IETF Logo Mail Archive

Re: [TLS] checking on an scsv point

Martin Thomson <martin.thomson@gmail.com> Wed, 18 February 2015 00:36 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7391E1A882B for <tls@ietfa.amsl.com>; Tue, 17 Feb 2015 16:36:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d1OkDb27-zBA for <tls@ietfa.amsl.com>; Tue, 17 Feb 2015 16:36:18 -0800 (PST)
Received: from mail-ob0-x229.google.com (mail-ob0-x229.google.com [IPv6:2607:f8b0:4003:c01::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1C591A1B0A for <tls@ietf.org>; Tue, 17 Feb 2015 16:36:18 -0800 (PST)
Received: by mail-ob0-f169.google.com with SMTP id wp4so59786987obc.0 for <tls@ietf.org>; Tue, 17 Feb 2015 16:36:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=n2taThQKDoZPBC3QWiUXlPN4hIGb/XaknSzMtu+AhNk=; b=c8s0AHHxIGeNWPb2cP6hQYVSgA08iCnHgTtVgNnvvpH0ftRYv2YsQ+r0YDVo2LPEsx FuyjfD6TWjZptZZq/K2iVwQhybiyfj4jSFYXETdsOKgi+3oVBI5OZ2yjE9Zw/JhycDha eIy3HY4QMTJ8zpiRX5gjssiQKbzl3AZtgfMQN9OxA+SmUQRDPLVmEXDkEiDCtdjqYDU1 V26FKmcDWuaN3KDtCoh7iNRbBPw2oPzb1JE9K/QyTtG9uTlSNL1z5ZimOd5VJDhlHrkZ Egq1q3ociHE5AwoG1gXaC5wuwkZH4qgp/oE6+hffP6gwx6CXuJwX7mRwRdFoWyW84KTK 2K3g==
MIME-Version: 1.0
X-Received: by 10.182.249.102 with SMTP id yt6mr12655165obc.30.1424219778015; Tue, 17 Feb 2015 16:36:18 -0800 (PST)
Received: by 10.202.225.135 with HTTP; Tue, 17 Feb 2015 16:36:17 -0800 (PST)
In-Reply-To: <20150218001606.735991B1B1@ld9781.wdf.sap.corp>
References: <CALuAYvYZut20D=73f58RL+mykR_r5kQAqYKeoubH2i6dipDrAw@mail.gmail.com> <20150218001606.735991B1B1@ld9781.wdf.sap.corp>
Date: Wed, 18 Feb 2015 11:36:17 +1100
Message-ID: <CABkgnnX2TCAJuGM6oNtp0fhiq=7GSUX_-UOcEfugPj6JbpbFGA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: "mrex@sap.com" <mrex@sap.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/MjUKWyv_kHunpkGKQ7u-9ZcX7cU>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] checking on an scsv point
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Feb 2015 00:36:20 -0000

On 18 February 2015 at 11:16, Martin Rex <mrex@sap.com> wrote:
>> Yes, this will break (probably most) early adopters,
>
> In which way does it "break" early adopters.

I suspect that not generating the alert will cause early adopters to
fall back more.  If a long series of fallbacks resets any fallback
state before failing completely (like Firefox), then that's not a
terminal condition.  In fact, it produces the same net result, albeit
more slowly, for those.  Not sure about other implementations though.

David's concern about burying the original reason doesn't bother me
much, but it does apply.

v2.23.0 | Report a Bug | By Email