IETF Logo Mail Archive

Re: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv

Andrei Popov <Andrei.Popov@microsoft.com> Tue, 28 January 2014 01:46 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 023BF1A0345 for <tls@ietfa.amsl.com>; Mon, 27 Jan 2014 17:46:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id It95nKq7HDNu for <tls@ietfa.amsl.com>; Mon, 27 Jan 2014 17:46:41 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0211.outbound.protection.outlook.com [207.46.163.211]) by ietfa.amsl.com (Postfix) with ESMTP id 15A491A016C for <tls@ietf.org>; Mon, 27 Jan 2014 17:46:40 -0800 (PST)
Received: from BL2PR03MB419.namprd03.prod.outlook.com (10.141.92.18) by BL2PR03MB420.namprd03.prod.outlook.com (10.141.92.25) with Microsoft SMTP Server (TLS) id 15.0.859.15; Tue, 28 Jan 2014 01:46:36 +0000
Received: from BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) by BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) with mapi id 15.00.0859.020; Tue, 28 Jan 2014 01:46:36 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Adam Langley <agl@google.com>, "mrex@sap.com" <mrex@sap.com>
Thread-Topic: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv
Thread-Index: AQHPGCLYtuT5cbQOIEmjzG1QZtPhb5qY2GuAgAAk7YCAAE8UgIAABMsAgAAQaqA=
Date: Tue, 28 Jan 2014 01:46:36 +0000
Message-ID: <4e68bd097d9a455482671ae14fd26552@BL2PR03MB419.namprd03.prod.outlook.com>
References: <CADMpkcJ4viFwzU9u0uP41Niaopja8PZFowjOALVr3VA1vJ7Uow@mail.gmail.com> <20140128001737.D9D581ABC9@ld9781.wdf.sap.corp> <CAL9PXLw3-WGZHnLJ3YgZKqd9uKJjS5xoqdJQuhGf7mQH66rvqQ@mail.gmail.com>
In-Reply-To: <CAL9PXLw3-WGZHnLJ3YgZKqd9uKJjS5xoqdJQuhGf7mQH66rvqQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:ed31::3]
x-forefront-prvs: 0105DAA385
x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(6009001)(13464003)(199002)(24454002)(189002)(377454003)(81816001)(51856001)(53806001)(46102001)(76786001)(76576001)(76796001)(85306002)(87936001)(85852003)(83072002)(2656002)(87266001)(93136001)(81686001)(56816005)(90146001)(76482001)(54356001)(92566001)(86362001)(56776001)(74366001)(74502001)(80976001)(74876001)(83322001)(19580405001)(19580395003)(74706001)(77982001)(59766001)(74662001)(47446002)(31966008)(80022001)(65816001)(33646001)(63696002)(69226001)(79102001)(81542001)(54316002)(4396001)(15975445006)(49866001)(93516002)(47736001)(47976001)(94316002)(74316001)(50986001)(81342001)(3826001)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BL2PR03MB420; H:BL2PR03MB419.namprd03.prod.outlook.com; CLIP:2001:4898:80e8:ed31::3; FPR:; InfoNoRecordsA:1; MX:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jan 2014 01:46:43 -0000

Just to clarify: schannel does generate alerts as specified for SSL/TLS, and these alerts are exposed via SSPI. For a variety of reasons, SSPI callers may choose to not send alerts when a handshake is aborted, but technically they could.

Cheers,

Andrei

-----Original Message-----
From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Adam Langley
Sent: Monday, January 27, 2014 4:35 PM
To: mrex@sap.com
Cc: tls@ietf.org
Subject: Re: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv

On Mon, Jan 27, 2014 at 7:17 PM, Martin Rex <mrex@sap.com> wrote:
> It would not be possible to hide such a change in behaviour (writing a 
> fatal alert to the network before closing the connection) within 
> SChannel.

I don't believe that sending an alert is beyond the ken of Andrei and Microsoft free to speak up if they have a problem with it.


Cheers

AGL
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email