IETF Logo Mail Archive

Re: [TLS] Deprecating SSLv3

Nikos Mavrogiannopoulos <nmav@redhat.com> Sun, 16 November 2014 18:21 UTC

Return-Path: <nmavrogi@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41EA41A19F9 for <tls@ietfa.amsl.com>; Sun, 16 Nov 2014 10:21:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.796
X-Spam-Level:
X-Spam-Status: No, score=-4.796 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.594, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xqyHL-f7KsGC for <tls@ietfa.amsl.com>; Sun, 16 Nov 2014 10:21:49 -0800 (PST)
Received: from mx3-phx2.redhat.com (mx3-phx2.redhat.com [209.132.183.24]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED9791A19E7 for <tls@ietf.org>; Sun, 16 Nov 2014 10:21:48 -0800 (PST)
Received: from zmail22.collab.prod.int.phx2.redhat.com (zmail22.collab.prod.int.phx2.redhat.com [10.5.83.26]) by mx3-phx2.redhat.com (8.13.8/8.13.8) with ESMTP id sAGILkXZ002863; Sun, 16 Nov 2014 13:21:46 -0500
Date: Sun, 16 Nov 2014 13:21:46 -0500
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Martin Thomson <martin.thomson@gmail.com>
Message-ID: <1193984696.9333579.1416162106243.JavaMail.zimbra@redhat.com>
In-Reply-To: <CABkgnnUm=6TriH9UU-Uv8_rWt_CEvW1Xy8P_955ryFCvn3mWOA@mail.gmail.com>
References: <CABkgnnWw9zsrqQzHVU0vXLJM+HBK3QYxJAZE+0kgGkEQEzwS=w@mail.gmail.com> <5462714E.5020201@polarssl.org> <CABkgnnUm=6TriH9UU-Uv8_rWt_CEvW1Xy8P_955ryFCvn3mWOA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.5.82.12]
X-Mailer: Zimbra 8.0.6_GA_5922 (ZimbraWebClient - FF31 (Linux)/8.0.6_GA_5922)
Thread-Topic: Deprecating SSLv3
Thread-Index: Brh+Y2gQtGDTYT8c6Ie1CnzKC8QCQQ==
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/2u8lsHozPf3H0WBHEXLyoT7CR4Y
Cc: tls@ietf.org
Subject: Re: [TLS] Deprecating SSLv3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Nov 2014 18:21:51 -0000

----- Original Message -----
> That's a fair point.  We probably shouldn't do that, yes.  Maybe a
> removal of the first sentence would suffice for that.
> 
> TLS basically disavows all claims regarding what goes in the
> ClientHello.  We do know slightly more today such that we might be
> able to fix it, but I don't think we need to open that can of worms
> here.  That certainly wasn't the intent.

Will that be included in the draft? There is no point to have:
"Clients MUST NOT set a record layer version number (TLSPlaintext.version) of {03,00}."
as it will make perfectly valid TLS 1.2 client non compliant with the
draft for no apparent reason (if there is a reason for that please elaborate
in the draft).

Other than that, if that is fixed, no objections.

regards,
Nikos

v2.14.0 | Report a Bug | By Email