RE: [TLS] TLS 1.2 draft (issue #25 about SSLv2 Hello)
<Pasi.Eronen@nokia.com> Tue, 06 March 2007 12:12 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HOYWZ-0001bB-DT; Tue, 06 Mar 2007 07:12:11 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HOYWY-0001b4-0a for tls@ietf.org; Tue, 06 Mar 2007 07:12:10 -0500
Received: from smtp.nokia.com ([131.228.20.173] helo=mgw-ext14.nokia.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HOYWW-00005r-63 for tls@ietf.org; Tue, 06 Mar 2007 07:12:09 -0500
Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com [172.21.138.213]) by mgw-ext14.nokia.com (Switch-3.2.5/Switch-3.2.5) with ESMTP id l26CC3nB009229 for <tls@ietf.org>; Tue, 6 Mar 2007 14:12:05 +0200
Received: from esebh104.NOE.Nokia.com ([172.21.143.34]) by esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 6 Mar 2007 14:11:55 +0200
Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebh104.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 6 Mar 2007 14:11:55 +0200
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [TLS] TLS 1.2 draft (issue #25 about SSLv2 Hello)
Date: Tue, 06 Mar 2007 14:11:48 +0200
Message-ID: <B356D8F434D20B40A8CEDAEC305A1F2403DB550F@esebe105.NOE.Nokia.com>
In-Reply-To: <20070305054158.3A09C1CC24@delta.rtfm.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] TLS 1.2 draft (issue #25 about SSLv2 Hello)
Thread-Index: Acde6aPXa9gfhM4rSYiB8Xy/ZQde+QA/bFUQ
References: <20070305054158.3A09C1CC24@delta.rtfm.com>
From: Pasi.Eronen@nokia.com
To: tls@ietf.org
X-OriginalArrivalTime: 06 Mar 2007 12:11:55.0663 (UTC) FILETIME=[A1E661F0:01C75FE8]
X-eXpurgate-Category: 1/0
X-eXpurgate-ID: 149371::070306141205-232F0BB0-3EAB7CD5/0-0/0-0
X-Nokia-AV: Clean
X-Spam-Score: 0.2 (/)
X-Scan-Signature: bb8f917bb6b8da28fc948aeffb74aa17
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
> Cleaned up backward compatibility text [issue 25]
This text (in E.2) still needs some cleaning. Currently
it says:
challenge_length
The length in bytes of the client's challenge to the server to
authenticate itself. Historically, permissible values are between
16 and 32 bytes inclusive. When using the SSLv2 backward
compatible handshake the client MUST use a 32-byte challenge.
[...]
challenge
Corresponds to ClientHello.random. If the challenge length is
less than 32, the TLS server will pad the data with leading
(note: not trailing) zero bytes to make it 32 bytes long.
Which is not exactly consistent: if the challenge length MUST be 32
bytes, it can't be less than 32 bytes.
It was also noted that for historical and/or compatibility reasons,
many existing browsers (e.g. Opera, IE6, FireFox 1.5) use 16-byte
challenges:
http://www1.ietf.org/mail-archive/web/tls/current/msg00985.html
My proposal (in the mail linked above) was to to change this to "The
length of the challenge field in bytes; MUST be between 16 and 32
(inclusive)."
Comments? (At the very least, the text needs to be internally
consistent. Preferably it should also promote real-world
interoperability and reflect what implementations are expected to do.)
Best regards,
Pasi
_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls
- [TLS] TLS 1.2 draft EKR
- Re: [TLS] TLS 1.2 draft Nelson B Bolyard
- Re: [TLS] TLS 1.2 draft EKR
- Re: [TLS] TLS 1.2 draft Nelson B Bolyard
- [TLS] Re: TLS 1.2 draft Simon Josefsson
- RE: [TLS] TLS 1.2 draft (issue #25 about SSLv2 He… Pasi.Eronen
- Re: [TLS] TLS 1.2 draft (issue #25 about SSLv2 He… Mike
- Re: [TLS] TLS 1.2 draft (issue #25 about SSLv2 He… EKR
- Re: [TLS] Re: TLS 1.2 draft Wan-Teh Chang
- Re: [TLS] TLS 1.2 draft Martin Rex
- Re: [TLS] TLS 1.2 draft EKR
- Re: [TLS] TLS 1.2 draft Martin Rex
- Re: [TLS] TLS 1.2 draft Eric Rescorla
- Re: [TLS] TLS 1.2 draft Dr Stephen Henson
- Re: [TLS] Re: TLS 1.2 draft Dr Stephen Henson
- [TLS] Re: TLS 1.2 draft Simon Josefsson
- Re: [TLS] Re: TLS 1.2 draft Steven M. Bellovin
- RE: [TLS] TLS 1.2 draft Pasi.Eronen
- RE: [TLS] Re: TLS 1.2 draft Pasi.Eronen
- Re: [TLS] Re: TLS 1.2 draft Martin Rex
- RE: [TLS] Re: TLS 1.2 draft Pasi.Eronen
- RE: [TLS] TLS 1.2 draft (issue #25 about SSLv2 He… Pasi.Eronen
- Re: [TLS] Re: TLS 1.2 draft Wan-Teh Chang
- [TLS] Re: TLS 1.2 draft EKR