RFC 7457: Attacks on SSL/TLS


I'm in the midst of a big push to finish off the ~15 Internet-Drafts I have underway at the IETF, on topics such as security, internationalization, SIP-XMPP interworking, and even Uniform Resource Names (the lesser-known cousin of URLs). The first of these to be published as an RFC is a document entitled "Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)", a.k.a. RFC 7457. Here I'll freely admit that Yaron Scheffer and Ralph Holz did most of the hard work, but they were gracious enough to include me as a co-author. The three of us are also close to finishing a companion document that describes how to address some of these attacks, so look for that soon!

Peter Saint-Andre > Journal