Re: [TLS] Antw: Re: Antw: Re: Suspicious behaviour of TLS server implementations
"Christian Huitema" <huitema@huitema.net> Sat, 24 September 2016 00:51 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5A3C12BEC3 for <tls@ietfa.amsl.com>; Fri, 23 Sep 2016 17:51:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.621
X-Spam-Level:
X-Spam-Status: No, score=-2.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IkW-KBVJIgHt for <tls@ietfa.amsl.com>; Fri, 23 Sep 2016 17:51:41 -0700 (PDT)
Received: from xsmtp12.mail2web.com (xsmtp12.mail2web.com [168.144.250.177]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE10C12BEC2 for <tls@ietf.org>; Fri, 23 Sep 2016 17:51:41 -0700 (PDT)
Received: from [10.5.2.52] (helo=xmail12.myhosting.com) by xsmtp12.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1bnbBo-0007iK-4z for tls@ietf.org; Fri, 23 Sep 2016 20:51:40 -0400
Received: (qmail 7063 invoked from network); 24 Sep 2016 00:51:35 -0000
Received: from unknown (HELO icebox) (Authenticated-user:_huitema@huitema.net@[24.16.156.113]) (envelope-sender <huitema@huitema.net>) by xmail12.myhosting.com (qmail-ldap-1.03) with ESMTPA for <andreas.walz@hs-offenburg.de>; 24 Sep 2016 00:51:35 -0000
From: Christian Huitema <huitema@huitema.net>
To: 'Peter Gutmann' <pgut001@cs.auckland.ac.nz>, 'Andreas Walz' <andreas.walz@hs-offenburg.de>
References: <57D2E218020000AC0011B17E@gwia2.rz.hs-offenburg.de> <20160909152901.9008C1A552@ld9781.wdf.sap.corp> <1473853106532.3256@cs.auckland.ac.nz> <57D96E34020000AC0011B73F@gwia2.rz.hs-offenburg.de> <57E25106020000AC0011BF3A@gwia2.rz.hs-offenburg.de> <CABkgnnX7X+21wjChxkW-uhd8WXAMyp5f1F74H5ja=1mui4POiQ@mail.gmail.com>, <57E272CB020000AC0011BF63@gwia2.rz.hs-offenburg.de> <1474473207998.35647@cs.auckland.ac.nz>, <57E2E068020000AC0011BFD4@gwia2.rz.hs-offenburg.de> <1474520407230.85774@cs.auckland.ac.nz>, <57E3E821020000AC0011C0DC@gwia2.rz.hs-offenburg.de> <1474619914890.15531@cs.auckland.ac.nz>
In-Reply-To: <1474619914890.15531@cs.auckland.ac.nz>
Date: Fri, 23 Sep 2016 17:51:30 -0700
Message-ID: <168501d215fd$caca2400$605e6c00$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQHHcOqJfG6OnAxDtgOCdHpIKNuETANRRt3qAh/g5EACr3X/HwHOAz/TAUSUyTsBb31GMQF2d/sxAgWA7DgCFiZhdgHu2styAs9XHpGf5X+QoA==
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/aE-4TdZK5qeyQ3DVhiR2PSQRDks>
Cc: tls@ietf.org
Subject: Re: [TLS] Antw: Re: Antw: Re: Suspicious behaviour of TLS server implementations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Sep 2016 00:51:44 -0000
On Friday, September 23, 2016 1:39 AM, Peter Gutmann wrote: > Andreas Walz <andreas.walz@hs-offenburg.de> writes: > >>However, where would you draw the line between "I can't" and "I don't want >>to"? > > It's one of those judgement-call things, I don't know if you can strictly > define it but as a rule of thumb I'd say that if you encounter it during > normal processing it's an I-can't problem while if you have to add special- > case checks to identify it and refuse to continue it's an I-don't-want-to > problem. Yes of course, but there is another aspect to it, the general health of the ecosystem. Postel's rule is nice, but it removes the pressure on broken implementations to fix their code. Pushed to the extreme, the result is a sort of protocol drift, in which buggy variants get first tolerated, and then accepted as de-facto standards. This tends to hinder future evolutions, not to mention adding complexity. We often hear that "the IETF has no protocol police," but in fact it does. Each implementation that takes a strict view of standard compliance contributes to this policing. -- Christian Huitema
- [TLS] Suspicious behaviour of TLS server implemen… Andreas Walz
- Re: [TLS] Suspicious behaviour of TLS server impl… Martin Rex
- Re: [TLS] Suspicious behaviour of TLS server impl… Martin Thomson
- [TLS] Antw: Re: Suspicious behaviour of TLS serve… Andreas Walz
- Re: [TLS] Suspicious behaviour of TLS server impl… Hubert Kario
- Re: [TLS] Suspicious behaviour of TLS server impl… Peter Gutmann
- Re: [TLS] Suspicious behaviour of TLS server impl… Andreas Walz
- Re: [TLS] Suspicious behaviour of TLS server impl… Hubert Kario
- Re: [TLS] Suspicious behaviour of TLS server impl… Andreas Walz
- Re: [TLS] Suspicious behaviour of TLS server impl… Martin Thomson
- Re: [TLS] Suspicious behaviour of TLS server impl… Andreas Walz
- Re: [TLS] Suspicious behaviour of TLS server impl… Hubert Kario
- Re: [TLS] Suspicious behaviour of TLS server impl… Peter Gutmann
- Re: [TLS] Suspicious behaviour of TLS server impl… Ilari Liusvaara
- [TLS] Antw: Re: Suspicious behaviour of TLS serve… Andreas Walz
- Re: [TLS] Suspicious behaviour of TLS server impl… Martin Thomson
- Re: [TLS] Antw: Re: Suspicious behaviour of TLS s… Peter Gutmann
- Re: [TLS] Suspicious behaviour of TLS server impl… Peter Gutmann
- Re: [TLS] Suspicious behaviour of TLS server impl… Yoav Nir
- Re: [TLS] Suspicious behaviour of TLS server impl… Ilari Liusvaara
- Re: [TLS] Suspicious behaviour of TLS server impl… Hubert Kario
- [TLS] Antw: Re: Antw: Re: Suspicious behaviour of… Andreas Walz
- Re: [TLS] Antw: Re: Antw: Re: Suspicious behaviou… Viktor Dukhovni
- Re: [TLS] Antw: Re: Antw: Re: Suspicious behaviou… Martin Thomson
- Re: [TLS] Suspicious behaviour of TLS server impl… Peter Gutmann
- Re: [TLS] Suspicious behaviour of TLS server impl… Peter Gutmann
- Re: [TLS] Antw: Re: Antw: Re: Suspicious behaviou… Peter Gutmann
- Re: [TLS] Antw: Re: Antw: Re: Suspicious behaviou… Hubert Kario
- Re: [TLS] Antw: Re: Antw: Re: Suspicious behaviou… Christian Huitema
- Re: [TLS] Antw: Re: Antw: Re: Suspicious behaviou… Andrei Popov