IETF Logo Mail Archive

Re: [TLS] Deprecating SSLv3

Martin Thomson <martin.thomson@gmail.com> Tue, 11 November 2014 21:07 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FD4A1ACD34 for <tls@ietfa.amsl.com>; Tue, 11 Nov 2014 13:07:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.3
X-Spam-Level:
X-Spam-Status: No, score=-0.3 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u-l173_PAzEf for <tls@ietfa.amsl.com>; Tue, 11 Nov 2014 13:07:47 -0800 (PST)
Received: from mail-la0-x231.google.com (mail-la0-x231.google.com [IPv6:2a00:1450:4010:c03::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7303D1ACD44 for <tls@ietf.org>; Tue, 11 Nov 2014 13:07:27 -0800 (PST)
Received: by mail-la0-f49.google.com with SMTP id ge10so10313962lab.36 for <tls@ietf.org>; Tue, 11 Nov 2014 13:07:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=5vGq/EAlIJJGYJMdo1W7E77ifHj+FZps1BKl3DQ2kBA=; b=lWHuAQCoXglK5oxQ04dIZ1vXSoBXkKYAY+KZO0RBfRMcDOcyyxWLNngWE6oTfxKuQV ao4jD0znmvumeMcCZIqKSrwFPjjuxZrMaU8FbxginzY+0XelxQ/lp9ofpoFWVPzbdAXz K3pTchFcB9GK3yLNz1iAs2ZRUa4TnZOUF4mOQAnY98fJzcr4d4xJMB73KzR+cwcNoUqx RrEAIYOMrLcDfytQ3CIGpprtRAlxifyyqq9X9iA539/DT6MkwynPSz8mIf0zmeNi+DEK ooOsDw+qE37vdDKqgOYa0bR3NHuJltvEhtVojlk/gYbK98uXBagSSsrBHyyVdCSVHIBe N9Vg==
MIME-Version: 1.0
X-Received: by 10.152.36.201 with SMTP id s9mr17650180laj.17.1415740045478; Tue, 11 Nov 2014 13:07:25 -0800 (PST)
Received: by 10.25.215.33 with HTTP; Tue, 11 Nov 2014 13:07:25 -0800 (PST)
In-Reply-To: <5462714E.5020201@polarssl.org>
References: <CABkgnnWw9zsrqQzHVU0vXLJM+HBK3QYxJAZE+0kgGkEQEzwS=w@mail.gmail.com> <5462714E.5020201@polarssl.org>
Date: Tue, 11 Nov 2014 13:07:25 -0800
Message-ID: <CABkgnnUm=6TriH9UU-Uv8_rWt_CEvW1Xy8P_955ryFCvn3mWOA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Manuel Pégourié-Gonnard <mpg@polarssl.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/16zNRV132_j0UnK8TgG45tBBUTw
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Deprecating SSLv3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Nov 2014 21:07:48 -0000

On 11 November 2014 12:27, Manuel Pégourié-Gonnard <mpg@polarssl.org> wrote:
> Is there already something in the standard that says that the client offers a
> range of versions by using TLSPlaintext.version for the lower bound in addition
> to ClientHello.client_version? I didn't find it, so I'm worried about
> (implicitly) introducing new semantics about version negotiation in this document.

That's a fair point.  We probably shouldn't do that, yes.  Maybe a
removal of the first sentence would suffice for that.

TLS basically disavows all claims regarding what goes in the
ClientHello.  We do know slightly more today such that we might be
able to fix it, but I don't think we need to open that can of worms
here.  That certainly wasn't the intent.

v2.14.0 | Report a Bug | By Email