Re: [TLS] AES and SSLv3 (was Re: Unfortunate current practices for HTTP
Tim Dierks <tim@dierks.org> Wed, 19 January 2011 19:30 UTC
Return-Path: <tdierks@gmail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 48ECB3A71AD for <tls@core3.amsl.com>; Wed, 19 Jan 2011 11:30:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.976
X-Spam-Level:
X-Spam-Status: No, score=-2.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9c8StgL6xav3 for <tls@core3.amsl.com>; Wed, 19 Jan 2011 11:30:29 -0800 (PST)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by core3.amsl.com (Postfix) with ESMTP id 2A4DB3A71A4 for <tls@ietf.org>; Wed, 19 Jan 2011 11:30:29 -0800 (PST)
Received: by iyi42 with SMTP id 42so1221232iyi.31 for <tls@ietf.org>; Wed, 19 Jan 2011 11:33:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:from :date:x-google-sender-auth:message-id:subject:to:cc:content-type; bh=bvSmWeZMKfPhiS1+PX58JZi2JImJ7JCM/UGXi1ztQf8=; b=ScaX4GCaHFIZJ9tTPcUEpDzrNSsIn+JvCn6wVOrI7rwsZMqFq+pmhQsKHD93kmavyY psTuyy/vhu7kBXVr8X92Uv53pTVG4O1mlhk76+Dc+pYZN5cM5eyqNnZNqvcbeLgLfHBq TffUfwzFJeoQGziM6ZN7pu5CO8ANjWL0UaJ5w=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; b=CS8woIYpAZtepTOFEZAX9tI6706wwGmYRp8Npw9jkC50hVYoghP36TQN18Zb0Wk6IB ntzoFVz6ePDBfPo+J+wytT4MagfQIK6RDJUzsR2mMShKCAcewDZd03Qa1UeFuRIUXtEe jAzTPJHCw4JRT4j3Lq3RpXboen4S6I8NHfLQE=
Received: by 10.231.39.67 with SMTP id f3mr1349313ibe.42.1295465566837; Wed, 19 Jan 2011 11:32:46 -0800 (PST)
MIME-Version: 1.0
Sender: tdierks@gmail.com
Received: by 10.231.59.200 with HTTP; Wed, 19 Jan 2011 11:32:26 -0800 (PST)
In-Reply-To: <201101191907.p0JJ723Z018557@fs4113.wdf.sap.corp>
References: <AANLkTikmrBGeBESXjkdZP4D7EA6Xoa=-+XpLbz2yFkSS@mail.gmail.com> <201101191907.p0JJ723Z018557@fs4113.wdf.sap.corp>
From: Tim Dierks <tim@dierks.org>
Date: Wed, 19 Jan 2011 14:32:26 -0500
X-Google-Sender-Auth: PfTcNNSxpyVG79_6eFS8SfXgWwM
Message-ID: <AANLkTi=UNkDRGHs3n3+UP0t4iQFpVk3Y2froctzo-DOP@mail.gmail.com>
To: mrex@sap.com
Content-Type: multipart/alternative; boundary="00032557635aee1c4a049a38149c"
Cc: tls@ietf.org
Subject: Re: [TLS] AES and SSLv3 (was Re: Unfortunate current practices for HTTP
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jan 2011 19:30:30 -0000
On Wed, Jan 19, 2011 at 2:07 PM, Martin Rex <mrex@sap.com> wrote: > Tim Dierks wrote: > > > > He asserted SSL3/AES was not valid, but he didn't explain his rationale. > > > > Given that there is no standards-body ownership of SSL3, the correctness > of > > AES ciphersuites is a moot point. However, Postel's robustness principle > > would tend to indicate that when a server selects such a ciphersuite, it > > would be best for a client to play along, correct or not. I can't > > immediately see any security reason why you'd be willing to negotiate > SSL3, > > but turn up your nose at an insufficiently blessed AES ciphersuite. > > I assume you're the one listed as "Tim Dirks, Consensus Development" :) > > as (co)author on the right top here: > http://tools.ietf.org/html/rfc2246 > and potentially involved in the cipher suite interim registration here: > http://tools.ietf.org/html/draft-ietf-tls-protocol-02#page-51 "Dierks", but yes, that's no coincidence. > The definition of cipher suites in the design of SSL and TLS is > mostly orthogonal to the protocol version, and the change control > was over the cipher suite registry was undoubtedly transferred > to the TLS. If cipher suites had ever been conceived to be > protocol-version-specific, they would have partitioned the > cipher suite code points. > > Quite obviously, the cipher suite registry was _NOT_ partitioned > for TLSv1.0. cipher suites were issued with no distinction whatsoever, > so they were clearly meant to apply in a protocol-version-independent > fashion, forwards and backwards. > I think I'm in a position of authority to say that we didn't seriously consider the issue and there was no intention one way or the other about whether newly-defined ciphersuites were valid in SSLv3 or not. Overlaps needed to be excluded to avoid negotiation issues, but other than that, the issue wasn't considered. That's why I say that arguments about what is "correct" or not are really moot, because there's no actual standard that specifies one way or the other. - Tim
- [TLS] Unfortunate current practices for HTTP over… Adam Langley
- Re: [TLS] Unfortunate current practices for HTTP … Martin Rex
- Re: [TLS] Unfortunate current practices for HTTP … Michael D'Errico
- Re: [TLS] Unfortunate current practices for HTTP … Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] Unfortunate current practices for HTTP … Yngve N. Pettersen (Developer Opera Software ASA)
- [TLS] AES and SSLv3 (was Re: Unfortunate current … Michael D'Errico
- Re: [TLS] AES and SSLv3 (was Re: Unfortunate curr… Martin Rex
- Re: [TLS] AES and SSLv3 (was Re: Unfortunate curr… Wan-Teh Chang
- Re: [TLS] AES and SSLv3 (was Re: Unfortunate curr… Tim Dierks
- Re: [TLS] AES and SSLv3 (was Re: Unfortunate curr… Martin Rex
- Re: [TLS] AES and SSLv3 (was Re: Unfortunate curr… Tim Dierks
- Re: [TLS] AES and SSLv3 (was Re: Unfortunate curr… Marsh Ray
- Re: [TLS] AES and SSLv3 (was Re: Unfortunate curr… Wan-Teh Chang
- Re: [TLS] AES and SSLv3 (was Re: Unfortunate curr… Martin Rex
- Re: [TLS] AES and SSLv3 (was Re: Unfortunate curr… Martin Rex
- Re: [TLS] AES and SSLv3 (was Re: Unfortunate curr… Martin Rex