Re: [TLS] Third Option?
Marsh Ray <marsh@extendedsubset.com> Thu, 17 December 2009 05:13 UTC
Return-Path: <marsh@extendedsubset.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D5D2E3A68F1 for <tls@core3.amsl.com>; Wed, 16 Dec 2009 21:13:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.591
X-Spam-Level:
X-Spam-Status: No, score=-2.591 tagged_above=-999 required=5 tests=[AWL=0.008, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qTOoga-4yR7X for <tls@core3.amsl.com>; Wed, 16 Dec 2009 21:13:29 -0800 (PST)
Received: from mho-01-ewr.mailhop.org (mho-01-ewr.mailhop.org [204.13.248.71]) by core3.amsl.com (Postfix) with ESMTP id 5B05E3A6924 for <tls@ietf.org>; Wed, 16 Dec 2009 21:13:28 -0800 (PST)
Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-01-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from <marsh@extendedsubset.com>) id 1NL8fp-0002xx-Si; Thu, 17 Dec 2009 05:13:13 +0000
Received: from [127.0.0.1] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id 313F86678; Thu, 17 Dec 2009 05:13:12 +0000 (UTC)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 69.164.193.58
X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX1/8bbN1kU+QeT2DAqOOAq0pHlptgu1/dM4=
Message-ID: <4B29BDE7.4020305@extendedsubset.com>
Date: Wed, 16 Dec 2009 23:13:11 -0600
From: Marsh Ray <marsh@extendedsubset.com>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: David-Sarah Hopwood <david-sarah@jacaranda.org>, "tls@ietf.org" <tls@ietf.org>
References: <3561bdcc0912161417j6cdcfe59l1be2131c9ec27da0@mail.gmail.com> <4B296275.8010108@extendedsubset.com> <4B29A4A4.1090106@jacaranda.org>
In-Reply-To: <4B29A4A4.1090106@jacaranda.org>
X-Enigmail-Version: 0.96.0
OpenPGP: id=1E36DBF2
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] Third Option?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Dec 2009 05:13:32 -0000
David-Sarah Hopwood wrote: > Marsh Ray wrote: >> In short, everyone* needs to patch and disable compatible/insecure mode >> as soon as is practical. >> >> *Except those who can prove that their endpoint cannot renegotiate and >> will never be willing to talk to a server that can possibly renegotiate. > > No, even those. > > If any server does not patch, it will soon fail to be interoperable with > clients that require patched servers. Good point. But they would not be insecure, just non-interoperable. Which is probably better than being insecure in the long run. So every interoperable system has just has to patch, which is basically all of them. It's simply not practical to offer guidelines for who doesn't need to patch. - Marsh
- [TLS] Third Option? Ravi Ganesan
- Re: [TLS] Third Option? Marsh Ray
- [TLS] Third Option? Ravi Ganesan
- Re: [TLS] Third Option? David-Sarah Hopwood
- Re: [TLS] Third Option? Marsh Ray
- Re: [TLS] Third Option? Yoav Nir
- Re: [TLS] Third Option? Martin Rex
- Re: [TLS] Third Option? Stefan Santesson
- Re: [TLS] Third Option? Kyle Hamilton
- Re: [TLS] Third Option? David-Sarah Hopwood