IETF Logo Mail Archive

Re: [TLS] Accept draft-turner-ssl-must-not-02 as WG item

Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 15 September 2010 03:54 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 307503A6835 for <tls@core3.amsl.com>; Tue, 14 Sep 2010 20:54:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.415
X-Spam-Level:
X-Spam-Status: No, score=-3.415 tagged_above=-999 required=5 tests=[AWL=0.184, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wg3Enustsb9C for <tls@core3.amsl.com>; Tue, 14 Sep 2010 20:53:58 -0700 (PDT)
Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) by core3.amsl.com (Postfix) with ESMTP id 04B543A67E6 for <tls@ietf.org>; Tue, 14 Sep 2010 20:53:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1284522864; x=1316058864; h=from:to:subject:cc:in-reply-to:message-id:date; z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz> |To:=20mrex@sap.com|Subject:=20Re:=20[TLS]=20Accept=20dra ft-turner-ssl-must-not-02=20as=20WG=20item|Cc:=20tls@ietf .org|In-Reply-To:=20<201009150155.o8F1tSU8009742@fs4113.w df.sap.corp>|Message-Id:=20<E1Ovj4f-0007mZ-4a@wintermute0 2.cs.auckland.ac.nz>|Date:=20Wed,=2015=20Sep=202010=2015: 54:21=20+1200; bh=tpeFm70vRRothNmsyiJvDfJjUf17JVTMPq29o7A2qPc=; b=cqGfmefSV73/HwTSnFYPmPMask0uLjjV9PEkZX+wgsAcLVtchyB1cBgD /Ka2rOHIYfPeMW/y0JyqkTyW9Pk32BjfAb/Fapd6WeDwI59kuN38nHnX6 2qU9hTKwpfhYtn4b8Tg3CuQVVs9WKAwOvuNoaR93osKtC5suK5sgGer3H g=;
X-IronPort-AV: E=Sophos;i="4.56,369,1280664000"; d="scan'208";a="26634560"
X-Ironport-HAT: UNIVERSITY - $RELAY-THROTTLE
X-Ironport-Source: 130.216.207.92 - Outgoing - Outgoing
Received: from wintermute02.cs.auckland.ac.nz ([130.216.207.92]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 15 Sep 2010 15:54:21 +1200
Received: from pgut001 by wintermute02.cs.auckland.ac.nz with local (Exim 4.69) (envelope-from <pgut001@cs.auckland.ac.nz>) id 1Ovj4f-0007mZ-4a; Wed, 15 Sep 2010 15:54:21 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: mrex@sap.com
In-Reply-To: <201009150155.o8F1tSU8009742@fs4113.wdf.sap.corp>
Message-Id: <E1Ovj4f-0007mZ-4a@wintermute02.cs.auckland.ac.nz>
Date: Wed, 15 Sep 2010 15:54:21 +1200
Cc: tls@ietf.org
Subject: Re: [TLS] Accept draft-turner-ssl-must-not-02 as WG item
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Sep 2010 03:54:00 -0000

Martin Rex <mrex@sap.com> writes:

>Personally I can not think of a reason to move away from what rfc-5246
>appendix E.2 says.

I can.  That language has been in there more or less forever, and it's had
pretty much zero effect in encouraging implementations to drop the SSLv2
handshake (some implementations gradually have over time, but probably not
because of text that says "well, you know, it would be really uncool if you
kept sending SSLv2 hello's for the next twenty years").  Without a clear MUST
NOT for the server to finally get clients to switch off SSLv2 hellos, we're
never going to get rid of these things.

Peter.

v2.23.0 | Report a Bug | By Email