RE: [TLS] TLS 1.2 draft (issue #25 about SSLv2 Hello)

<Pasi.Eronen@nokia.com> Tue, 06 March 2007 12:12 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HOYWZ-0001bB-DT; Tue, 06 Mar 2007 07:12:11 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HOYWY-0001b4-0a for tls@ietf.org; Tue, 06 Mar 2007 07:12:10 -0500
Received: from smtp.nokia.com ([131.228.20.173] helo=mgw-ext14.nokia.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HOYWW-00005r-63 for tls@ietf.org; Tue, 06 Mar 2007 07:12:09 -0500
Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com [172.21.138.213]) by mgw-ext14.nokia.com (Switch-3.2.5/Switch-3.2.5) with ESMTP id l26CC3nB009229 for <tls@ietf.org>; Tue, 6 Mar 2007 14:12:05 +0200
Received: from esebh104.NOE.Nokia.com ([172.21.143.34]) by esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 6 Mar 2007 14:11:55 +0200
Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebh104.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 6 Mar 2007 14:11:55 +0200
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [TLS] TLS 1.2 draft (issue #25 about SSLv2 Hello)
Date: Tue, 6 Mar 2007 14:11:48 +0200
Message-ID: <B356D8F434D20B40A8CEDAEC305A1F2403DB550F@esebe105.NOE.Nokia.com>
In-Reply-To: <20070305054158.3A09C1CC24@delta.rtfm.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] TLS 1.2 draft (issue #25 about SSLv2 Hello)
Thread-Index: Acde6aPXa9gfhM4rSYiB8Xy/ZQde+QA/bFUQ
References: <20070305054158.3A09C1CC24@delta.rtfm.com>
From: <Pasi.Eronen@nokia.com>
To: <tls@ietf.org>
X-OriginalArrivalTime: 06 Mar 2007 12:11:55.0663 (UTC) FILETIME=[A1E661F0:01C75FE8]
X-eXpurgate-Category: 1/0
X-eXpurgate-ID: 149371::070306141205-232F0BB0-3EAB7CD5/0-0/0-0
X-Nokia-AV: Clean
X-Spam-Score: 0.2 (/)
X-Scan-Signature: bb8f917bb6b8da28fc948aeffb74aa17
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

> Cleaned up backward compatibility text [issue 25]

This text (in E.2) still needs some cleaning. Currently
it says:

   challenge_length
       The length in bytes of the client's challenge to the server to
       authenticate itself. Historically, permissible values are between
       16 and 32 bytes inclusive. When using the SSLv2 backward
       compatible handshake the client MUST use a 32-byte challenge.
[...]
   challenge
       Corresponds to ClientHello.random. If the challenge length is
       less than 32, the TLS server will pad the data with leading
       (note: not trailing) zero bytes to make it 32 bytes long.

Which is not exactly consistent: if the challenge length MUST be 32
bytes, it can't be less than 32 bytes.

It was also noted that for historical and/or compatibility reasons,
many existing browsers (e.g. Opera, IE6, FireFox 1.5) use 16-byte
challenges:

http://www1.ietf.org/mail-archive/web/tls/current/msg00985.html

My proposal (in the mail linked above) was to to change this to "The
length of the challenge field in bytes; MUST be between 16 and 32
(inclusive)."

Comments? (At the very least, the text needs to be internally
consistent. Preferably it should also promote real-world
interoperability and reflect what implementations are expected to do.)

Best regards,
Pasi

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls