Re: [TLS] AES and SSLv3 (was Re: Unfortunate current practices for HTTP
Marsh Ray <marsh@extendedsubset.com> Wed, 19 January 2011 20:21 UTC
Return-Path: <marsh@extendedsubset.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 94A6D3A7014 for <tls@core3.amsl.com>; Wed, 19 Jan 2011 12:21:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.573
X-Spam-Level:
X-Spam-Status: No, score=-2.573 tagged_above=-999 required=5 tests=[AWL=0.026, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0lmx9z-LINj8 for <tls@core3.amsl.com>; Wed, 19 Jan 2011 12:21:11 -0800 (PST)
Received: from mho-02-ewr.mailhop.org (mho-02-ewr.mailhop.org [204.13.248.72]) by core3.amsl.com (Postfix) with ESMTP id B253A3A6F18 for <tls@ietf.org>; Wed, 19 Jan 2011 12:21:11 -0800 (PST)
Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-02-ewr.mailhop.org with esmtpa (Exim 4.72) (envelope-from <marsh@extendedsubset.com>) id 1PfeZM-0009n2-9X; Wed, 19 Jan 2011 20:23:52 +0000
Received: from [192.168.1.15] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id 9EF73603D; Wed, 19 Jan 2011 20:23:50 +0000 (UTC)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 69.164.193.58
X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX182s1a51T0qEgAYoA3/NMrZLNE0qTgghgA=
Message-ID: <4D374855.20207@extendedsubset.com>
Date: Wed, 19 Jan 2011 14:23:49 -0600
From: Marsh Ray <marsh@extendedsubset.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7
MIME-Version: 1.0
To: mrex@sap.com
References: <201101191907.p0JJ723Z018557@fs4113.wdf.sap.corp>
In-Reply-To: <201101191907.p0JJ723Z018557@fs4113.wdf.sap.corp>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] AES and SSLv3 (was Re: Unfortunate current practices for HTTP
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jan 2011 20:21:12 -0000
On 01/19/2011 01:07 PM, Martin Rex wrote: > > If cipher suites had ever been conceived to be > protocol-version-specific, they would have partitioned the > cipher suite code points. > > Quite obviously, the cipher suite registry was _NOT_ partitioned > for TLSv1.0. cipher suites were issued with no distinction whatsoever, > so they were clearly meant to apply in a protocol-version-independent > fashion, forwards and backwards. +1 We have to keep in mind that SSLv3 is deprecated abandon-ware, but this premise "AES ciphers are not valid choices for SSLv3" is wrong. If the client proposes advertises a range of protocol versions and the server picks a value from that range, and if the client proposes a set of ciphersuites and the server picks a ciphersuite from that set, then interoperability should ensue. Note the similarity with the servers that fail to handshake with clients who propose extensions. "SSLv3 does not allow extensions" was the justification given that time. SSL/TLS is an extensible protocol, just because some options weren't defined at the time of the core protocol version doesn't mean they're invalid to use. The handshake negotiation was designed to allow this. The problem is that the client is in some sort of "fall back to SSLv3" heuristic mode. The reason clients are forced to do that is the occasional presence of poorly interoperating servers. The root cause is thus the poorly interoperating servers. They are the stratospheric chlorofluorocarbons catalyzing away the ozone. They do damage to the ecosystem with a large multiplier effect. The only solution is to relentlessly pursue interoperability and be diligent about providing updates. - Marsh
- [TLS] Unfortunate current practices for HTTP over… Adam Langley
- Re: [TLS] Unfortunate current practices for HTTP … Martin Rex
- Re: [TLS] Unfortunate current practices for HTTP … Michael D'Errico
- Re: [TLS] Unfortunate current practices for HTTP … Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] Unfortunate current practices for HTTP … Yngve N. Pettersen (Developer Opera Software ASA)
- [TLS] AES and SSLv3 (was Re: Unfortunate current … Michael D'Errico
- Re: [TLS] AES and SSLv3 (was Re: Unfortunate curr… Martin Rex
- Re: [TLS] AES and SSLv3 (was Re: Unfortunate curr… Wan-Teh Chang
- Re: [TLS] AES and SSLv3 (was Re: Unfortunate curr… Tim Dierks
- Re: [TLS] AES and SSLv3 (was Re: Unfortunate curr… Martin Rex
- Re: [TLS] AES and SSLv3 (was Re: Unfortunate curr… Tim Dierks
- Re: [TLS] AES and SSLv3 (was Re: Unfortunate curr… Marsh Ray
- Re: [TLS] AES and SSLv3 (was Re: Unfortunate curr… Wan-Teh Chang
- Re: [TLS] AES and SSLv3 (was Re: Unfortunate curr… Martin Rex
- Re: [TLS] AES and SSLv3 (was Re: Unfortunate curr… Martin Rex
- Re: [TLS] AES and SSLv3 (was Re: Unfortunate curr… Martin Rex