Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis (Martin Rex) Thu, 27 November 2014 23:41 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 783631A026F for <>; Thu, 27 Nov 2014 15:41:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.551
X-Spam-Status: No, score=-6.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id v17RZLWbq7Hy for <>; Thu, 27 Nov 2014 15:41:11 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CD63D1A0264 for <>; Thu, 27 Nov 2014 15:41:10 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CDBC43A0EB; Fri, 28 Nov 2014 00:41:08 +0100 (CET)
Received: from ( []) by (Postfix) with ESMTP id C1DC142A80; Fri, 28 Nov 2014 00:41:08 +0100 (CET)
Received: by (Postfix, from userid 10159) id B8FA91B01C; Fri, 28 Nov 2014 00:41:08 +0100 (CET)
In-Reply-To: <>
To: Stephen Checkoway <>
Date: Fri, 28 Nov 2014 00:41:08 +0100
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <>
Cc: " (" <>
Subject: Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 27 Nov 2014 23:41:12 -0000

Stephen Checkoway wrote:
> Martin Rex <> wrote:
>> So any *new* document should advise implementors to remove any such
>> erroneous and counterproductive "same algorithm checks" that might
>> accidentally got implemented by an unexperienced implementor who didn't
>> realize that this must be a defect in the spec and is backwards-incompatible
>> to SSLv3.
> It makes sense that a new document shouldn't mandate unnecessarily
> restrictive behavior.

Such a restriction would be in direct conflict with rfc2109 section 6.

The original wording can be seen as a may "unless otherwise specified",
because it comes entirely without rationale, without any indication why
this would be a problem and with no security consideration whatsoever.

> SSLv3 compatibility isn't high on my list of concerns though.
> I know you disagree, but we should stop using SSLv3 for all
> of the reasons specified in draft-thomson-sslv3-diediedie.

This is only relevant when looking at that statement from a viewpoint
of formal correctness of an implementor, who might have been reading
at rfc2246 in Summer 1999, when pretty much the entire installed
base was SSLv3-capable.

This wording, if it was meant to be real, would have required
a TLSv1.0 server implementation to negotiate SSLv3 (and not be allowed
to use TLSv1.0) if the server cert did not fulfil that requirement.

Such a "requirement", especially when it comes entirely without rationale,
is clearly bogus and void.