Re: [TLS] Comments/Questions on draft-gutmann-tls-encrypt-then-mac-00.txt
Michael D'Errico <mike-list@pobox.com> Wed, 25 September 2013 21:17 UTC
Return-Path: <mike-list@pobox.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id CB09E21F8267 for <tls@ietfa.amsl.com>;
Wed, 25 Sep 2013 14:17:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.57
X-Spam-Level:
X-Spam-Status: No, score=-2.57 tagged_above=-999 required=5 tests=[AWL=0.029,
BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TM-eXMEZ+nUo for
<tls@ietfa.amsl.com>; Wed, 25 Sep 2013 14:17:12 -0700 (PDT)
Received: from sasl.smtp.pobox.com (a-pb-sasl-quonix.pobox.com
[208.72.237.25]) by ietfa.amsl.com (Postfix) with ESMTP id 3DF7211E80ED for
<tls@ietf.org>; Wed, 25 Sep 2013 14:17:09 -0700 (PDT)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by
a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id BC538D70F;
Wed, 25 Sep 2013 17:17:08 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id
:date:from:mime-version:to:cc:subject:references:in-reply-to
:content-type:content-transfer-encoding; s=sasl;
bh=Npdk85IXYQ2u 8BJc2Z614A+CqxY=;
b=Zj4jIw8VTtzq5ePE3QxHF9v5JC83OfhPMyzTQC8igx2O
5A7RKn10qQzRJlL0n5/JLiyYArF3WPgyDKiT6iY8LIjXfso0uTems0ySNGvTucSO
U6aIcuvWWl51mj85VK2bWj2RH4sduj7t4mFm3ioF5tElggPyYxaqCIzYbi44kg8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date
:from:mime-version:to:cc:subject:references:in-reply-to
:content-type:content-transfer-encoding; q=dns; s=sasl;
b=lgCGxl +fYisTCsWroblv7xzvw0iKxgSOzCoT575wAcmLPDC5rOLJNaiF8pU4gptAuThnZZ
6dzmjBVnX+PEJXPrnpI8RsXZYY+7v4+Ho1dgYh6uaO2e3Jb3VDvOf38UWJDSbxDY
PBS21k1JeiWIqsHJuJzyg89upK91C68QWYKbY=
Received: from a-pb-sasl-quonix.pobox.com (unknown [127.0.0.1]) by
a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id B1AA5D70E;
Wed, 25 Sep 2013 17:17:08 -0400 (EDT)
Received: from iMac.local (unknown [24.234.153.62]) (using TLSv1 with cipher
DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by
a-pb-sasl-quonix.pobox.com (Postfix) with ESMTPSA id 0B7C1D70D;
Wed, 25 Sep 2013 17:17:07 -0400 (EDT)
Message-ID: <524352D3.4020601@pobox.com>
Date: Wed, 25 Sep 2013 14:17:07 -0700
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228)
MIME-Version: 1.0
To: Bodo Moeller <bmoeller@acm.org>
References: <9A043F3CF02CD34C8E74AC1594475C735567D321@uxcn10-6.UoA.auckland.ac.nz> <CADMpkcJtp-+P8CFn_K7uptXtorYom0ALdaUn6xB16JFZSHoBtg@mail.gmail.com> <CAMfhd9U2eBdeO4MuDBW9hcuxzu0sttkifySSHJp9=bm5n3NNEg@mail.gmail.com> <5243119D.4070001@pobox.com> <CADMpkcKBOTs06DuJfsqDtZuhAzmxeGghXMhe2PPYBq9Ct_oxiA@mail.gmail.com>
<CADMpkc+3ifDbnSxp9jiiPAKDPxaCWpkKHXTfgygpN3kOXMUFFQ@mail.gmail.com>
In-Reply-To: <CADMpkc+3ifDbnSxp9jiiPAKDPxaCWpkKHXTfgygpN3kOXMUFFQ@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: D5B3DBAE-2627-11E3-913F-CE710E5B5709-38729857!a-pb-sasl-quonix.pobox.com
Cc: TLS Mailing List <tls@ietf.org>
Subject: Re: [TLS] Comments/Questions
on draft-gutmann-tls-encrypt-then-mac-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
<mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
<mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Sep 2013 21:17:17 -0000
> http://www.ietf.org/internet-drafts/draft-bmoeller-tls-downgrade-scsv-00.txt I think that the server MUST send a FATAL alert only if it would not have been willing to negotiate the lower TLS version in the absence of the SCSV. A WARNING alert from the server (or some extension_data with more information) lets the client decide whether to continue. Both sides can keep track of these occurrences for further investigation by interested admins at their leisure (not via calls to the help desk). Also RFC 3546 and 4366 have been obsoleted by RFC 6066. Mike
- [TLS] Comments/Questions on draft-gutmann-tls-enc… Eric Rescorla
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Christian Kahlo
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Dr Stephen Henson
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bill Frantz
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Nikos Mavrogiannopoulos
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Nikos Mavrogiannopoulos
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Christian Kahlo
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Nikos Mavrogiannopoulos
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Christian Kahlo
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Eric Rescorla
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Alfredo Pironti
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Ralph Holz
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Adam Langley
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Michael D'Errico
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Yaron Sheffer
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Michael D'Errico
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Yaron Sheffer
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Martin Rex
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Mohamad Badra
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Martin Rex
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Michael D'Errico
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Martin Rex
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Martin Rex
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Paul Bakker
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Paul Bakker
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Alfredo Pironti
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Paul Bakker
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Yoav Nir