Re: [TLS] drop obsolete SSL 2 backwards compatibility from TLS 1.3 draft
Dave Garrett <davemgarrett@gmail.com> Sun, 28 December 2014 19:01 UTC
Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 648F91A89F2 for <tls@ietfa.amsl.com>; Sun, 28 Dec 2014 11:01:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yUxru7oQboBw for <tls@ietfa.amsl.com>; Sun, 28 Dec 2014 11:01:15 -0800 (PST)
Received: from mail-qc0-x22f.google.com (mail-qc0-x22f.google.com [IPv6:2607:f8b0:400d:c01::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD7BC1A8A98 for <tls@ietf.org>; Sun, 28 Dec 2014 11:01:14 -0800 (PST)
Received: by mail-qc0-f175.google.com with SMTP id b13so9866063qcw.34 for <tls@ietf.org>; Sun, 28 Dec 2014 11:01:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=0GJFZgIVkr3Cq8j3RnSYd5aQLSgIOKQYj/EfEl2ow5Q=; b=sb8twTpN0tQ1xJr5pyy0wLGn+yz7KmRLYXOvn88l/dWuy2uMrUXkHIWdR74WwskZqI 6k3Buahm6Hb5t6qRklNpeXJa5JDigaMnsu0o63w2rmDzYX5SbXU8+v9BgAVr3EP0ZKOS sWYGWyQohMiZ6mtDWkDFfDK/MmIM3Q8y+mmcoIuK63Nt2F/aGc71/XgQWLfnGWi+bzdE qAuHq32NGYQ06OXUbQrhRuFd8L7fUWr53OCVSveK9nvWjMB3xj4NLczsLn6vvWBSIi9/ rV666BLqLFnm3/bRqYkrCIVVSxr0PuOdiPO6ceCvxioVSfA7eC8exrSxXHXkYe6kgBzd ES4A==
X-Received: by 10.140.89.176 with SMTP id v45mr70302325qgd.44.1419793274039; Sun, 28 Dec 2014 11:01:14 -0800 (PST)
Received: from dave-laptop.localnet (pool-72-78-212-218.phlapa.fios.verizon.net. [72.78.212.218]) by mx.google.com with ESMTPSA id r12sm31785775qax.38.2014.12.28.11.01.13 (version=TLSv1 cipher=RC4-SHA bits=128/128); Sun, 28 Dec 2014 11:01:13 -0800 (PST)
From: Dave Garrett <davemgarrett@gmail.com>
To: Hauke Mehrtens <hauke@hauke-m.de>
Date: Sun, 28 Dec 2014 14:01:11 -0500
User-Agent: KMail/1.13.5 (Linux/2.6.32-66-generic-pae; KDE/4.4.5; i686; ; )
References: <201412221945.35644.davemgarrett@gmail.com> <38DB9255-0F1B-40BC-A36B-D0241BE65E40@gmail.com> <54A0171D.9070504@hauke-m.de>
In-Reply-To: <54A0171D.9070504@hauke-m.de>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <201412281401.11441.davemgarrett@gmail.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/5ViikHZ43JVZDMNkqR1yyuGNpa8
X-Mailman-Approved-At: Mon, 29 Dec 2014 09:10:39 -0800
Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] drop obsolete SSL 2 backwards compatibility from TLS 1.3 draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Dec 2014 19:01:16 -0000
On Sunday, December 28, 2014 09:43:41 am Hauke Mehrtens wrote: > as even OpenSSL 0.9.8 sends such ClientHellos in the default settings http://openssl.6102.n7.nabble.com/OpenSSL-0-9-8-End-Of-Life-Announcement- td54154.html OpenSSL 0.9.8 will be EOL next year and is receiving only security updates until then. Servers still using it will not be affected by whatever is specified in TLS 1.3. What client would still be using this? (and why should we care?) Java 6 has been EOL for a couple years now. New security protocols should not be written to accommodate dead software, especially if there's no plausible reason to legitimately use it still. I restate again, that even these EOL implementations are perfectly capable of interoperating with the proposed spec if properly configured. SSL2 & SSL3 should not be enabled. This is already agreed upon. (pending second RFC passage for official status) The desire to continue supporting SSL2 hellos requires the acceptance that it is legitimate to expect an insecurely configured implementation to work forever. This is not a safe thought process. Also, it breaks things. It'd be nice to stop that. Dave
- [TLS] drop obsolete SSL 2 backwards compatibility… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Brian Smith
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yoav Nir
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yuhong Bao
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yoav Nir
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- [TLS] explicitly specify ClientHello record versi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Kurt Roeckx
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Jeffrey Walton
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Kurt Roeckx
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Hauke Mehrtens
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yoav Nir
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Fabrice
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Brian Smith
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Brian Smith
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Brian Smith
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Kurt Roeckx
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Hauke Mehrtens
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Kurt Roeckx
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Salz, Rich
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Watson Ladd
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Martin Rex
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Martin Thomson
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Martin Rex
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Peter Gutmann
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Brian Smith
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Martin Rex
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Salz, Rich
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yuhong Bao
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Florian Weimer
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Florian Weimer
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Daniel Kahn Gillmor
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yuhong Bao
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Andrei Popov
- [TLS] Downgrade Dance steps (Re: drop obsolete SS… Martin Rex
- Re: [TLS] Downgrade Dance steps (Re: drop obsolet… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yuhong Bao
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Martin Rex
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yuhong Bao