Re: [TLS] TLS 1.3 Problem?

Richard Barnes <rlb@ipv.sx> Mon, 28 September 2020 04:14 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6300B3A0D66 for <tls@ietfa.amsl.com>; Sun, 27 Sep 2020 21:14:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iiMt8-7E4MYx for <tls@ietfa.amsl.com>; Sun, 27 Sep 2020 21:13:59 -0700 (PDT)
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A43AA3A0D65 for <tls@ietf.org>; Sun, 27 Sep 2020 21:13:58 -0700 (PDT)
Received: by mail-qt1-x82c.google.com with SMTP id o21so6663595qtp.2 for <tls@ietf.org>; Sun, 27 Sep 2020 21:13:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2UnWGbeYbrNnuwTiOH4X1nM7jIJO46EbSV0rQdKdREI=; b=YJAi0RFI9/Rgp5LG8DKY/MbKAU0FfZG/xBjwkgAJsApFmFdffibcY2kLYAfWwjUhtk n2S93fiFrzM4u1dc6sTo/KEmGRHaX2uWMBu+t6VqPp0M62d24cc0YtLqxMGnvYBt44nw cIOG2tRD8miwCe7+dK2wo1R7ptow1ISTegPEZCVHLftXtH88KEkL5FopfYE9Tu8verHX pdlRS+He8o5v4FFEyVYE0gv/7QblQ7YtcaiZj0ftJZswXWbpRCH5SEaYo3Zrd9hJ/stM N5XTmXjksbCKSxCU5mCLuE0cNaCdwqDu5p7g8Sei5c4iomPVeTpcpacjp3yEZEnNSnEt y+gQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2UnWGbeYbrNnuwTiOH4X1nM7jIJO46EbSV0rQdKdREI=; b=YjGwo46wkeGNYVqIYBDDq9Wyz5s9yyw1soWXK+siLmbGN1cbsZRTjOd00wfjyoKBaa h2lRXQR7CBaPyfo1jViv6wEvPRmmDXEr95Vzr51QDqrHjSwgRZ55k1n7gXzsT0O9NMzh Okgy9WWKJNkzjA0McxAaoICo95ailghNcT1RUdtd6kEOUURofr9Ghflujk8AVHd5lBwk 7ySCBMN1q3aCeGTa/He2jJiVzP6OMVbZd3M6JsK4Bi/s0ILveWNK2Rt6/3AyeSQI7o7x khnWZtMWnBW7S43u3NRtQodI69cluxPhUFCZY+TkUvGfoznu2wsRM+atHnKITtoFqSYu eYjA==
X-Gm-Message-State: AOAM533J09DUUzkJSWeCDHYd+NFwrynhqAvzE+MpU6RAqwNY2BiloKlt TREYgrBbdtY+ElxBJjuumk/FpsRdnogp6JaxstPoSA==
X-Google-Smtp-Source: ABdhPJz8b/ogN7U7Y1PhwvW2k1V1fJ8i9jDwsSUisCYsI1ZE5MopLjqVoPCCprl7qTxOtXO3h5s5yz2g8t0xeL97zD0=
X-Received: by 2002:aed:2fc5:: with SMTP id m63mr10553286qtd.313.1601266437469; Sun, 27 Sep 2020 21:13:57 -0700 (PDT)
MIME-Version: 1.0
References: <0c31f2d6-5f8e-2fd6-9a1a-08b7902dd135@pobox.com> <CA+_8xu0TvfHkvL0jRsP8+fiXD=7s5CyPK31GhRv9oEnMJQsFFQ@mail.gmail.com> <76b11b36-db4e-4bac-80e0-96565013c158@www.fastmail.com>
In-Reply-To: <76b11b36-db4e-4bac-80e0-96565013c158@www.fastmail.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Mon, 28 Sep 2020 00:13:45 -0400
Message-ID: <CAL02cgRWXduuG6x-N8ZQLvP1tL_GJW8_9rwF9HguV0T2=viKQw@mail.gmail.com>
To: "Michael D'Errico" <mike-list@pobox.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000324f3a05b057e51f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/KIYocV9KeSwgDJ8_efdo8Wn0U50>
Subject: Re: [TLS] TLS 1.3 Problem?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Sep 2020 04:14:00 -0000

The client is expected to adapt its behavior based on the negotiated
version indicated in the ServerHello.  If the server selects TLS 1.2, for
example, then the client behaves as specified in RFC 5246.  This is no
different from previous version of TLS.

--Richard

On Sun, Sep 27, 2020 at 10:29 PM Michael D'Errico <mike-list@pobox.com>
wrote:

> On Sun, Sep 27, 2020, at 16:53, Ben Smyth wrote:
> > The client will reject the server's ServerHello in your example.
>
> OK, so all eggs in one basket?  I'm afraid to keep reading....
>
> Mike
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>