Re: [TLS] SCSV vs RI when both specified. Was: Updated draft

"Blumenthal, Uri - 0662 - MITLL" <> Tue, 22 December 2009 04:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3FE583A67A8 for <>; Mon, 21 Dec 2009 20:50:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id evkgEaE5Z2Pk for <>; Mon, 21 Dec 2009 20:50:25 -0800 (PST)
Received: from (LLMAIL1.LL.MIT.EDU []) by (Postfix) with ESMTP id 477863A69A0 for <>; Mon, 21 Dec 2009 20:50:25 -0800 (PST)
Received: (from smtp@localhost) by (8.12.10/8.8.8) id nBM4o7YY017652 for <>; Mon, 21 Dec 2009 23:50:07 -0500 (EST)
Received: from ), claiming to be "" via SMTP by llpost, id smtpdAAAtBaq2F; Mon Dec 21 23:45:10 2009
Received: from ([ ]) by ([ ]) with mapi; Mon, 21 Dec 2009 23:45:10 -0500
From: "Blumenthal, Uri - 0662 - MITLL" <>
To: "''" <>
Date: Mon, 21 Dec 2009 23:45:10 -0500
Thread-Topic: [TLS] SCSV vs RI when both specified. Was: Updated draft
Thread-Index: AcqCWqP/QuwhCp6SRzqJOmVfUsOLZQAZubFl
Message-ID: <>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Subject: Re: [TLS] SCSV vs RI when both specified. Was: Updated draft
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 22 Dec 2009 04:50:26 -0000

Is this why soldiers in the field switch off their accredited certified secure comm gear (which won't talk when things look the least bit funny?) and turn to cell phones? As for them the need to communicate usually does NOT take a back seat.

We are talking hypothetically of course rather than about this particular TLS decision, which might well be the right choice.

----- Original Message -----
From: Marsh Ray <>
To: Blumenthal, Uri - 0662 - MITLL
Cc: '' <>
Sent: Mon Dec 21 11:28:29 2009
Subject: Re: [TLS] SCSV vs RI when both specified. Was: Updated draft

Blumenthal, Uri - 0662 - MITLL wrote:
> The only purpose of any protocol is to allow entities to communicate
> (under a given set of constraints). Thus every effort SHOULD be
> invested to provide this capability whenever possible.

TLS is a cryptographic data security protocol.

"Allowing entities to communicate" takes a back seat to the primary goal
of preventing unauthorized communication.

> If the
> protocol spec demands aborting connection, it better have a damn good
> reason to do so - and more substantive than "some Steve decided it
> doesn't really matter to him if the peers connect or not".

How about "remote endpoint doesn't pass the bozo test"?

> Personal curiosity - what kind of work do you do? (Feel free to
> answer in a private email or to ignore altogether.)

I do software development (and security research) work on PhoneFactor, a
product/service for doing two-factor authentication with ordinary phones.

> I'm shocked that nobody else seems to pick on this. Is it that
> mid-weekend thing, or am I the only one who cares whether the peer
> would establish or refuse connection?!

Yes, I care greatly that the peer refuses any connection that looks the
least bit funny.

- Marsh