Re: [TLS] Accept draft-turner-ssl-must-not-02 as WG item
Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 15 September 2010 03:54 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 307503A6835 for <tls@core3.amsl.com>; Tue, 14 Sep 2010 20:54:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.415
X-Spam-Level:
X-Spam-Status: No, score=-3.415 tagged_above=-999 required=5 tests=[AWL=0.184, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wg3Enustsb9C for <tls@core3.amsl.com>; Tue, 14 Sep 2010 20:53:58 -0700 (PDT)
Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) by core3.amsl.com (Postfix) with ESMTP id 04B543A67E6 for <tls@ietf.org>; Tue, 14 Sep 2010 20:53:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1284522864; x=1316058864; h=from:to:subject:cc:in-reply-to:message-id:date; z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz> |To:=20mrex@sap.com|Subject:=20Re:=20[TLS]=20Accept=20dra ft-turner-ssl-must-not-02=20as=20WG=20item|Cc:=20tls@ietf .org|In-Reply-To:=20<201009150155.o8F1tSU8009742@fs4113.w df.sap.corp>|Message-Id:=20<E1Ovj4f-0007mZ-4a@wintermute0 2.cs.auckland.ac.nz>|Date:=20Wed,=2015=20Sep=202010=2015: 54:21=20+1200; bh=tpeFm70vRRothNmsyiJvDfJjUf17JVTMPq29o7A2qPc=; b=cqGfmefSV73/HwTSnFYPmPMask0uLjjV9PEkZX+wgsAcLVtchyB1cBgD /Ka2rOHIYfPeMW/y0JyqkTyW9Pk32BjfAb/Fapd6WeDwI59kuN38nHnX6 2qU9hTKwpfhYtn4b8Tg3CuQVVs9WKAwOvuNoaR93osKtC5suK5sgGer3H g=;
X-IronPort-AV: E=Sophos;i="4.56,369,1280664000"; d="scan'208";a="26634560"
X-Ironport-HAT: UNIVERSITY - $RELAY-THROTTLE
X-Ironport-Source: 130.216.207.92 - Outgoing - Outgoing
Received: from wintermute02.cs.auckland.ac.nz ([130.216.207.92]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 15 Sep 2010 15:54:21 +1200
Received: from pgut001 by wintermute02.cs.auckland.ac.nz with local (Exim 4.69) (envelope-from <pgut001@cs.auckland.ac.nz>) id 1Ovj4f-0007mZ-4a; Wed, 15 Sep 2010 15:54:21 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: mrex@sap.com
In-Reply-To: <201009150155.o8F1tSU8009742@fs4113.wdf.sap.corp>
Message-Id: <E1Ovj4f-0007mZ-4a@wintermute02.cs.auckland.ac.nz>
Date: Wed, 15 Sep 2010 15:54:21 +1200
Cc: tls@ietf.org
Subject: Re: [TLS] Accept draft-turner-ssl-must-not-02 as WG item
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Sep 2010 03:54:00 -0000
Martin Rex <mrex@sap.com> writes: >Personally I can not think of a reason to move away from what rfc-5246 >appendix E.2 says. I can. That language has been in there more or less forever, and it's had pretty much zero effect in encouraging implementations to drop the SSLv2 handshake (some implementations gradually have over time, but probably not because of text that says "well, you know, it would be really uncool if you kept sending SSLv2 hello's for the next twenty years"). Without a clear MUST NOT for the server to finally get clients to switch off SSLv2 hellos, we're never going to get rid of these things. Peter.
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Martin Rex
- [TLS] Accept draft-turner-ssl-must-not-02 as WG i… Eric Rescorla
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Peter Gutmann
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Paul Hoffman
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Michael D'Errico
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Sean Turner
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Marsh Ray
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Yoav Nir
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Peter Saint-Andre
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Martin Rex
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Russ Housley
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Martin Rex
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Geoffrey Keating
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Simon Josefsson
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Sean Turner
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Sean Turner
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Martin Rex