Re: [TLS] no fallbacks please [was: Downgrade protection, fallbacks, and server time]

Xiaoyin Liu <xiaoyin.l@outlook.com> Fri, 03 June 2016 11:39 UTC

Return-Path: <xiaoyin.l@outlook.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B19112D117 for <tls@ietfa.amsl.com>; Fri, 3 Jun 2016 04:39:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.617
X-Spam-Level:
X-Spam-Status: No, score=-2.617 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 77vT--v3k47G for <tls@ietfa.amsl.com>; Fri, 3 Jun 2016 04:39:07 -0700 (PDT)
Received: from BAY004-OMC3S23.hotmail.com (bay004-omc3s23.hotmail.com [65.54.190.161]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B21C012D118 for <tls@ietf.org>; Fri, 3 Jun 2016 04:39:07 -0700 (PDT)
Received: from BAY180-W68 ([65.54.190.188]) by BAY004-OMC3S23.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Fri, 3 Jun 2016 04:39:07 -0700
X-TMN: [P6aUwcGu7jKa8pWqQbRNYnOF/ajouuK/]
X-Originating-Email: [xiaoyin.l@outlook.com]
Message-ID: <BAY180-W68FF19FBD2693E92433679FF590@phx.gbl>
Content-Type: multipart/alternative; boundary="_1720e5eb-c277-4f85-bd49-62b3fcd9a573_"
From: Xiaoyin Liu <xiaoyin.l@outlook.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>, "tls@ietf.org" <tls@ietf.org>
Date: Fri, 3 Jun 2016 07:39:06 -0400
Importance: Normal
In-Reply-To: <20160603083354.GA5321@LK-Perkele-V2.elisa-laajakaista.fi>
References: <CAF8qwaDuGyHOu_4kpWN+c+vJKXyERPJu-2xR+nu=sPzG5vZ+ag@mail.gmail.com>, <CAF8qwaASpH3Fapo61TDBuF35++GyMbZa4c-9Uy-JZ8CKywpAFw@mail.gmail.com>, <CABkgnnXs5UBPZRzPoyiVs1R7arBcPV7WuEY692SHkj=doW6bwQ@mail.gmail.com>, <201606030017.20760.davemgarrett@gmail.com>, <1464935854.2843.10.camel@redhat.com>, <20160603083354.GA5321@LK-Perkele-V2.elisa-laajakaista.fi>
MIME-Version: 1.0
X-OriginalArrivalTime: 03 Jun 2016 11:39:07.0414 (UTC) FILETIME=[89B92B60:01D1BD8C]
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/_RVOcm39R0iGveB9OGjEWuyEoYU>
Subject: Re: [TLS] no fallbacks please [was: Downgrade protection, fallbacks, and server time]
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jun 2016 11:39:12 -0000

> Date: Fri, 3 Jun 2016 11:33:54 +0300
> From: ilariliusvaara@welho.com
> To: tls@ietf.org
> Subject: Re: [TLS] no fallbacks please [was: Downgrade protection, fallbacks, and server time]
> 
> On Fri, Jun 03, 2016 at 08:37:34AM +0200, Nikos Mavrogiannopoulos wrote:
> 
> > A simpler proposal is:
> > Consider TLS 1.3 as a feature, and negotiate it using an empty
> > extension. If the extension is present a server assumes TLS 1.3.
> 
> Well, AFAIK, in current editor's draft, key_share or pre_shared_key
> is always present and none are meaningful in TLS.1.2.
But they cannot be used to distinguish TLS 1.3 with any future versions, if these two extensions still exist in TLS 1.4, 1.5, ... .
Best,Xiaoyin