Re: [TLS] no fallbacks please [was: Downgrade protection, fallbacks, and server time]
Xiaoyin Liu <xiaoyin.l@outlook.com> Fri, 03 June 2016 11:39 UTC
Return-Path: <xiaoyin.l@outlook.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B19112D117 for <tls@ietfa.amsl.com>; Fri, 3 Jun 2016 04:39:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.617
X-Spam-Level:
X-Spam-Status: No, score=-2.617 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 77vT--v3k47G for <tls@ietfa.amsl.com>; Fri, 3 Jun 2016 04:39:07 -0700 (PDT)
Received: from BAY004-OMC3S23.hotmail.com (bay004-omc3s23.hotmail.com [65.54.190.161]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B21C012D118 for <tls@ietf.org>; Fri, 3 Jun 2016 04:39:07 -0700 (PDT)
Received: from BAY180-W68 ([65.54.190.188]) by BAY004-OMC3S23.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Fri, 3 Jun 2016 04:39:07 -0700
X-TMN: [P6aUwcGu7jKa8pWqQbRNYnOF/ajouuK/]
X-Originating-Email: [xiaoyin.l@outlook.com]
Message-ID: <BAY180-W68FF19FBD2693E92433679FF590@phx.gbl>
Content-Type: multipart/alternative; boundary="_1720e5eb-c277-4f85-bd49-62b3fcd9a573_"
From: Xiaoyin Liu <xiaoyin.l@outlook.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>, "tls@ietf.org" <tls@ietf.org>
Date: Fri, 03 Jun 2016 07:39:06 -0400
Importance: Normal
In-Reply-To: <20160603083354.GA5321@LK-Perkele-V2.elisa-laajakaista.fi>
References: <CAF8qwaDuGyHOu_4kpWN+c+vJKXyERPJu-2xR+nu=sPzG5vZ+ag@mail.gmail.com>, <CAF8qwaASpH3Fapo61TDBuF35++GyMbZa4c-9Uy-JZ8CKywpAFw@mail.gmail.com>, <CABkgnnXs5UBPZRzPoyiVs1R7arBcPV7WuEY692SHkj=doW6bwQ@mail.gmail.com>, <201606030017.20760.davemgarrett@gmail.com>, <1464935854.2843.10.camel@redhat.com>, <20160603083354.GA5321@LK-Perkele-V2.elisa-laajakaista.fi>
MIME-Version: 1.0
X-OriginalArrivalTime: 03 Jun 2016 11:39:07.0414 (UTC) FILETIME=[89B92B60:01D1BD8C]
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/_RVOcm39R0iGveB9OGjEWuyEoYU>
Subject: Re: [TLS] no fallbacks please [was: Downgrade protection, fallbacks, and server time]
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jun 2016 11:39:12 -0000
> Date: Fri, 3 Jun 2016 11:33:54 +0300 > From: ilariliusvaara@welho.com > To: tls@ietf.org > Subject: Re: [TLS] no fallbacks please [was: Downgrade protection, fallbacks, and server time] > > On Fri, Jun 03, 2016 at 08:37:34AM +0200, Nikos Mavrogiannopoulos wrote: > > > A simpler proposal is: > > Consider TLS 1.3 as a feature, and negotiate it using an empty > > extension. If the extension is present a server assumes TLS 1.3. > > Well, AFAIK, in current editor's draft, key_share or pre_shared_key > is always present and none are meaningful in TLS.1.2. But they cannot be used to distinguish TLS 1.3 with any future versions, if these two extensions still exist in TLS 1.4, 1.5, ... . Best,Xiaoyin
- Re: [TLS] Downgrade protection, fallbacks, and se… David Benjamin
- Re: [TLS] Downgrade protection, fallbacks, and se… Martin Rex
- [TLS] Downgrade protection, fallbacks, and server… David Benjamin
- Re: [TLS] Downgrade protection, fallbacks, and se… Eric Rescorla
- Re: [TLS] Downgrade protection, fallbacks, and se… David Benjamin
- Re: [TLS] Downgrade protection, fallbacks, and se… Eric Rescorla
- Re: [TLS] Downgrade protection, fallbacks, and se… Martin Thomson
- [TLS] no fallbacks please [was: Downgrade protect… Nikos Mavrogiannopoulos
- Re: [TLS] no fallbacks please [was: Downgrade pro… Yoav Nir
- Re: [TLS] Downgrade protection, fallbacks, and se… Hubert Kario
- Re: [TLS] no fallbacks please [was: Downgrade pro… Hubert Kario
- Re: [TLS] Downgrade protection, fallbacks, and se… David Benjamin
- Re: [TLS] Downgrade protection, fallbacks, and se… Viktor Dukhovni
- Re: [TLS] no fallbacks please [was: Downgrade pro… David Benjamin
- Re: [TLS] Downgrade protection, fallbacks, and se… David Benjamin
- Re: [TLS] Downgrade protection, fallbacks, and se… Hubert Kario
- Re: [TLS] no fallbacks please [was: Downgrade pro… David Benjamin
- Re: [TLS] Downgrade protection, fallbacks, and se… David Benjamin
- Re: [TLS] no fallbacks please [was: Downgrade pro… Hubert Kario
- Re: [TLS] no fallbacks please [was: Downgrade pro… Hubert Kario
- Re: [TLS] Downgrade protection, fallbacks, and se… Viktor Dukhovni
- Re: [TLS] no fallbacks please [was: Downgrade pro… Martin Thomson
- Re: [TLS] no fallbacks please [was: Downgrade pro… Dave Garrett
- Re: [TLS] no fallbacks please [was: Downgrade pro… Nikos Mavrogiannopoulos
- Re: [TLS] no fallbacks please [was: Downgrade pro… Ilari Liusvaara
- Re: [TLS] no fallbacks please [was: Downgrade pro… Hubert Kario
- Re: [TLS] no fallbacks please [was: Downgrade pro… Xiaoyin Liu
- Re: [TLS] no fallbacks please [was: Downgrade pro… Hubert Kario
- Re: [TLS] no fallbacks please [was: Downgrade pro… Eric Rescorla
- Re: [TLS] no fallbacks please [was: Downgrade pro… Andrei Popov
- Re: [TLS] no fallbacks please [was: Downgrade pro… Eric Rescorla
- Re: [TLS] no fallbacks please [was: Downgrade pro… Viktor Dukhovni
- Re: [TLS] no fallbacks please [was: Downgrade pro… David Benjamin
- Re: [TLS] no fallbacks please [was: Downgrade pro… Dave Garrett
- Re: [TLS] no fallbacks please [was: Downgrade pro… Bill Frantz
- Re: [TLS] Downgrade protection, fallbacks, and se… Yaron Sheffer
- Re: [TLS] Downgrade protection, fallbacks, and se… Stefan Winter
- Re: [TLS] no fallbacks please [was: Downgrade pro… Hubert Kario
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Peter Gutmann
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Peter Gutmann
- Re: [TLS] no fallbacks please [was: Downgrade pro… Dave Garrett
- Re: [TLS] no fallbacks please [was: Downgrade pro… Jeffrey Walton
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Peter Gutmann
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Kyle Rose
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Hubert Kario
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Yoav Nir
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Salz, Rich
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Yoav Nir
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Hubert Kario
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Yoav Nir
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … David Benjamin
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Andrei Popov
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Yuhong Bao
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Dave Garrett
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Hubert Kario
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Hubert Kario
- Re: [TLS] [FORGED] Re: no fallbacks please [was: … Nikos Mavrogiannopoulos
- Re: [TLS] no fallbacks please [was: Downgrade pro… Tony Arcieri