Re: [TLS] Additional TLS 1.3 results from Chrome

Tim Hollebeek <tim.hollebeek@digicert.com> Tue, 19 December 2017 15:08 UTC

From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "Salz, Rich" <rsalz@akamai.com>, Eric Rescorla <ekr@rtfm.com>, David Benjamin <davidben@chromium.org>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Additional TLS 1.3 results from Chrome
Thread-Index: AQHTeDdnoK0wVwYZnkmqGWUHphtSUKNJlvsAgABSngCAALp9AIAAIE+Q
Date: Tue, 19 Dec 2017 15:08:30 +0000
Message-ID: <DM5PR14MB12890EA07E2BE7A61AE94729830F0@DM5PR14MB1289.namprd14.prod.outlook.com>
References: <CAF8qwaA4su2j-Lh9XRcLbT_Tysg9H24ys=TCC=Rd1bvrFNds7A@mail.gmail.com> <CABcZeBN9ABRSY76NWfqy5QouVE9BJR78nwExNGe-bXsnn1GkmA@mail.gmail.com> <68370EF8-8F21-435C-98F0-D621D142C629@akamai.com> <2da50a0b-4b28-35fc-fe32-44a4afff9f4f@cs.tcd.ie>
In-Reply-To: <2da50a0b-4b28-35fc-fe32-44a4afff9f4f@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_05E1_01D378A0.8A598760"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 2d7e231f-bc19-497f-c53e-08d546f25d7c
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Dec 2017 15:08:30.6187 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR14MB1291
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/3TwVWkUZRwUL8BxD0K-XinT8aFw>
Subject: Re: [TLS] Additional TLS 1.3 results from Chrome
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Dec 2017 15:08:36 -0000

> I'm not sure I agree renumbering is the right reaction, though I don't 
> object to
> that. This could be a case where it's overall better that those specific 
> devices
> suffer breakage, and hopefully then do get firmware updated to support
> TLS1.3 or TLS-without-extended-random-or-dual-ec
> at some point.

It's never better to break large numbers of things, if it can be avoided at 
low
cost.  The reaction isn't going to be "TLS 1.3 broke my printer, it's time to
upgrade my firmware.", it's going to be "TLS 1.3 broke my printer, which was
working perfectly fine.  TLS 1.3 is bad.  I wonder what else they got wrong.
People shouldn't use TLS 1.3."

-Tim

Attachment: smime.p7s

[TLS] Additional TLS 1.3 results from Chrome David Benjamin
Re: [TLS] Additional TLS 1.3 results from Chrome Eric Rescorla
Re: [TLS] Additional TLS 1.3 results from Chrome Tanja Lange
Re: [TLS] Additional TLS 1.3 results from Chrome Salz, Rich
Re: [TLS] Additional TLS 1.3 results from Chrome Stephen Farrell
Re: [TLS] Additional TLS 1.3 results from Chrome Salz, Rich
Re: [TLS] Additional TLS 1.3 results from Chrome Stephen Farrell
Re: [TLS] Additional TLS 1.3 results from Chrome Tim Hollebeek
Re: [TLS] Additional TLS 1.3 results from Chrome Adam Langley
Re: [TLS] Additional TLS 1.3 results from Chrome Eric Rescorla
Re: [TLS] Additional TLS 1.3 results from Chrome Ilari Liusvaara
Re: [TLS] Additional TLS 1.3 results from Chrome Eric Rescorla
Re: [TLS] Additional TLS 1.3 results from Chrome David Wong

Re: [TLS] Additional TLS 1.3 results from Chrome

Attachment: smime.p7s