Re: [TLS] Next steps for draft-agl-tls-padding

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 08 April 2014 15:48 UTC

Message-ID: <53441A51.2080800@fifthhorseman.net>
Date: Tue, 08 Apr 2014 11:48:33 -0400
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.3.0
MIME-Version: 1.0
To: Watson Ladd <watsonbladd@gmail.com>, Martin Thomson <martin.thomson@gmail.com>
References: <cf049a7104934cc7a4bddced33cd00a2@BL2PR03MB419.namprd03.prod.outlook.com> <20140107201722.ECDA01AB93@ld9781.wdf.sap.corp> <CAL9PXLzawuetexEvU5PECUwuuiLvq5T0bxnhiky3cevQpetjNQ@mail.gmail.com> <CABcZeBNMAB40p+zxTGh354MCtEu+TbikS4w=C0SDyHNCdu=djw@mail.gmail.com> <CAK6vND_4umziyfG=XWe37tUmv=ahVP08jFX+YrgaSG+_THFWUA@mail.gmail.com> <5341EFA4.7070808@brainhub.org> <CABkgnnXMHTW2cfeFgYoO1Ui_PgBeDgMMaG+hco7MXi5qnEHD+g@mail.gmail.com> <CACsn0cnzMs9t0bDii+JxnBOs43rG6Hhs=F4kHP27S32s4X=Vxw@mail.gmail.com>
In-Reply-To: <CACsn0cnzMs9t0bDii+JxnBOs43rG6Hhs=F4kHP27S32s4X=Vxw@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="wP7gTh5pkdabgSdVGSCfOEAvbbLdnk0eM"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/JrL8yDMg8vto-fkLU2DfPMnAjyg
Cc: tls@ietf.org
Subject: Re: [TLS] Next steps for draft-agl-tls-padding
Precedence: list

On 04/07/2014 01:40 PM, Watson Ladd wrote:
> I read the F5 explaination. It's worth keeping it around so in the future,
> when tempted to upgrade a binary protocol we ask the guy proposing the
> upgrade how to distinguish old and new.
> 
> In particular,  tossing it down the memory hole out of misguided
> professional courtesy would probably mean making the same mistake in the
> future.
> 
> In particular treating this extension's proper use as something to be
> passed on by word of mouth hurts new implementors who don't know the magic
> number. Embarrassment for F5 is nowhere near as serious.

I agree with Watson here.  Including some variant of Xiaoyong Wu's
explanation [0] in the padding draft would be useful for future
implementers.  The global network *does* still have SSLv2 endpoints on
it, and they connect to and listen on ports that SSLv3/TLSv1.{0,1,2}
peers also use.

I think Xiaoyong and F5 have done us all a favor by making this
situation clear.  This shouldn't be considered an embarrassment for them.

	--dkg

[0] https://www.ietf.org/mail-archive/web/tls/current/msg10423.html

Attachment: signature.asc

[TLS] Next steps for draft-agl-tls-padding Eric Rescorla
Re: [TLS] Next steps for draft-agl-tls-padding Russ Housley
Re: [TLS] Next steps for draft-agl-tls-padding Watson Ladd
Re: [TLS] Next steps for draft-agl-tls-padding Daniel Kahn Gillmor
Re: [TLS] Next steps for draft-agl-tls-padding Andrei Popov
Re: [TLS] Next steps for draft-agl-tls-padding Martin Rex
Re: [TLS] Next steps for draft-agl-tls-padding Adam Langley
Re: [TLS] Next steps for draft-agl-tls-padding Eric Rescorla
Re: [TLS] Next steps for draft-agl-tls-padding Peter Bowen
Re: [TLS] Next steps for draft-agl-tls-padding Peter Gutmann
Re: [TLS] Next steps for draft-agl-tls-padding Watson Ladd
Re: [TLS] Next steps for draft-agl-tls-padding Ilari Liusvaara
Re: [TLS] Next steps for draft-agl-tls-padding Watson Ladd
Re: [TLS] Next steps for draft-agl-tls-padding Ilari Liusvaara
Re: [TLS] Next steps for draft-agl-tls-padding Andrey Jivsov
Re: [TLS] Next steps for draft-agl-tls-padding Martin Thomson
Re: [TLS] Next steps for draft-agl-tls-padding Manuel Pégourié-Gonnard
Re: [TLS] Next steps for draft-agl-tls-padding Watson Ladd
Re: [TLS] Next steps for draft-agl-tls-padding Andrey Jivsov
Re: [TLS] Next steps for draft-agl-tls-padding Daniel Kahn Gillmor
Re: [TLS] Next steps for draft-agl-tls-padding Peter Bowen

Re: [TLS] Next steps for draft-agl-tls-padding

Attachment: signature.asc