Re: [TLS] Downgrade protection, fallbacks, and server time

Martin Thomson <martin.thomson@gmail.com> Thu, 02 June 2016 01:42 UTC

MIME-Version: 1.0
In-Reply-To: <CABcZeBPENSap9YOFE2E=N6cSNcvGrJGkqZM4qMHMFbvYFXkZfA@mail.gmail.com>
References: <CAF8qwaDuGyHOu_4kpWN+c+vJKXyERPJu-2xR+nu=sPzG5vZ+ag@mail.gmail.com> <CABcZeBO2Se4EVQMc_AisBUkBHNCO8t3YQWwQhRnw2TwhBjxcPA@mail.gmail.com> <CAF8qwaBPoKS1CSV49N2fWmYq6NnXTB5qo6QJV88xzatQABCPsg@mail.gmail.com> <CABcZeBPENSap9YOFE2E=N6cSNcvGrJGkqZM4qMHMFbvYFXkZfA@mail.gmail.com>
Date: Thu, 02 Jun 2016 11:42:00 +1000
Message-ID: <CABkgnnXttzJm=8Pk5zWgUV8AYsaWYXWtn5VL3yKVmqGtV3-BGw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/D-1jjamy08IwrHs5Olal_xCV9Ko>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Downgrade protection, fallbacks, and server time
Precedence: list

On 2 June 2016 at 08:56, Eric Rescorla <ekr@rtfm.com> wrote:
>> (Although, do we actually get the stronger protection if the client
>> accepts plain RSA key exchange? I've never been very clear on that.
>> Realistically, clients will be accepting plain RSA for a long while.)
>
>
> Yes, that's correct. I don't believe we have a good plan for plain RSA.

The best plan involves lots and lots of fire.

Re: [TLS] Downgrade protection, fallbacks, and se… David Benjamin
Re: [TLS] Downgrade protection, fallbacks, and se… Martin Rex
[TLS] Downgrade protection, fallbacks, and server… David Benjamin
Re: [TLS] Downgrade protection, fallbacks, and se… Eric Rescorla
Re: [TLS] Downgrade protection, fallbacks, and se… David Benjamin
Re: [TLS] Downgrade protection, fallbacks, and se… Eric Rescorla
Re: [TLS] Downgrade protection, fallbacks, and se… Martin Thomson
[TLS] no fallbacks please [was: Downgrade protect… Nikos Mavrogiannopoulos
Re: [TLS] no fallbacks please [was: Downgrade pro… Yoav Nir
Re: [TLS] Downgrade protection, fallbacks, and se… Hubert Kario
Re: [TLS] no fallbacks please [was: Downgrade pro… Hubert Kario
Re: [TLS] Downgrade protection, fallbacks, and se… David Benjamin
Re: [TLS] Downgrade protection, fallbacks, and se… Viktor Dukhovni
Re: [TLS] no fallbacks please [was: Downgrade pro… David Benjamin
Re: [TLS] Downgrade protection, fallbacks, and se… David Benjamin
Re: [TLS] Downgrade protection, fallbacks, and se… Hubert Kario
Re: [TLS] no fallbacks please [was: Downgrade pro… David Benjamin
Re: [TLS] Downgrade protection, fallbacks, and se… David Benjamin
Re: [TLS] no fallbacks please [was: Downgrade pro… Hubert Kario
Re: [TLS] no fallbacks please [was: Downgrade pro… Hubert Kario
Re: [TLS] Downgrade protection, fallbacks, and se… Viktor Dukhovni
Re: [TLS] no fallbacks please [was: Downgrade pro… Martin Thomson
Re: [TLS] no fallbacks please [was: Downgrade pro… Dave Garrett
Re: [TLS] no fallbacks please [was: Downgrade pro… Nikos Mavrogiannopoulos
Re: [TLS] no fallbacks please [was: Downgrade pro… Ilari Liusvaara
Re: [TLS] no fallbacks please [was: Downgrade pro… Hubert Kario
Re: [TLS] no fallbacks please [was: Downgrade pro… Xiaoyin Liu
Re: [TLS] no fallbacks please [was: Downgrade pro… Hubert Kario
Re: [TLS] no fallbacks please [was: Downgrade pro… Eric Rescorla
Re: [TLS] no fallbacks please [was: Downgrade pro… Andrei Popov
Re: [TLS] no fallbacks please [was: Downgrade pro… Eric Rescorla
Re: [TLS] no fallbacks please [was: Downgrade pro… Viktor Dukhovni
Re: [TLS] no fallbacks please [was: Downgrade pro… David Benjamin
Re: [TLS] no fallbacks please [was: Downgrade pro… Dave Garrett
Re: [TLS] no fallbacks please [was: Downgrade pro… Bill Frantz
Re: [TLS] Downgrade protection, fallbacks, and se… Yaron Sheffer
Re: [TLS] Downgrade protection, fallbacks, and se… Stefan Winter
Re: [TLS] no fallbacks please [was: Downgrade pro… Hubert Kario
Re: [TLS] [FORGED] Re: no fallbacks please [was: … Peter Gutmann
Re: [TLS] [FORGED] Re: no fallbacks please [was: … Peter Gutmann
Re: [TLS] no fallbacks please [was: Downgrade pro… Dave Garrett
Re: [TLS] no fallbacks please [was: Downgrade pro… Jeffrey Walton
Re: [TLS] [FORGED] Re: no fallbacks please [was: … Peter Gutmann
Re: [TLS] [FORGED] Re: no fallbacks please [was: … Kyle Rose
Re: [TLS] [FORGED] Re: no fallbacks please [was: … Hubert Kario
Re: [TLS] [FORGED] Re: no fallbacks please [was: … Yoav Nir
Re: [TLS] [FORGED] Re: no fallbacks please [was: … Salz, Rich
Re: [TLS] [FORGED] Re: no fallbacks please [was: … Yoav Nir
Re: [TLS] [FORGED] Re: no fallbacks please [was: … Hubert Kario
Re: [TLS] [FORGED] Re: no fallbacks please [was: … Yoav Nir
Re: [TLS] [FORGED] Re: no fallbacks please [was: … David Benjamin
Re: [TLS] [FORGED] Re: no fallbacks please [was: … Andrei Popov
Re: [TLS] [FORGED] Re: no fallbacks please [was: … Yuhong Bao
Re: [TLS] [FORGED] Re: no fallbacks please [was: … Dave Garrett
Re: [TLS] [FORGED] Re: no fallbacks please [was: … Hubert Kario
Re: [TLS] [FORGED] Re: no fallbacks please [was: … Hubert Kario
Re: [TLS] [FORGED] Re: no fallbacks please [was: … Nikos Mavrogiannopoulos
Re: [TLS] no fallbacks please [was: Downgrade pro… Tony Arcieri