IETF Logo Mail Archive

Re: [TLS] Prohibiting SSL 3.0

Watson Ladd <watsonbladd@gmail.com> Fri, 31 October 2014 14:39 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32B5F1A9039 for <tls@ietfa.amsl.com>; Fri, 31 Oct 2014 07:39:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G77WP7St_cCZ for <tls@ietfa.amsl.com>; Fri, 31 Oct 2014 07:39:12 -0700 (PDT)
Received: from mail-yh0-x22f.google.com (mail-yh0-x22f.google.com [IPv6:2607:f8b0:4002:c01::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC60F1A8AA9 for <tls@ietf.org>; Fri, 31 Oct 2014 07:39:11 -0700 (PDT)
Received: by mail-yh0-f47.google.com with SMTP id i57so2745040yha.20 for <tls@ietf.org>; Fri, 31 Oct 2014 07:39:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=LYPQKPofLkRhhacaSU7t6YnEZ3IOwbulAn7LNuco8qY=; b=hFYtPnR+osfGiT3YzdLq0J+2hymXSKxpNxZnZRO/TlMs/bIv+phhBnHjnpen/J3Rnx zbmogbZYGtZY5bwxDCXOL0PNur9itLSvceq51vdZvNQxO0FppnFjOVvgmxgbl+bSyewH wGzxesiD56zepLmN/J5KbRQd0cjmqBh2zyP1hiHHX17H4cq4Sj1MwvL7GQ3ZILXS2N62 HFGh5GqKnRA3rM9sZYUeXMn+N7Xf2azpZNZ5vNsAVLXN0PxA5Z1kwkTQhfQ1tpKRnhzt 5WsgL1b+Y6hO8NA6yU/H9mglFLhJiPSB/nES/eQB3ikWYFltlPhuKj7ZLSWCP6p5sdYo tWWA==
MIME-Version: 1.0
X-Received: by 10.236.30.197 with SMTP id k45mr9495161yha.163.1414766351245; Fri, 31 Oct 2014 07:39:11 -0700 (PDT)
Received: by 10.170.195.149 with HTTP; Fri, 31 Oct 2014 07:39:11 -0700 (PDT)
In-Reply-To: <CADMpkcLsxQibzuY4hZcswzEGv8qzrM7jT4_91KhSqgu3QD=yiQ@mail.gmail.com>
References: <BLU177-W4981235CC3AA2325B8CC01C39F0@phx.gbl> <20141031010310.2F9631AF6E@ld9781.wdf.sap.corp> <CACsn0cn0CFxt-tnnkTr8OF41uLxx8SGTNM8yK90SUiJDPgcN_Q@mail.gmail.com> <CADMpkc+sBA8X4XodX2S_S4jTkpixzJfQ82UKUQyF-_fHG5Vqrg@mail.gmail.com> <CACsn0c=3RFSRAbw5tvgK+WwPwXFc6n59nr+yWdfxWJbc9m0CVQ@mail.gmail.com> <CADMpkcLsxQibzuY4hZcswzEGv8qzrM7jT4_91KhSqgu3QD=yiQ@mail.gmail.com>
Date: Fri, 31 Oct 2014 07:39:11 -0700
Message-ID: <CACsn0c=7V8WTYAxsgFJ1zeXquAyAsMezV0+eXNOXdWgsMs+Xtg@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Bodo Moeller <bmoeller@acm.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/QRnoYX7k0m9edkkFEIWBnz1ukNw
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Prohibiting SSL 3.0
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Oct 2014 14:39:14 -0000

On Fri, Oct 31, 2014 at 7:24 AM, Bodo Moeller <bmoeller@acm.org> wrote:
> Watson Ladd <watsonbladd@gmail.com>:
>
>> You're understating the degree of knowledge at the time,
>
>
> I don't think so. My intent was to highlight the difference between "known
> at the time" and "widely known among experts at the time". As I pointed out,
> you didn't have to be a biology major at the time to miss the ("known")
> problems.

Are you suggesting that Rogaway was the only person who knew that
Encrypt then MAC was correct? I'd have to do a fairly extensive
archive crawl, but I highly doubt this: mathematicians are good at
communicating. In fact, I think most if not all of the researchers in
the field would have known this. But it's very hard to go back and
check.

>
>> The question is not why SSL v3 got it wrong. The question is why we
>> didn't get it right a few years later
>
>
> These both are (different) questions. I had commented on your comments on
> the former.
>
> Bodo
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin

v2.23.0 | Report a Bug | By Email