Re: [TLS] Deployment ... Re: This working group has failed
Yoav Nir <ynir@checkpoint.com> Sun, 17 November 2013 11:13 UTC
Return-Path: <ynir@checkpoint.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA37311E8AC2 for <tls@ietfa.amsl.com>; Sun, 17 Nov 2013 03:13:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.166
X-Spam-Level:
X-Spam-Status: No, score=-10.166 tagged_above=-999 required=5 tests=[AWL=0.433, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j3abFtmhzX4v for <tls@ietfa.amsl.com>; Sun, 17 Nov 2013 03:13:13 -0800 (PST)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id A10BA11E8241 for <tls@ietf.org>; Sun, 17 Nov 2013 03:13:03 -0800 (PST)
Received: from DAG-EX10.ad.checkpoint.com ([194.29.34.150]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id rAHBCuK9000346; Sun, 17 Nov 2013 13:12:56 +0200
X-CheckPoint: {5288A2A0-3-1B221DC2-1FFFF}
Received: from IL-EX10.ad.checkpoint.com ([169.254.2.146]) by DAG-EX10.ad.checkpoint.com ([169.254.3.213]) with mapi id 14.03.0123.003; Sun, 17 Nov 2013 13:12:56 +0200
From: Yoav Nir <ynir@checkpoint.com>
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
Thread-Topic: [TLS] Deployment ... Re: This working group has failed
Thread-Index: AQHO4rSnkbVJpNqTEEuoz3WRzLISMZooBy4AgAER/4CAAAvQgA==
Date: Sun, 17 Nov 2013 11:12:55 +0000
Message-ID: <11586138-5410-404B-905F-CEA1DEBF6DE1@checkpoint.com>
References: <CACsn0c=i2NX2CZ=Md2X+WM=RM8jAysaenz6oCxmoPt+LC5wvjA@mail.gmail.com> <52874576.9000708@gmx.net> <5287B4F6.1060102@defuse.ca> <52889ACF.3050302@gmx.net>
In-Reply-To: <52889ACF.3050302@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.31.21.100]
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: text/plain; charset="us-ascii"
Content-ID: <9C154E4BDE9E274C9F5B63B3130C2477@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "tls@ietf.org list" <tls@ietf.org>
Subject: Re: [TLS] Deployment ... Re: This working group has failed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Nov 2013 11:13:19 -0000
On Nov 17, 2013, at 12:30 PM, Hannes Tschofenig <Hannes.Tschofenig@gmx.net> wrote: > Hi Taylor, > > Would be interesting to hear from someone working for Mozilla (like Ekr, our TLS WG chair) why things are progressing so slowly and what exactly their problem is. > Hi Hannes We have heard before from people at Google and at Microsoft. Google only added TLS 1.2 very recently, and Microsoft added it very early, but disabled it by default for a long time. There were issues with failures of connections attempts using TLS 1.2. There have been issues with 1.1, but 1.2 produced much more of them. 1. TLS 1.2 is the first version to require support of extensions. Some servers broke when extensions existed. 2. Some servers broke on unrecognized extensions. 3. Some server break on missing extensions - certain servers will not accept a TLS 1.2 ClientHello without the SignatureAlgorithm extension Combining 1 & 3, you can't win. Some servers just won't work. I don't know what changed. Perhaps the percentage of servers that are broken like that has diminished. But not it looks like the browser vendors have deemed it as sufficiently low to allow them to make this on by default. Yoav
- [TLS] This working group has failed Watson Ladd
- [TLS] Deployment ... Re: This working group has f… Hannes Tschofenig
- Re: [TLS] Deployment ... Re: This working group h… Taylor Hornby
- Re: [TLS] This working group has failed SM
- Re: [TLS] This working group has failed Ralph Holz
- Re: [TLS] Deployment ... Re: This working group h… Hannes Tschofenig
- Re: [TLS] Deployment ... Re: This working group h… Yoav Nir
- Re: [TLS] Deployment ... Re: This working group h… Hannes Tschofenig
- Re: [TLS] This working group has failed Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Mark Nottingham
- Re: [TLS] Deployment ... Re: This working group h… Kyle Hamilton
- Re: [TLS] Deployment ... Re: This working group h… Juho Vähä-Herttua
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Andrei Popov
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Geoffrey Keating
- Re: [TLS] Deployment ... Re: This working group h… Michael Staubermann
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Joshua Davies
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Andy Lutomirski
- Re: [TLS] Deployment ... Re: This working group h… Kirils Solovjovs
- Re: [TLS] Deployment ... Re: This working group h… Andy Wilson
- Re: [TLS] Deployment ... Re: This working group h… Marsh Ray
- Re: [TLS] Deployment ... Re: This working group h… Ralf Skyper Kaiser
- Re: [TLS] Deployment ... Re: This working group h… Ben Laurie
- [TLS] TLS protocol version intolerance [Was: Re: … Ivan Ristić
- Re: [TLS] Deployment ... Re: This working group h… Zooko Wilcox-OHearn
- Re: [TLS] TLS protocol version intolerance [Was: … Michael Sweet
- Re: [TLS] TLS protocol version intolerance [Was: … Eric Rescorla
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Andy Lutomirski
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- [TLS] multiple clients in one process (was: Re: D… Patrick Pelletier
- Re: [TLS] multiple clients in one process (was: R… Andy Lutomirski
- Re: [TLS] multiple clients in one process (was: R… Daniel Kahn Gillmor
- Re: [TLS] multiple clients in one process (was: R… Nico Williams
- Re: [TLS] multiple clients in one process (was: R… Nikos Mavrogiannopoulos
- Re: [TLS] multiple clients in one process (was: R… Andy Lutomirski