IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00

Martin Thomson <martin.thomson@gmail.com> Sat, 25 October 2014 08:02 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D0B91A86F4 for <tls@ietfa.amsl.com>; Sat, 25 Oct 2014 01:02:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YE7r5FrxubkM for <tls@ietfa.amsl.com>; Sat, 25 Oct 2014 01:02:43 -0700 (PDT)
Received: from mail-la0-x230.google.com (mail-la0-x230.google.com [IPv6:2a00:1450:4010:c03::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F27591A86E1 for <tls@ietf.org>; Sat, 25 Oct 2014 01:02:41 -0700 (PDT)
Received: by mail-la0-f48.google.com with SMTP id gi9so3658900lab.21 for <tls@ietf.org>; Sat, 25 Oct 2014 01:02:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=tgTWJMUru0iKH5Lm3lB3k1BO7cACb5doH7GLimdfd1s=; b=Ue8yXN/76IqbIZzK6g9mVpcTK4qyqMv3n/sfEFXhvn7lq3aQtI0zWIM2GBvjAKWVAK OYPL15YQi4RT3wT7M6lULNToF+ajuybv8cSJuke7U48fQPZyBJC7M9uIe3nOP5UkVOMn UTp/loi2+zvc/Ocq6y+qZ9skYubjCCRyqfUJfcJN3t9r3Lp4wrYaWDXB2VGwSiJ11rlP cnEPcCT6+oHlOCzx7C3MDinceO4fUBJ/tsNhHv824yIRRRnj6YLKxv6PyAi11MualHwQ l4U43Qd9L+LK3zPFMkrSZ6c/SIXom3D6oD8Ga4GqFBGbFGA8ftu2ixk3RQgcE8WzsyRv VrEg==
MIME-Version: 1.0
X-Received: by 10.112.210.102 with SMTP id mt6mr9417805lbc.73.1414224160013; Sat, 25 Oct 2014 01:02:40 -0700 (PDT)
Received: by 10.25.215.217 with HTTP; Sat, 25 Oct 2014 01:02:39 -0700 (PDT)
In-Reply-To: <544B5764.9020006@brainhub.org>
References: <2112FCAD-4820-49D9-9871-6501C83A554D@cisco.com> <5449E969.9000800@brainhub.org> <CADMpkc+cLJNMYZb4OqukM7qT1aPsqEmCF0JxOyuLYe=78BEcgQ@mail.gmail.com> <544AB4B4.2010305@brainhub.org> <CADMpkc+cku0G6SKs7ZX6oHidiP2X8x8KfB9+E7mjYcNDXrPw9w@mail.gmail.com> <544B5764.9020006@brainhub.org>
Date: Sat, 25 Oct 2014 01:02:39 -0700
Message-ID: <CABkgnnVcNgC0SXFkfLYJHyxWe0uxDDShfgPgH=JmmTv0KVQhpg@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Andrey Jivsov <crypto@brainhub.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/-2oFsbRngVP2dYSFVS1RWCwZ1bk
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Oct 2014 08:02:44 -0000

On 25 October 2014 00:55, Andrey Jivsov <crypto@brainhub.org> wrote:
> Repeating my point earlier, it looks kind of harsh to fail TLS 1.1 on the
> server when it can only negotiate SSL3.0 with that client.

Why, if the client is willing to do TLS 1.1, there's an unnecessary fallback.

Note that the maximum version in play is always the maximum version
that the server (or client) is willing to negotiate.  If a server is
capable of 1.2, but configured with 1.1, only downgraded handshakes to
1.0 or SSL will cause the alert to be generated.

v2.23.0 | Report a Bug | By Email