Re: [TLS] supported_versions question

Matt Caswell <frodo@baggins.org> Tue, 01 November 2016 00:06 UTC

Return-Path: <frodo@baggins.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC828129C01 for <tls@ietfa.amsl.com>; Mon, 31 Oct 2016 17:06:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0q6blaPSL4zd for <tls@ietfa.amsl.com>; Mon, 31 Oct 2016 17:06:03 -0700 (PDT)
Received: from mx496502.smtp-engine.com (mx496502.smtp-engine.com [IPv6:2001:8d8:968:7d00::19:7e53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F0E4129BFC for <tls@ietf.org>; Mon, 31 Oct 2016 17:06:03 -0700 (PDT)
Received: from mail-qk0-f179.google.com (mail-qk0-f179.google.com [209.85.220.179]) by mx496502.smtp-engine.com (Postfix) with ESMTPSA id A40BDAD5 for <tls@ietf.org>; Tue, 1 Nov 2016 00:06:01 +0000 (GMT)
Received: by mail-qk0-f179.google.com with SMTP id v138so91272944qka.0 for <tls@ietf.org>; Mon, 31 Oct 2016 17:06:01 -0700 (PDT)
X-Gm-Message-State: ABUngvcUHcVcxhtL+GoSFAOREVgdecicmoa0MOLQ8ib1fbC6jaH6kht+fPPEdI94V7SL2kVbhqP/a6avKSqMow==
X-Received: by 10.55.27.226 with SMTP id m95mr29943391qkh.143.1477958760217; Mon, 31 Oct 2016 17:06:00 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.200.34.61 with HTTP; Mon, 31 Oct 2016 17:05:59 -0700 (PDT)
In-Reply-To: <201610311953.25606.davemgarrett@gmail.com>
References: <CAMoSCWaVJy9f6NFy1Msc1_VSDxRFM2pruhecWb+22N4ct-t0+g@mail.gmail.com> <CAF8qwaAEfa2V4g+fqG0we+cer5PPrgA3jLQZbJfvq5dKTvs_-A@mail.gmail.com> <CAMoSCWaFUXYB6NFaJ0rpYY8Nk7XMUtW5+9J_i_6MdDm0F=-r9g@mail.gmail.com> <201610311953.25606.davemgarrett@gmail.com>
From: Matt Caswell <frodo@baggins.org>
Date: Tue, 1 Nov 2016 00:05:59 +0000
X-Gmail-Original-Message-ID: <CAMoSCWbz8yhs5LMDfD1Hoc94s95a6JcRVmdeKnHeFWp9LdjFfA@mail.gmail.com>
Message-ID: <CAMoSCWbz8yhs5LMDfD1Hoc94s95a6JcRVmdeKnHeFWp9LdjFfA@mail.gmail.com>
To: Dave Garrett <davemgarrett@gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/UKC2E1hXBWUD6CbG83honBl8KVE>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] supported_versions question
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2016 00:06:04 -0000

On 31/10/16 23:53, Dave Garrett wrote:
>> I came up with some alternative wording that I think captures the discussion:
>>
>> https://github.com/tlswg/tls13-spec/pull/748
>
> I see no reason to require servers to validate the legacy version value. That's just excess complexity. If the extension is there, then it should take absolute precedence. If not, use the old system. Nothing will have a higher value there except old probers.

If legacy_version == 0x0302 (TLS1.1), but highest supported_version is
0x0303 (TLS1.2) - or vice versa, which client_version should be used
in an RSA key exchange calculation?

Matt