Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00
Brian Smith <brian@briansmith.org> Thu, 16 October 2014 20:03 UTC
Return-Path: <brian@briansmith.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1B161A88CF for <tls@ietfa.amsl.com>; Thu, 16 Oct 2014 13:03:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.321
X-Spam-Level:
X-Spam-Status: No, score=0.321 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, MANGLED_LOW=2.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JkOI-bhhuYku for <tls@ietfa.amsl.com>; Thu, 16 Oct 2014 13:03:13 -0700 (PDT)
Received: from mail-oi0-f47.google.com (mail-oi0-f47.google.com [209.85.218.47]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3FD21A88C8 for <tls@ietf.org>; Thu, 16 Oct 2014 13:03:12 -0700 (PDT)
Received: by mail-oi0-f47.google.com with SMTP id a141so3270484oig.34 for <tls@ietf.org>; Thu, 16 Oct 2014 13:03:12 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=+KECksSBjoYZ2fNpABwJVDS0VkIKsCfYE30fJMpi2vA=; b=UOYMa/cRWkhjuKE3uY9WNOgxz0QHZV8P7BXKC7SdqvdGpsAZ0jFBQ2pVkc14mTLOMr 7QwBQJRxHLtC2mRuteKHAAJELqhJ16X4tiS9BdTUUDLmO1sBu5d7oZWfg6J/BwqM3TWE M1p5+Zsg2p96T9veZtkeBn6qUVSkLzfTpIJh5rKpNFDPWLHPyaCRJn1aa5+w+9gKQOjo FzjzcHXFaEpmA0Rzo4WBppEgY00pKxzpKOnl/K8FOIQqrXxNMID6Qq0ubuHuOgIkq/hC Jjm86GMauPRXG2n5VLqZE+ZnZwMe9G9D+ZCkO/idqWjVUm3+HQjivUbchUpPZwiRU6Ev q22w==
X-Gm-Message-State: ALoCoQkLT4AstCRvh6oITPw93ZOWNnusfVJKw0W2cSZKsYYxokx+cUXNuEuZJxsmujp3pOJyfSUl
MIME-Version: 1.0
X-Received: by 10.60.132.102 with SMTP id ot6mr2892544oeb.62.1413489792405; Thu, 16 Oct 2014 13:03:12 -0700 (PDT)
Received: by 10.76.93.9 with HTTP; Thu, 16 Oct 2014 13:03:12 -0700 (PDT)
In-Reply-To: <CADMpkcJmvZ7Zra9TJ9usnmcgYPnsKaykwOuXEFbDATT=qgWEAg@mail.gmail.com>
References: <2112FCAD-4820-49D9-9871-6501C83A554D@cisco.com> <CAFewVt77caT8kDPyKhT3Bqn5T+uRKA79n_F24VGnd+abMe6=zA@mail.gmail.com> <CADMpkcJmvZ7Zra9TJ9usnmcgYPnsKaykwOuXEFbDATT=qgWEAg@mail.gmail.com>
Date: Thu, 16 Oct 2014 13:03:12 -0700
Message-ID: <CAFewVt4fDxTk2hFXohxcj5wq62nv2qvxrkoP3aCpw7HpEnMOGQ@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
To: Bodo Moeller <bmoeller@acm.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/IEOIp1U7XYO8dY9jg9ChQOpOJis
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Oct 2014 20:03:14 -0000
On Thu, Oct 16, 2014 at 6:36 AM, Bodo Moeller <bmoeller@acm.org> wrote: > Brian Smith <brian@briansmith.org>: > >> It seems like the draft should also advise clients that they MUST NOT >> do the False Start optimization if the server does not choose the >> maximum version of TLS that they support. For example, if the server >> chooses a version less than ClientHello.client_version, or if the >> client sent the TLS_FALLBACK_SCSV, then the client MUST NOT false >> start. Currently the draft says nothing about this. Because of False >> Start, there are several downgrades that are still possible even with >> the current downgrade-SCSV-enabled Chrome and Firefox, for example. > > This isn't specific to fallback retries and certainly not to the > TLS_FALLBACK_SCSV mechanism (it's exactly the same with the standard > mechanism for protocol version negotiation), so I think an updated version > of the False Start specification would be the right place to set any strict > requirements for this. However, it would make sense to *mention* and discuss > this aspect in the TLS_FALLBACK_SCSV document (non-normatively). If version downgrades during False Start are to be tolerated, then at a minimum the security considerations of this draft must point out that the mechanism is simple to subvert (partially, at least) when False Start is used. > [As for the specifics, while I think this isn't really for the > TLS_FALLBACK_SCSV specification to define, allowing False Start only with > the *one* most recent protocol version appears too strict. Specifically, > while deployment of a new protocol version is underway, clients may want to > use False Start both with this new version and with the previous version -- > why downgrade the overall experience for those who enable the latest > protocol version?] My point is that, because the clients that do the non-secure fallback are also doing false start, without some version negotiation restrictions for false start, the server still has no control over the minimum version of TLS that will be used, even if they implement the downgrade SCSV as specified. Right now it isn't a known emergency because browsers (at least Firefox and Chrome) don't allow a MitM to downgrade a connection to SSL 3.0 during false start. However, what if the server administrator wants to be more cautious than browsers are? It is true that, as the TLS 1.3 draft is currently written, browsers will have to do non-secure fallback to TLS 1.2 often when they enable TLS 1.3. I agree, given that current situation, that that is something that should be allowed. But, I disagree that it should be allowed to let a MitM downgrade a connection all the way to TLS 1.0 w/ the False Start mechanism, especially when the server has implemented the downgrade SCSV in an attempt to prevent that. >> In summary, the way it is defined, the downgrade SCSV is only helpful >> in preventing a limit number of unspecified downgrade attacks when >> used in conjunction with False Start. Also, the draft is based on the >> premise that preventing version downgrade is useful for preventing >> some cryptographic attacks, but it does not substantiate that. POODLE >> and BEAST are evidence that the mechanism helps for some attacks. But, >> is this mechanism actually effective for preventing any other class of >> attacks, other than TLS 1.1 -> TLS 1.0 -> SSL 3.0 downgrade for CBC >> cipher suites? The answer to this should be in the security >> considerations. > > Well, what makes the TLS_FALLBACK_SCSV mechanism particularly valuable is > that it can help protect you from attacks that no one is aware of yet. So > enumerating concrete attacks sort of would be missing the point: > TLS_FALLBACK_SCSV is mainly about those vulnerabilities that we *can't* list > there yet. I can tell you *now* how you would have benefited from supporting > TLS_FALLBACK_SCSV half a year ago. Besides POODLE and BEAST? I do think it would be good to see some more examples. Anyway, I'm not asking you to enumerate every possible attack that is prevented with this mechanism. I'm asking for the downgrade SCSV mechanism to be improved to prevent more attacks, or at least for the limitations of the dowgrade SCSV mechanism to be documented more clearly. > That said, the question whether the mechanism has relevance for weaknesses > other than those found in CBC cipher suites can be answered in the > affirmative. For example, if clients fall back to SSL 3.0 without TLS > extensions, they can't use ECDHE and thus may lose forward security. No. When false start is allowed for RSA key exchange, the initial HTTP request (including auth credentials), even if both sides implement the downgrade SCSV correctly, an attacker can still force the client to send the initial HTTP requests (with auth credentials) using a version of its choosing and using RSA key exchange. In Chrome and Firefox, the downgrade to RSA is prevented by their False Start policies, not by the downgrade SCSV. My point is that, without adding some restrictions on False Start, the downgrade SCSV mechainsm is useless against any attack that would succeed by being able to control what the client sends in its initial application data. (Note that POODLE isn't such an attack, because it only succeeds by being able to control what the server will decrypt, not just what the client sends.) Again, to be clear, I am not saving the downgrade SCSV is bad. I'm saying it is surprising that the downgrade SCSV doesn't prevent version downgrades, and that should be fixed. Cheers, Brian
- [TLS] Working Group Last Call for draft-ietf-tls-… Joseph Salowey (jsalowey)
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrei Popov
- Re: [TLS] Working Group Last Call for draft-ietf-… Adam Langley
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrei Popov
- Re: [TLS] Working Group Last Call for draft-ietf-… Adam Langley
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrei Popov
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrei Popov
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Rex
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Rex
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrey Jivsov
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Fabrice
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Nikos Mavrogiannopoulos
- Re: [TLS] Working Group Last Call for draft-ietf-… Hanno Böck
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… CodesInChaos
- Re: [TLS] Working Group Last Call for draft-ietf-… Hanno Böck
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Nikos Mavrogiannopoulos
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Tom Ritter
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
- Re: [TLS] Working Group Last Call for draft-ietf-… Manuel Pégourié-Gonnard
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Rex
- Re: [TLS] Working Group Last Call for draft-ietf-… Watson Ladd
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Fahima Ahmed Khan Etha
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Hubert Kario
- Re: [TLS] Working Group Last Call for draft-ietf-… Hubert Kario
- Re: [TLS] Working Group Last Call for draft-ietf-… Manuel Pégourié-Gonnard
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Manuel Pégourié-Gonnard
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Nikos Mavrogiannopoulos
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Daniel Kahn Gillmor
- Re: [TLS] Working Group Last Call for draft-ietf-… Manuel Pégourié-Gonnard
- Re: [TLS] Working Group Last Call for draft-ietf-… Hubert Kario
- Re: [TLS] Working Group Last Call for draft-ietf-… Hubert Kario
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Henrik Grubbström
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Peter Gutmann
- Re: [TLS] Working Group Last Call for draft-ietf-… Adam Langley
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrey Jivsov
- [TLS] The TLS_FALLBACK_SCSV time bomb (was: Re: W… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Hubert Kario
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Bodo Moeller
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Hubert Kario
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrey Jivsov
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Martin Thomson
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Andrei Popov
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Martin Thomson
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Jeffrey Walton
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Andrei Popov
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Marsh Ray
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Andrei Popov
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Martin Thomson
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Andrei Popov
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Yuhong Bao
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrey Jivsov
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Hubert Kario
- Re: [TLS] Working Group Last Call for draft-ietf-… Nikos Mavrogiannopoulos
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
- Re: [TLS] Working Group Last Call for draft-ietf-… Nikos Mavrogiannopoulos
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Manuel Pégourié-Gonnard
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Manuel Pégourié-Gonnard
- Re: [TLS] Working Group Last Call for draft-ietf-… Nikos Mavrogiannopoulos
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Watson Ladd
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Manuel Pégourié-Gonnard
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Manuel Pégourié-Gonnard
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Andrei Popov
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Salz, Rich
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Andrei Popov
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Andrei Popov
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Bodo Moeller
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Marsh Ray
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Bodo Moeller
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Andrei Popov
- Re: [TLS] Working Group Last Call fordraft-ietf-t… Rob Stradling
- Re: [TLS] Working Group Last Call fordraft-ietf-t… Ilari Liusvaara
- Re: [TLS] Working Group Last Call for draft-ietf-… Bill Frantz
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call fordraft-ietf-t… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrey Jivsov
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrey Jivsov
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrey Jivsov
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrey Jivsov
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrey Jivsov
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb Andrei Popov
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrey Jivsov
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Daniel Kahn Gillmor
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrey Jivsov
- Re: [TLS] Working Group Last Call for draft-ietf-… Daniel Kahn Gillmor
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Rex
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Rex
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller