IETF Logo Mail Archive

Re: [TLS] Third Option?

Kyle Hamilton <aerowolf@gmail.com> Thu, 17 December 2009 20:43 UTC

Return-Path: <aerowolf@gmail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1C46E3A67F8 for <tls@core3.amsl.com>; Thu, 17 Dec 2009 12:43:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.582
X-Spam-Level:
X-Spam-Status: No, score=-2.582 tagged_above=-999 required=5 tests=[AWL=0.017, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dev6fa095y2A for <tls@core3.amsl.com>; Thu, 17 Dec 2009 12:43:02 -0800 (PST)
Received: from mail-px0-f171.google.com (mail-px0-f171.google.com [209.85.216.171]) by core3.amsl.com (Postfix) with ESMTP id 6D7FC3A62C1 for <tls@ietf.org>; Thu, 17 Dec 2009 12:43:02 -0800 (PST)
Received: by pxi1 with SMTP id 1so1726213pxi.29 for <tls@ietf.org>; Thu, 17 Dec 2009 12:42:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=GIiUFefxgFa+GydmYnbD2tvIMg5tt8/yybwuSEK6VV4=; b=XmQhBZinYIgJTLh++wO+oA8RoKZXeT8x03prPcPVkOFT+u0fLABahboxO5htHCu8NQ zLtu5t29uKfpnBc8PYinW7pj1eCEkODAIaA56ANOesWD6YQP9gDywoesy+zT4z3qgh8q 1nhARMq2jHgg3V7PaTT6yPScX2h3zUqY137O0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=Fwpx/YTZ29lmBliNCBhXUoq3eKYs+XKuCMVnUOZlcCGejG9dStPtT08hJdLj0b20jQ i/2NoevZ89NIzEBDaiRlRzEd40nT31Qm0hkyJPxaUcGtwtjz16uneHEVK1SgggNbbCHK v4lDIQTJS7GinLm9jY24pFmIg5L1zv+n1/ZZY=
MIME-Version: 1.0
Received: by 10.142.75.21 with SMTP id x21mr1968328wfa.150.1261082565352; Thu, 17 Dec 2009 12:42:45 -0800 (PST)
In-Reply-To: <4B29A4A4.1090106@jacaranda.org>
References: <3561bdcc0912161417j6cdcfe59l1be2131c9ec27da0@mail.gmail.com> <4B296275.8010108@extendedsubset.com> <4B29A4A4.1090106@jacaranda.org>
Date: Thu, 17 Dec 2009 12:42:45 -0800
Message-ID: <6b9359640912171242j73857862n132649c45a25e9d7@mail.gmail.com>
From: Kyle Hamilton <aerowolf@gmail.com>
To: David-Sarah Hopwood <david-sarah@jacaranda.org>
Content-Type: text/plain; charset="UTF-8"
Cc: tls@ietf.org
Subject: Re: [TLS] Third Option?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Dec 2009 20:43:03 -0000

On Wed, Dec 16, 2009 at 7:25 PM, David-Sarah Hopwood
<david-sarah@jacaranda.org> wrote:
>> In short, everyone* needs to patch and disable compatible/insecure mode
>> as soon as is practical.
>>
>> *Except those who can prove that their endpoint cannot renegotiate and
>> will never be willing to talk to a server that can possibly renegotiate.
>
> No, even those.
>
> If any server does not patch, it will soon fail to be interoperable with
> clients that require patched servers.

And if the patches to the server include patches that are not desired
by the entity running the server?  The only option then is to divert
incredible amounts of resources (especially to a tiny operation --
remember, small business accounts for 80% of economic growth in the
United States, according to the Small Business Administration) to
changing to a different server, with different code and interface
requirements.

-Kyle H

v2.23.0 | Report a Bug | By Email