Re: [TLS] no fallbacks please [was: Downgrade protection, fallbacks, and server time]
Jeffrey Walton <noloader@gmail.com> Mon, 06 June 2016 19:32 UTC
Return-Path: <noloader@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A401512D5CF for <tls@ietfa.amsl.com>; Mon, 6 Jun 2016 12:32:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, BIGNUM_EMAILS=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9TajhVckeu6P for <tls@ietfa.amsl.com>; Mon, 6 Jun 2016 12:32:39 -0700 (PDT)
Received: from mail-io0-x233.google.com (mail-io0-x233.google.com [IPv6:2607:f8b0:4001:c06::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9AA712D550 for <tls@ietf.org>; Mon, 6 Jun 2016 12:32:39 -0700 (PDT)
Received: by mail-io0-x233.google.com with SMTP id o189so137677677ioe.2 for <tls@ietf.org>; Mon, 06 Jun 2016 12:32:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:from:date:message-id :subject:to:cc; bh=/n2OlCDoX1+q0UrDzL6u9pbtXwqIwJFQWTyIDbdLJqI=; b=yNHxUIOyrqXJLKwJ+g4DTp8YK6SVc/u2Yx5a2vAjzxkpLstXCWpI00wUr/htya099v Bin9xd/3bMBYBIZj/llLHUR7ykzJcpalXuDys8XpG1aEpJeWHMfzfW0O+9AHdb44fJFB jHFtNXjHdvh0/FFydOLWRn0DlxpO64j2oJUSqVOEZrdov4dmmjQQEm9xpIyv17z57sqv pMSBu28X9SZZGTiBcO8LoavKmO3J5XhcILMJ0zVslggtiY71ZJ9w4+nRi26yNX50Z5gJ kwGHO+m8ogsukRwUP+8hs2GTDByWkaouoIsdZYXYwepLHwtkrXhpCF92ZjH7fRcroTnJ UycA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :from:date:message-id:subject:to:cc; bh=/n2OlCDoX1+q0UrDzL6u9pbtXwqIwJFQWTyIDbdLJqI=; b=cSSUePz60ruyp90CRre9NTQnA0PaEq2xALM65i5Ib+nztM8E7W09ShpFtrogCumvq1 rcZ2ytMCM4FUps5wNc7aWTjZRbEGUi6udCAiax3R2L3cSM9Cu5NUpJsfASLM6j2EX4s1 WRncMyL10jgEzk9ufi+3bOexbcWjMITXtgaVaG+mdkZ1kIPWvjHE6tuN535kinGUYqnf mlC2nBrdwa2Zb93HzzeTLzz+SY9XowJmvQgk71q5w4M2OIWVavZ3TDRkdyyqv7C9INno lQHQTr3e6lBSTVX5Vab9V3R3wpvXMYXFnXRRezVholE6ySUs2IC/gRWurI7BK3ecXxbc 0m7Q==
X-Gm-Message-State: ALyK8tK/+GcK/TAZLJhHEXc+sFiXEp4EObYPEA9wtOGKSp0em9vk4fWvNKz0pT4HM/RWIGi9/2hZSiYFZLggow==
X-Received: by 10.107.179.136 with SMTP id c130mr24126133iof.130.1465241558893; Mon, 06 Jun 2016 12:32:38 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.129.1 with HTTP; Mon, 6 Jun 2016 12:32:38 -0700 (PDT)
In-Reply-To: <r470Ps-10115i-C575378C0ADA4162BA5E7152C5185A23@Williams-MacBook-Pro.local>
References: <1706151.1Qo9uxO9Hr@pintsize.usersys.redhat.com> <r470Ps-10115i-C575378C0ADA4162BA5E7152C5185A23@Williams-MacBook-Pro.local>
From: Jeffrey Walton <noloader@gmail.com>
Date: Mon, 06 Jun 2016 15:32:38 -0400
Message-ID: <CAH8yC8=raj5iUTUWaxtEy7LQCzzADVXSxid-n69MhT5Q2GdfvA@mail.gmail.com>
To: Bill Frantz <frantz@pwpconsult.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/9KOGt7XkoIuN2_wFLMOwMgZfiGQ>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] no fallbacks please [was: Downgrade protection, fallbacks, and server time]
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: noloader@gmail.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jun 2016 19:32:42 -0000
>> That being said, I would prefer the solution to be a compliance test suite >> that checks if servers do handle correctly future versions, future >> extensions and future ciphersuites correctly. > > I agree with Hubert. The big question is how you get the bug report to the > server operator. > > With servers which are currently maintained, it should be possible, although > difficult in specific instances to contact the owner. With servers which > aren't being maintained, e.g. those in imbedded devices, the problem becomes > much harder. There are two ways. First, use the Administrative and Technical contacts in the WHOIS database. They are ICANN contractual requirements, and they must be valid. Second, RFC 2142, MAILBOX NAMES FOR COMMON SERVICES, ROLES AND FUNCTIONS. Jeff
- Re: [TLS] Downgrade protection, fallbacks, and se… David Benjamin
- Re: [TLS] Downgrade protection, fallbacks, and se… Martin Rex
- [TLS] Downgrade protection, fallbacks, and server… David Benjamin
- Re: [TLS] Downgrade protection, fallbacks, and se… Eric Rescorla
- Re: [TLS] Downgrade protection, fallbacks, and se… David Benjamin
- Re: [TLS] Downgrade protection, fallbacks, and se… Eric Rescorla
- Re: [TLS] Downgrade protection, fallbacks, and se… Martin Thomson
- [TLS] no fallbacks please [was: Downgrade protect… Nikos Mavrogiannopoulos
- Re: [TLS] no fallbacks please [was: Downgrade pro… Yoav Nir
- Re: [TLS] Downgrade protection, fallbacks, and se… Hubert Kario
- Re: [TLS] no fallbacks please [was: Downgrade pro… Hubert Kario
- Re: [TLS] Downgrade protection, fallbacks, and se… David Benjamin
- Re: [TLS] Downgrade protection, fallbacks, and se… Viktor Dukhovni
- Re: [TLS] no fallbacks please [was: Downgrade pro… David Benjamin
- Re: [TLS] Downgrade protection, fallbacks, and se… David Benjamin
- Re: [TLS] Downgrade protection, fallbacks, and se… Hubert Kario
- Re: [TLS] no fallbacks please [was: Downgrade pro… David Benjamin
- Re: [TLS] Downgrade protection, fallbacks, and se… David Benjamin
- Re: [TLS] no fallbacks please [was: Downgrade pro… Hubert Kario
- Re: [TLS] no fallbacks please [was: Downgrade pro… Hubert Kario
- Re: [TLS] Downgrade protection, fallbacks, and se… Viktor Dukhovni
- Re: [TLS] no fallbacks please [was: Downgrade pro… Martin Thomson
- Re: [TLS] no fallbacks please [was: Downgrade pro… Dave Garrett
- Re: [TLS] no fallbacks please [was: Downgrade pro… Nikos Mavrogiannopoulos
- Re: [TLS] no fallbacks please [was: Downgrade pro… Ilari Liusvaara
- Re: [TLS] no fallbacks please [was: Downgrade pro… Hubert Kario
- Re: [TLS] no fallbacks please [was: Downgrade pro… Xiaoyin Liu
- Re: [TLS] no fallbacks please [was: Downgrade pro… Hubert Kario
- Re: [TLS] no fallbacks please [was: Downgrade pro… Eric Rescorla
- Re: [TLS] no fallbacks please [was: Downgrade pro… Andrei Popov
- Re: [TLS] no fallbacks please [was: Downgrade pro… Eric Rescorla
- Re: [TLS] no fallbacks please [was: Downgrade pro… Viktor Dukhovni
- Re: [TLS] no fallbacks please [was: Downgrade pro… David Benjamin
- Re: [TLS] no fallbacks please [was: Downgrade pro… Dave Garrett
- Re: [TLS] no fallbacks please [was: Downgrade pro… Bill Frantz
- Re: [TLS] Downgrade protection, fallbacks, and se… Yaron Sheffer
- Re: [TLS] Downgrade protection, fallbacks, and se… Stefan Winter
- Re: [TLS] no fallbacks please [was: Downgrade pro… Hubert Kario
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Peter Gutmann
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Peter Gutmann
- Re: [TLS] no fallbacks please [was: Downgrade pro… Dave Garrett
- Re: [TLS] no fallbacks please [was: Downgrade pro… Jeffrey Walton
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Peter Gutmann
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Kyle Rose
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Hubert Kario
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Yoav Nir
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Salz, Rich
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Yoav Nir
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Hubert Kario
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Yoav Nir
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … David Benjamin
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Andrei Popov
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Yuhong Bao
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Dave Garrett
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Hubert Kario
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Hubert Kario
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Nikos Mavrogiannopoulos
- Re: [TLS] no fallbacks please [was: Downgrade pro… Tony Arcieri