Re: [TLS] Updated draft

"Robert Dugal" <> Fri, 18 December 2009 15:09 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1209A3A69E4 for <>; Fri, 18 Dec 2009 07:09:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.203
X-Spam-Status: No, score=-5.203 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id pVYOeaqsS2iH for <>; Fri, 18 Dec 2009 07:09:53 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 10DFE3A6892 for <>; Fri, 18 Dec 2009 07:09:52 -0800 (PST)
X-AuditID: 0a666446-b7ba5ae000003caa-db-4b2b9b311396
Received: from ( []) by (RIM Mail) with SMTP id 9B.B8.15530.13B9B2B4; Fri, 18 Dec 2009 10:09:37 -0500 (EST)
Received: from ([]) by with Microsoft SMTPSVC(6.0.3790.3959); Fri, 18 Dec 2009 10:09:37 -0500
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
content-transfer-encoding: quoted-printable
Date: Fri, 18 Dec 2009 10:08:40 -0500
Message-ID: <>
In-Reply-To: <>
Thread-Topic: [TLS] Updated draft
Thread-Index: Acp/8EiPYmlbD/SsTFOnZJb6oXwtvQAAnSUQ
References: <> <> <> <>
From: Robert Dugal <>
To: TLS Mailing List <>
X-OriginalArrivalTime: 18 Dec 2009 15:09:37.0262 (UTC) FILETIME=[1D3AC8E0:01CA7FF4]
X-Brightmail-Tracker: AAAAAQAAAZE=
Subject: Re: [TLS] Updated draft
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 18 Dec 2009 15:09:54 -0000

Oops, you're right. I misstated what I'd like the draft to allow.
What I'd like is the option to always send the SCSV in the ClientHello and on renegotiation requests send the SCSV + RI extension in the ClientHello.

Robert Dugal		Senior Software Developer
Certicom Corp.		A Subsidiary of Research In Motion
direct        905.501.3848
fax             905.507.4230

-----Original Message-----
From: Marsh Ray [] 
Sent: Friday, December 18, 2009 9:42 AM
To: Robert Dugal
Cc: TLS Mailing List
Subject: Re: [TLS] Updated draft

Robert Dugal wrote:
> I would also like to see that change in the draft. 
> To increase interoperability with existing servers I would like the option to send SCSV 
> in the initial ClientHello and only send the TLS extension in renegotiation handshakes.

Isn't that how it's worded now?

> This will make it easier for applications as they won't have to make a decision as to 
> whether the server is TLS extension intolerant.

If I were writing a new app that wasn't intended to be the most widely
used web browser in the world, I wouldn't bother with the SCSV at all.

Otherwise, just send it every time instead of an empty RI extension.

- Marsh

This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.