Re: [TLS] Renego Indication RI patch interaction with TLS major version interop
Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 17 June 2010 06:48 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 813103A69BD for <tls@core3.amsl.com>; Wed, 16 Jun 2010 23:48:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.97
X-Spam-Level:
X-Spam-Status: No, score=-0.97 tagged_above=-999 required=5 tests=[AWL=-0.230, BAYES_20=-0.74]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4ugJ-bk27iZH for <tls@core3.amsl.com>; Wed, 16 Jun 2010 23:48:41 -0700 (PDT)
Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) by core3.amsl.com (Postfix) with ESMTP id 3E3513A67CC for <tls@ietf.org>; Wed, 16 Jun 2010 23:48:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1276757327; x=1308293327; h=from:to:subject:cc:in-reply-to:message-id:date; z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz> |To:=20brian@briansmith.org,=20marsh@extendedsubset.com |Subject:=20Re:=20[TLS]=20Renego=20Indication=20RI=20patc h=20interaction=20with=20TLS=20major=20version=09interop |Cc:=20tls@ietf.org|In-Reply-To:=20<005101cb0caa$46166ec0 $d2434c40$@briansmith.org>|Message-Id:=20<E1OP8tc-0002iZ- 3i@wintermute02.cs.auckland.ac.nz>|Date:=20Thu,=2017=20Ju n=202010=2018:48:16=20+1200; bh=8K+xrSI+KHm0FKmMh1on8AKAxGCDNSU34CLGMkI0FK8=; b=nup95X11LRivwZVSQxg+vaok655XHLDo1nN54lUyXDx84ICipgaRiQjU Cp/O6Wy5G/LtgoArFBZrSNiucdNfIQI6w0Y2y1/XxP2JR4jhTJ5b8ny4D n8+qIhSbXKgNHGYd+VSCsIeS0gvqZaqXgRVBUOjpfT5DQxK0kWVi9H2bV Y=;
X-IronPort-AV: E=Sophos;i="4.53,430,1272801600"; d="scan'208";a="11539069"
X-Ironport-HAT: UNIVERSITY - $RELAY-THROTTLE
X-Ironport-Source: 130.216.207.92 - Outgoing - Outgoing
Received: from wintermute02.cs.auckland.ac.nz ([130.216.207.92]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 17 Jun 2010 18:48:16 +1200
Received: from pgut001 by wintermute02.cs.auckland.ac.nz with local (Exim 4.69) (envelope-from <pgut001@cs.auckland.ac.nz>) id 1OP8tc-0002iZ-3i; Thu, 17 Jun 2010 18:48:16 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: brian@briansmith.org, marsh@extendedsubset.com
In-Reply-To: <005101cb0caa$46166ec0$d2434c40$@briansmith.org>
Message-Id: <E1OP8tc-0002iZ-3i@wintermute02.cs.auckland.ac.nz>
Date: Thu, 17 Jun 2010 18:48:16 +1200
Cc: tls@ietf.org
Subject: Re: [TLS] Renego Indication RI patch interaction with TLS major version interop
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jun 2010 06:48:42 -0000
"Brian Smith" <brian@briansmith.org> writes: >NSS has an explicit check that the first byte of every version number is >0x03. I imagine other implementations have a similar check. I do that too, and it's quite deliberate, we've been using 3.x for 15-odd years and there's no sign, even with major incompatible protocol revisions, that we're going to 4.x at any point. Any change to 4.x is therefore going to either never happen or will be something so major, probably a complete break of the entire protocol, that I want to force users to upgrade to a completely new release. >His test would probably be much more successful if he used 0x03FF as the >version number. That's the other thing, if 4.x does ever appear then servers can use the SSH 2.x trick of advertising version 'next-version - 1' (in SSH it was 1.99, in TLS it'd presumably be 3.255 or at least 3.99) to indicate a backwards and forwards-compatible server. Peter.
- [TLS] Renego Indication RI patch interaction with… Marsh Ray
- Re: [TLS] Renego Indication RI patch interaction … Brian Smith
- Re: [TLS] Renego Indication RI patch interaction … Michael D'Errico
- Re: [TLS] Renego Indication RI patch interaction … Marsh Ray
- Re: [TLS] Renego Indication RI patch interaction … Simon Josefsson
- Re: [TLS] Renego Indication RI patch interaction … Adam Langley
- Re: [TLS] Renego Indication RI patch interaction … Simon Josefsson
- Re: [TLS] Renego Indication RI patch interaction … Brian Smith
- Re: [TLS] Renego Indication RI patch interaction … Marsh Ray
- Re: [TLS] Renego Indication RI patch interaction … Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] Renego Indication RI patch interaction … Martin Rex
- Re: [TLS] Renego Indication RI patch interaction … Michael D'Errico
- Re: [TLS] Renego Indication RI patch interaction … Martin Rex
- Re: [TLS] Renego Indication RI patch interaction … Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] Renego Indication RI patch interaction … Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] Renego Indication RI patch interaction … Ivan Ristic
- Re: [TLS] Renego Indication RI patch interaction … Peter Gutmann
- Re: [TLS] Renego Indication RI patch interaction … Peter Gutmann
- Re: [TLS] Version (in)tolerance Marsh Ray
- Re: [TLS] Version (in)tolerance Peter Gutmann
- Re: [TLS] Version (in)tolerance Marsh Ray
- Re: [TLS] Version (in)tolerance Martin Rex
- Re: [TLS] Version (in)tolerance Marsh Ray