Re: [TLS] TLS 1.3 and vendor strings?
Yuhong Bao <firstname.lastname@example.org> Fri, 22 May 2015 03:39 UTC
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 594EE1A90BC for <email@example.com>; Thu, 21 May 2015 20:39:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Status: No, score=-0.66 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([184.108.40.206]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GO-1UuWnfgxW for <firstname.lastname@example.org>; Thu, 21 May 2015 20:39:06 -0700 (PDT)
Received: from BLU004-OMC1S38.hotmail.com (blu004-omc1s38.hotmail.com [220.127.116.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E4F51A90B7 for <email@example.com>; Thu, 21 May 2015 20:39:06 -0700 (PDT)
Received: from BLU177-W31 ([18.104.22.168]) by BLU004-OMC1S38.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751); Thu, 21 May 2015 20:39:06 -0700
From: Yuhong Bao <firstname.lastname@example.org>
To: "email@example.com" <firstname.lastname@example.org>
Date: Thu, 21 May 2015 20:39:05 -0700
References: <CAH8yC8ma-+3XjG9w2Q6Dz41-T_w8L_gpzAybRH5h=H5YVHJudA@mail.gmail.com>, <BLU177-W502DADC2C15027558AEDB2C3C00@phx.gbl>, <CAH8yC8nd36cPcVqVKq-udNFZdv4i0+0_gj_K7_FJJyiJUpzYhA@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
X-OriginalArrivalTime: 22 May 2015 03:39:06.0032 (UTC) FILETIME=[DA9D8B00:01D09440]
Cc: "email@example.com" <firstname.lastname@example.org>
Subject: Re: [TLS] TLS 1.3 and vendor strings?
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:email@example.com?subject=unsubscribe>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:firstname.lastname@example.org?subject=subscribe>
X-List-Received-Date: Fri, 22 May 2015 03:39:08 -0000
I know, but they released an update to the 10.8 series to fix the problem and most users has installed it by now. ---------------------------------------- > Date: Thu, 21 May 2015 23:30:30 -0400 > Subject: Re: [TLS] TLS 1.3 and vendor strings? > From: email@example.com > To: firstname.lastname@example.org > CC: email@example.com > > On Thu, May 21, 2015 at 11:17 PM, Yuhong Bao <firstname.lastname@example.org> wrote: >> In this case, the pre-10.8.4 versions of OS X lost marketshare pretty quickly, I think by now it is less than 0.1% now. >> > Unfortunately, I have two OS X machines that are still in the 10.8 > series. That's because of Xcode/iOS support. I still need to support > older version of iOS; and for that, I need an older version of Xcode; > and for that, I need an older version of OS X. > > ... and the worst part is, its for dumb reasons, like Apple changed UI > scheme to light blue text on white background. I literally cannot read > the text, and had to hold back on upgrades so I could see it. > > Jeff > >>> Date: Thu, 21 May 2015 22:46:33 -0400 >>> From: email@example.com >>> To: firstname.lastname@example.org >>> Subject: [TLS] TLS 1.3 and vendor strings? >>> >>> Are there any plans to support free form vendor strings? >>> >>> The use case is similar to Apple's buggy ECDHE-ECDSA SecureTransport >>> for OS X 10.8 and iOS 7. >>> >>> In this case, OpenSSL had to jump through a number of hoops to >>> identify the potentially affected clients via fingerprinting. >>> Fingerprinting was not precise, and it potentially captured unaffected >>> clients when Apple patched at OS X 10.8.4 and iOS 7.0.3. That is, an >>> OS X 10.8.5 or iOS 7.0.4 client would potentially be identified as >>> buggy even though it was patched. >>> >>> Or is there another way to handle the occasional implementation bug like this? >>> >>> (And to be clear: patching is not always an option. Apple is not like >>> Microsoft or Linux. Rather, they left a number of hosts unpatched for >>> the ECDHE-ECDSA bug; and did the same with CVE-2015-1130 (Goto Fail); >>> and did the same with CVE-2015-1130 (Hidden Backdoor)). >>>