Re: [TLS] no fallbacks please [was: Downgrade protection, fallbacks, and server time]

Viktor Dukhovni <> Fri, 03 June 2016 17:40 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BEDDF12D5D4 for <>; Fri, 3 Jun 2016 10:40:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id oq-aPDug4fzO for <>; Fri, 3 Jun 2016 10:40:52 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 14F5F12D5C4 for <>; Fri, 3 Jun 2016 10:40:51 -0700 (PDT)
Received: by (Postfix, from userid 1034) id D4E81284F26; Fri, 3 Jun 2016 17:40:50 +0000 (UTC)
Date: Fri, 3 Jun 2016 17:40:50 +0000
From: Viktor Dukhovni <>
Message-ID: <>
References: <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <>
Subject: Re: [TLS] no fallbacks please [was: Downgrade protection, fallbacks, and server time]
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 03 Jun 2016 17:40:54 -0000

On Fri, Jun 03, 2016 at 06:39:58AM -0700, Eric Rescorla wrote:

> My opinion on this hasn't really changed since the last time. This seems
> like it's more complicated and it's not clear to me why it won't lead to
> exactly the same version intolerance problem in future.

Doing version negotiation through extensions would be a major
implementation burden.  At present the client version appears early
in the ClientHello at a fixed position in the packet, and the server
can quickly grab the version, compute the highest shared version
and branch to the protocol implementation for that version to parse
the rest of the ClientHello.

Putting the client version in an extension dramatically complicates
server-side processing.  So my view is that this would not be
progress.  This is IMNSHO even less likely to interoperate than
what we have now.