015.
	Copyright Notice		Copyright Notice
	Copyright (c) 2014 IETF Trust and the persons identified as the		Copyright (c) 2014 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents		Provisions Relating to IETF Documents
	(http://trustee.ietf.org/license-info) in effect on the date of		(http://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents		publication of this document. Please review these documents
	skipping to change at page 4, line 41 ¶		skipping to change at page 4, line 41 ¶
	The TLS_FALLBACK_SCSV cipher suite value is meant for use by clients		The TLS_FALLBACK_SCSV cipher suite value is meant for use by clients
	that repeat a connection attempt with a downgraded protocol (perform		that repeat a connection attempt with a downgraded protocol (perform
	a "fallback retry") in order to work around interoperability problems		a "fallback retry") in order to work around interoperability problems
	with legacy servers.		with legacy servers.
	o If a client sends a ClientHello.client_version containing a lower		o If a client sends a ClientHello.client_version containing a lower
	value than the latest (highest-valued) version supported by the		value than the latest (highest-valued) version supported by the
	client, it SHOULD include the TLS_FALLBACK_SCSV cipher suite value		client, it SHOULD include the TLS_FALLBACK_SCSV cipher suite value
	in ClientHello.cipher_suites; see Section 6 for security		in ClientHello.cipher_suites; see Section 6 for security
	considerations for this recommendation. (Since the cipher suite		considerations for this recommendation. (The client SHOULD put
	list in the ClientHello is ordered by preference, with the		TLS_FALLBACK_SCSV after all cipher suites that it actually intends
	client's favorite choice first, signaling cipher suite values will		to negotiate.)
	generally appear after all cipher suites that the client actually
	intends to negotiate.)
	o As an exception to the above, when a client intends to resume a		o As an exception to the above, when a client intends to resume a
	session and sets ClientHello.client_version to the protocol		session and sets ClientHello.client_version to the protocol
	version negotiated for that session, it MUST NOT include		version negotiated for that session, it MUST NOT include
	TLS_FALLBACK_SCSV in ClientHello.cipher_suites. (In this case, it		TLS_FALLBACK_SCSV in ClientHello.cipher_suites. (In this case, it
	is assumed that the client already knows the highest protocol		is assumed that the client already knows the highest protocol
	version supported by the server: see [RFC5246], Appendix E.1.)		version supported by the server: see [RFC5246], Appendix E.1.)
	o If a client sets ClientHello.client_version to its highest		o If a client sets ClientHello.client_version to its highest
	supported protocol version, it MUST NOT include TLS_FALLBACK_SCSV		supported protocol version, it MUST NOT include TLS_FALLBACK_SCSV
End of changes. 5 change blocks.
	9 lines changed or deleted		7 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/