Re: [TLS] One approach to rollback protection

Nico Williams <nico@cryptonector.com> Tue, 27 September 2011 00:10 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A37221F8C78 for <tls@ietfa.amsl.com>; Mon, 26 Sep 2011 17:10:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.63
X-Spam-Level:
X-Spam-Status: No, score=-2.63 tagged_above=-999 required=5 tests=[AWL=-0.653, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vjGcBiQpgx9p for <tls@ietfa.amsl.com>; Mon, 26 Sep 2011 17:10:38 -0700 (PDT)
Received: from homiemail-a72.g.dreamhost.com (caiajhbdcbhh.dreamhost.com [208.97.132.177]) by ietfa.amsl.com (Postfix) with ESMTP id B480821F8C6A for <tls@ietf.org>; Mon, 26 Sep 2011 17:10:38 -0700 (PDT)
Received: from homiemail-a72.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a72.g.dreamhost.com (Postfix) with ESMTP id A0B306B0079 for <tls@ietf.org>; Mon, 26 Sep 2011 17:13:22 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc: content-type; q=dns; s=cryptonector.com; b=xoTr2W4iZEP0elC1oZ965 tPmdkzxJrG4/s7T1kRtUkcfQKizrkeg20My3nXDSe4HP0hatNmX3PYv/tYK2Aqzv fwr/uItkS6VqG8lTK8i3PKbp4dMwzBQcio6BJRx3vF5y/XIZFuKEmzaGwvDW0Dik rIoajVeJH56Utzq1T7fdtM=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=TlJcRpzx/PfOv0u6qfUA xjRhhk4=; b=FHWgTCcKfhyj5W+3wFf2IgDbAhPPhMZwW1pFYNLu/FvaUg5/4Yok 8va1vs46x2CmLotkqPRXm1tsuldo2loRKyvdKU5cNu/0pWhUQxMhnB24SnMUv/Gz FmoEdaVZq4YOdMhKW5Z2Xbiy9CyGnFlUtMDDYZBHsDD3aOYS4GOMgNM=
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a72.g.dreamhost.com (Postfix) with ESMTPSA id 831316B0059 for <tls@ietf.org>; Mon, 26 Sep 2011 17:13:22 -0700 (PDT)
Received: by gyd12 with SMTP id 12so5812573gyd.31 for <tls@ietf.org>; Mon, 26 Sep 2011 17:13:21 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.56.225 with SMTP id d1mr33375225pbq.109.1317082401729; Mon, 26 Sep 2011 17:13:21 -0700 (PDT)
Received: by 10.68.71.138 with HTTP; Mon, 26 Sep 2011 17:13:21 -0700 (PDT)
In-Reply-To: <CABcZeBOv=P3ody+0buFEtb=384D+vfdGnEAzFYgde9HZrReiWA@mail.gmail.com>
References: <CABcZeBNFtVBh7a=j4LE73Q0c-W8KGe4aKNBVZam1qOZr=aRaRQ@mail.gmail.com> <CABcZeBOv=P3ody+0buFEtb=384D+vfdGnEAzFYgde9HZrReiWA@mail.gmail.com>
Date: Mon, 26 Sep 2011 19:13:21 -0500
Message-ID: <CAK3OfOh8ygCjbCzwDpqKrSDdZ=nMaAxt_i49-paDnpeMCfU3aQ@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset=UTF-8
Cc: tls@ietf.org
Subject: Re: [TLS] One approach to rollback protection
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2011 00:10:39 -0000

On Mon, Sep 26, 2011 at 6:53 PM, Eric Rescorla <ekr@rtfm.com>; wrote:
> P.S. Yes, I know this is a big stinking hack.

So what, we've done the same sort of thing in SSHv2.  I say go for it.

Nico
--