Re: [TLS] Deprecating SSLv3

Yoav Nir <> Mon, 24 November 2014 22:29 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 808E21A86E6 for <>; Mon, 24 Nov 2014 14:29:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 7vRHSyvPxZVU for <>; Mon, 24 Nov 2014 14:29:45 -0800 (PST)
Received: from ( [IPv6:2a00:1450:400c:c05::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 864FB1A7D80 for <>; Mon, 24 Nov 2014 14:29:45 -0800 (PST)
Received: by with SMTP id l15so7268575wiw.14 for <>; Mon, 24 Nov 2014 14:29:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=LEz/pacdl9w1u3DA25uT6Dp7mZJYn0X7DWk7kdJaLe0=; b=THwyhFeEVGlrR3OJJk75FsxGpmyDp0cz0UE+og+EwMLiTlRv2Dxgv7wkLnP4k6xOqU 8MSUVbyzQh+222uds48K06JU6YgY7NR5AMLMuEhMwgEogLqm3UabfrW5BqgyVWrlJLeN Z0hauYTGoeSQqQPSNZF3Qaz05cFZr69XRJt373yulzkJ+2i6v4LSpn8+IRsZVoEN7ww1 yVoL6YCmmabkGJS5mV+qswxQ/ME1Jl2eP0z2KU+6MOL7DIHkUss9MhF3nfwK090+Fgcn XuzYCWwdaAv8FMM3kZpgeMwpQEGriBYxEHsvRGeT4BoDf/V4bRy0tq3Mr6L7UPK0rXpI Md7g==
X-Received: by with SMTP id v9mr37714715wjw.24.1416868184303; Mon, 24 Nov 2014 14:29:44 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id hs1sm13900082wib.1.2014. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 24 Nov 2014 14:29:43 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\))
From: Yoav Nir <>
In-Reply-To: <20141124213052.GR3200@localhost>
Date: Tue, 25 Nov 2014 00:29:41 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <20141124213052.GR3200@localhost>
To: Nico Williams <>
X-Mailer: Apple Mail (2.1993)
Subject: Re: [TLS] Deprecating SSLv3
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 24 Nov 2014 22:29:47 -0000

> On Nov 24, 2014, at 11:30 PM, Nico Williams <> wrote:
> ]
> To be fair to Martin R., I suspect he's not objecting to this, so much
> as to the use of bearer tokens in the first place, 

I don’t know about Martin, but the thing that bothers me most about cookies is not that they’re bearer tokens or that they’re a lucrative target for attacks, but the fact that they can freely be used by attackers.

CRIME, BEAST, POODLE, they all depend on my browser going to, and then a script loaded from that site running on the browser, sending requests to Facebook and google and the like with *my* cookies. For some reason these requests are treated as if they come from *me* rather than the attacker. They call it CSRF, but it’s not really forgery. It’s just the way the web is built.

If I had to choose between “new cookie” that is not a bearer token but is somehow bound to session or origin and a “new cookie” that is scoped so that only scripts loaded from * can use my cookie while other scripts send unauthenticated requests, I’d choose the scoping.