Re: [TLS] interop for TLS clients proposing TLSv1.1

Nikos Mavrogiannopoulos <nmav@gnutls.org> Tue, 27 September 2011 06:58 UTC

Return-Path: <n.mavrogiannopoulos@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D58E21F8E0F for <tls@ietfa.amsl.com>; Mon, 26 Sep 2011 23:58:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.572
X-Spam-Level:
X-Spam-Status: No, score=-3.572 tagged_above=-999 required=5 tests=[AWL=0.027, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4TTbW1VrOeVW for <tls@ietfa.amsl.com>; Mon, 26 Sep 2011 23:58:18 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by ietfa.amsl.com (Postfix) with ESMTP id 842C521F8E0D for <tls@ietf.org>; Mon, 26 Sep 2011 23:58:18 -0700 (PDT)
Received: by wyh21 with SMTP id 21so5216005wyh.31 for <tls@ietf.org>; Tue, 27 Sep 2011 00:01:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=YFK9xlGLV6S2cE1yIGCNrCZk0IGbFvTCZCwmZthWalg=; b=A45KqBAnnfQIfxeEU6l33slkCuFszX0ny91i3frsZrt2jFK4nd79+pV3uZgD71uLVg qyl2JFh6egR3zjNox5oonMojXiG4l8W4iO5h2ZwECqW36TRHLQVK/b+c6WQpkQkuwaZo 2URJTYK12RXCt3JrNgLTwNs8LKe0trbyHUzK8=
Received: by 10.227.175.77 with SMTP id w13mr8151127wbz.53.1317106862507; Tue, 27 Sep 2011 00:01:02 -0700 (PDT)
Received: from [10.100.2.14] (94-225-167-75.access.telenet.be. [94.225.167.75]) by mx.google.com with ESMTPS id p2sm34572629wbo.17.2011.09.27.00.01.00 (version=SSLv3 cipher=OTHER); Tue, 27 Sep 2011 00:01:01 -0700 (PDT)
Sender: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Message-ID: <4E8174BA.8060203@gnutls.org>
Date: Tue, 27 Sep 2011 09:01:14 +0200
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.21) Gecko/20110831 Icedove/3.1.13
MIME-Version: 1.0
To: tls@ietf.org
References: <r422Ps-1068i-BDA7EE4404A24A818F407021587398EE@Bill-Frantzs-MacBook-Pro.local>
In-Reply-To: <r422Ps-1068i-BDA7EE4404A24A818F407021587398EE@Bill-Frantzs-MacBook-Pro.local>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] interop for TLS clients proposing TLSv1.1
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2011 06:58:19 -0000

On 09/27/2011 01:32 AM, Bill Frantz wrote:

> I would add on this topic:
> Browsers should refuse to display their highest security UI indicators
> if they negotiate a version of TLS with known flaws.

This seems like the best strategy to force servers to upgrade.

regards,
Nikos