Re: [TLS] Confirming consensus: TLS1.3->TLS*

Ilari Liusvaara <ilariliusvaara@welho.com> Sat, 19 November 2016 06:27 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AB3812978B for <tls@ietfa.amsl.com>; Fri, 18 Nov 2016 22:27:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.397
X-Spam-Level:
X-Spam-Status: No, score=-3.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-1.497] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KvjS4xX3h5wR for <tls@ietfa.amsl.com>; Fri, 18 Nov 2016 22:27:32 -0800 (PST)
Received: from welho-filter4.welho.com (welho-filter4.welho.com [83.102.41.26]) by ietfa.amsl.com (Postfix) with ESMTP id 91FE812957E for <tls@ietf.org>; Fri, 18 Nov 2016 22:27:32 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter4.welho.com (Postfix) with ESMTP id ADBBE170A0; Sat, 19 Nov 2016 08:27:30 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter4.welho.com [::ffff:83.102.41.26]) (amavisd-new, port 10024) with ESMTP id cv-fxCXmXXz7; Sat, 19 Nov 2016 08:27:30 +0200 (EET)
Received: from LK-Perkele-V2 (87-92-51-204.bb.dnainternet.fi [87.92.51.204]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 630D02310; Sat, 19 Nov 2016 08:27:30 +0200 (EET)
Date: Sat, 19 Nov 2016 08:27:25 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Message-ID: <20161119062725.GA30600@LK-Perkele-V2.elisa-laajakaista.fi>
References: <CF83FAD0-B337-4F9E-A80B-2BAA6826BF41@sn3rd.com> <20161118121909.GA28464@LK-Perkele-V2.elisa-laajakaista.fi> <1479474222033.25911@cs.auckland.ac.nz> <20161118154043.GA28666@LK-Perkele-V2.elisa-laajakaista.fi> <1479523253827.80996@cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <1479523253827.80996@cs.auckland.ac.nz>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/dtXOZAtDQV8svuHwcv7-Itgo-TA>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Nov 2016 06:27:34 -0000

On Sat, Nov 19, 2016 at 02:41:04AM +0000, Peter Gutmann wrote:
> Replying to several messages at once to save space:
> 
> Ilari Liusvaara:
> 
> >One can downnegotiate TLS 1.3 to TLS 1.2.
> 
> Ah, you're obviously a fan of Steve Wozniak humour.  When someone asked him
> whether it was possible to upgrade from an Apple II+ to an Apple IIe, he
> similarly said "yes, you unplug the power cable from the II+, throw it away,
> and plug the IIe into the newly-vacated power cable".

Nope, I was referring to the very technical property that if client sends
a TLS 1.3 handshake, a TLS 1.2 server can still successfully interop,
provoded that the client does TLS 1.2 too (which I think every TLS client
known to support TLS 1.3 except Picotls does).

The last major version bump, SSLv2->SSLv3, this was NOT true. SSLv2
server would barf upon receiving SSLv3 client hello (TLS 1.0 was
clearly "SSL v3.1" internally).

And folks could think that kind of downnegotiation wasn't the case
given major version bump. Such would cause confusion much much worse
than confusing the ordering of TLS and SSL versions.


-Ilari