Re: [TLS] Deployment ... Re: This working group has failed
Joshua Davies <joshua.davies.tx@gmail.com> Mon, 18 November 2013 22:40 UTC
Return-Path: <joshua.davies.tx@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45F491AE69D for <tls@ietfa.amsl.com>; Mon, 18 Nov 2013 14:40:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OGCpwU55Ewq6 for <tls@ietfa.amsl.com>; Mon, 18 Nov 2013 14:40:09 -0800 (PST)
Received: from mail-ob0-x230.google.com (mail-ob0-x230.google.com [IPv6:2607:f8b0:4003:c01::230]) by ietfa.amsl.com (Postfix) with ESMTP id 767481AE681 for <tls@ietf.org>; Mon, 18 Nov 2013 14:40:09 -0800 (PST)
Received: by mail-ob0-f176.google.com with SMTP id wp4so7772113obc.35 for <tls@ietf.org>; Mon, 18 Nov 2013 14:40:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=aGdwFE4UNDvMPM2KHMkeatZEC9VfokbtXWqdz+Jz1Ik=; b=ztgtsqh6UdPgMb2AyDosdx0cK3uOAuCutSQ4EZ98YKx1uO65ghivhuCEZjJ22IhsDH mppZjQaCoDTxsxMMn6zHUESXPXKBwXWw1B8oGVWS6NzSnddDX81PShgsaNIDVJsIlrzE rdvhPL/eBvVvFsBqomCRvNm3E6AnT5t9TiGWmPwcVyHwMDxKczrNMCBycMqxDNi7ilui HnoQTu/cpmwyL4Dbfg3QJQuhnML593vZIdNX72E4YH2dwQb5J08DhG8PEla17jMuSYr/ +jaRLtNzmP6fEiqaqVr1Hbmn2du1BuvZPJpB8coLVFCbvvNZkqK0ktX7VT+BO5rXP3Ph grZw==
MIME-Version: 1.0
X-Received: by 10.60.142.8 with SMTP id rs8mr22350468oeb.34.1384814403660; Mon, 18 Nov 2013 14:40:03 -0800 (PST)
Received: by 10.60.52.45 with HTTP; Mon, 18 Nov 2013 14:40:03 -0800 (PST)
In-Reply-To: <20131118223140.04D361AAB0@ld9781.wdf.sap.corp>
References: <20131118223140.04D361AAB0@ld9781.wdf.sap.corp>
Date: Mon, 18 Nov 2013 16:40:03 -0600
Message-ID: <CADwpFrA2cOHupieYN38onBQNNXvjeh0hg0hZgsMcLd-jBrFP_Q@mail.gmail.com>
From: Joshua Davies <joshua.davies.tx@gmail.com>
To: mrex@sap.com
Content-Type: multipart/alternative; boundary="047d7b33cd749c31dd04eb7b3a29"
Cc: Michael Staubermann <Michael.Staubermann@webolution.de>, tls@ietf.org
Subject: Re: [TLS] Deployment ... Re: This working group has failed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Nov 2013 22:40:11 -0000
> You are ware that TLSv1.2 (rfc5246 alone) is weaker than TLSv1.1(rfc4346)? Really? How so? The only major difference (besides the new cipher suites and modes and such) between TLS 1.1 and TLS 1.2 is the PRF - are you saying that the TLS 1.1 PRF is stronger than SHA 256? Has this been proven or is that just conjecture? On Mon, Nov 18, 2013 at 4:31 PM, Martin Rex <mrex@sap.com> wrote: > Michael Staubermann wrote: > > Martin Rex wrote: > > > >> > >> Unfortunately, I've seen a new (government mandated) Web Service usage > > scenario deployed in 2013 where the hardware SSL/TLS accellerater that is > > being used is TLS version intolerant to TLSv1.1 and TLSv1.2. > > > > On the other hand we have the (government mandated) requirement to use > TLS > > 1.2 for governmental institutions: > > > > > https://www.bsi.bund.de/DE/Presse/Kurzmitteilungen/Kurzmit2013/Mindeststandard_TLS_1_2_Web-Seiten_des_BSI_13112013.html > > That is a misunderstanding. > > This statement by the German BSI is a mere recommendation, > it is _not_ mandatory to use TLSv1.2. > > You are ware that TLSv1.2 (rfc5246 alone) is weaker than TLSv1.1(rfc4346)? > > > The Web Service of the Portugal fiscal authority that businesses have > to submit certain data through a WebService _is_ mandatory. > > -Martin > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] This working group has failed Watson Ladd
- [TLS] Deployment ... Re: This working group has f… Hannes Tschofenig
- Re: [TLS] Deployment ... Re: This working group h… Taylor Hornby
- Re: [TLS] This working group has failed SM
- Re: [TLS] This working group has failed Ralph Holz
- Re: [TLS] Deployment ... Re: This working group h… Hannes Tschofenig
- Re: [TLS] Deployment ... Re: This working group h… Yoav Nir
- Re: [TLS] Deployment ... Re: This working group h… Hannes Tschofenig
- Re: [TLS] This working group has failed Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Mark Nottingham
- Re: [TLS] Deployment ... Re: This working group h… Kyle Hamilton
- Re: [TLS] Deployment ... Re: This working group h… Juho Vähä-Herttua
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Andrei Popov
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Geoffrey Keating
- Re: [TLS] Deployment ... Re: This working group h… Michael Staubermann
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Joshua Davies
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Andy Lutomirski
- Re: [TLS] Deployment ... Re: This working group h… Kirils Solovjovs
- Re: [TLS] Deployment ... Re: This working group h… Andy Wilson
- Re: [TLS] Deployment ... Re: This working group h… Marsh Ray
- Re: [TLS] Deployment ... Re: This working group h… Ralf Skyper Kaiser
- Re: [TLS] Deployment ... Re: This working group h… Ben Laurie
- [TLS] TLS protocol version intolerance [Was: Re: … Ivan Ristić
- Re: [TLS] Deployment ... Re: This working group h… Zooko Wilcox-OHearn
- Re: [TLS] TLS protocol version intolerance [Was: … Michael Sweet
- Re: [TLS] TLS protocol version intolerance [Was: … Eric Rescorla
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Andy Lutomirski
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- [TLS] multiple clients in one process (was: Re: D… Patrick Pelletier
- Re: [TLS] multiple clients in one process (was: R… Andy Lutomirski
- Re: [TLS] multiple clients in one process (was: R… Daniel Kahn Gillmor
- Re: [TLS] multiple clients in one process (was: R… Nico Williams
- Re: [TLS] multiple clients in one process (was: R… Nikos Mavrogiannopoulos
- Re: [TLS] multiple clients in one process (was: R… Andy Lutomirski