Re: [TLS] I-D Action: draft-ietf-tls-downgrade-scsv-03.txt

Martin Thomson <> Tue, 16 December 2014 00:49 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 956801A6ED8 for <>; Mon, 15 Dec 2014 16:49:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bavzhLG8_o00 for <>; Mon, 15 Dec 2014 16:48:59 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4003:c01::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3ACCF1A0364 for <>; Mon, 15 Dec 2014 16:48:59 -0800 (PST)
Received: by with SMTP id gq1so20585425obb.9 for <>; Mon, 15 Dec 2014 16:48:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=12U/T2blHTq7zEkWan+9B6BIt9Y9zdY5NL9KkkehChw=; b=yekdfBp5yUG3su34mmWDyux2Hq49EuZ6ZRGlgXYM1ZR/SJjd3n8jGGTPy5xDrRoUvf Grd7CRxuUkH40UShyg6QIG0x3Z0K34YD/HY2V4xUqKqCGyYXZLXKdWDKot3g8AY/W+7S CDGcDjcmZQ252mbl6Yi3bfQNXu2kh1l/Xn2Na/YbpzwlBuIY6bK/ACSBXVKgxKD3E1op 1hvq4hxOWpk8/8t9gBikIstmLRqjD8/mJJDTnAu21Sx1u8nYVjuBmYE7Ruu+L0czcsQC uu5cyrNRDLLXjArQPx6Nj1J6v2jEMdm6S+sqTj8eH2O0NlsuNEWhVYEHzVuRwyjeOXkF AXVw==
MIME-Version: 1.0
X-Received: by with SMTP id g10mr20656392obd.85.1418690938550; Mon, 15 Dec 2014 16:48:58 -0800 (PST)
Received: by with HTTP; Mon, 15 Dec 2014 16:48:58 -0800 (PST)
In-Reply-To: <>
References: <> <> <>
Date: Mon, 15 Dec 2014 16:48:58 -0800
Message-ID: <>
From: Martin Thomson <>
Content-Type: text/plain; charset="UTF-8"
Cc: "" <>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-downgrade-scsv-03.txt
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 16 Dec 2014 00:49:00 -0000

On 15 December 2014 at 16:42, Jeffrey Walton <> wrote:
> If browsers and other software want to downgrade in an insecure
> fashion, then they are on their own. Don't placate them in their
> efforts and weaken the system for everyone else.

That's kinda the point of the draft.  Let the server know so it has a
choice in the matter.

Browsers, as clients, have a choice about what TLS version they are
willing to tolerate.  With fallback, they signal that they are willing
to speak to servers and only opportunistically reach the highest
common version.  That's weaker than the guarantee that TLS can
provide, but it is their choice to do that.  You can (and have) noted
that this has drawbacks and maybe jump up and down in the hopes that
this will change something.  But it's not like the choice is made in a

Personally, I'm more concerned about the use of CBC modes than I am
about version downgrades in the current environment.