Re: [TLS] SCSV vs RI when both specified. Was: Updated draft

<Pasi.Eronen@nokia.com> Mon, 21 December 2009 08:58 UTC

Return-Path: <Pasi.Eronen@nokia.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B472C3A687E for <tls@core3.amsl.com>; Mon, 21 Dec 2009 00:58:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.553
X-Spam-Level:
X-Spam-Status: No, score=-6.553 tagged_above=-999 required=5 tests=[AWL=0.046, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e8VrTU33pbx6 for <tls@core3.amsl.com>; Mon, 21 Dec 2009 00:58:20 -0800 (PST)
Received: from mgw-mx06.nokia.com (smtp.nokia.com [192.100.122.233]) by core3.amsl.com (Postfix) with ESMTP id CD4D33A67C1 for <tls@ietf.org>; Mon, 21 Dec 2009 00:58:19 -0800 (PST)
Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com [172.21.138.213]) by mgw-mx06.nokia.com (Switch-3.3.3/Switch-3.3.3) with ESMTP id nBL8vlr8019198; Mon, 21 Dec 2009 10:57:52 +0200
Received: from vaebh104.NOE.Nokia.com ([10.160.244.30]) by esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 21 Dec 2009 10:57:25 +0200
Received: from smtp.mgd.nokia.com ([65.54.30.7]) by vaebh104.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Mon, 21 Dec 2009 10:57:21 +0200
Received: from NOK-EUMSG-01.mgdnok.nokia.com ([65.54.30.86]) by nok-am1mhub-03.mgdnok.nokia.com ([65.54.30.7]) with mapi; Mon, 21 Dec 2009 09:57:20 +0100
From: <Pasi.Eronen@nokia.com>
To: <uri@ll.mit.edu>, <tls@ietf.org>
Date: Mon, 21 Dec 2009 09:57:19 +0100
Thread-Topic: [TLS] SCSV vs RI when both specified. Was: Updated draft
Thread-Index: AcqBxVzyjJ1EhMYoQwKb4uPMSg4flAAErZfdABDNn8A=
Message-ID: <808FD6E27AD4884E94820BC333B2DB7758409B30F1@NOK-EUMSG-01.mgdnok.nokia.com>
References: <90E934FC4BBC1946B3C27E673B4DB0E4A7EE854018@LLE2K7-BE01.mitll.ad.local>
In-Reply-To: <90E934FC4BBC1946B3C27E673B4DB0E4A7EE854018@LLE2K7-BE01.mitll.ad.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 21 Dec 2009 08:57:21.0072 (UTC) FILETIME=[9B0FEB00:01CA821B]
X-Nokia-AV: Clean
Subject: Re: [TLS] SCSV vs RI when both specified. Was: Updated draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Dec 2009 08:58:21 -0000

Uri Blumenthal wrote:

> OK. Karlsruhe server time-outs on me, so no chance to get enlightened
> by checking that thread. Please indulge me: the one short compelling
> reason why we don't want to say "when two signals are present use this
> one and ignore the other" instead of "when two signals are present -
> abort connection" - is...?

Well, if the spec says "the client MUST not send two signals", then if
two signals are present, it's probably safer to abort (since the
client is not following the spec anyway, it's hard to guess
what its intent was...)

Best regards,
Pasi
(not wearing any hats)