Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id 8B9F6129556
 for <tls@ietfa.amsl.com>; Wed, 16 Nov 2016 23:15:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7]
 autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
 header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id jAgPBwJAYS7d for <tls@ietfa.amsl.com>;
 Wed, 16 Nov 2016 23:15:20 -0800 (PST)
Received: from mail-yw0-x22a.google.com (mail-yw0-x22a.google.com
 [IPv6:2607:f8b0:4002:c05::22a])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id 6950D1294AE
 for <tls@ietf.org>; Wed, 16 Nov 2016 23:15:20 -0800 (PST)
Received: by mail-yw0-x22a.google.com with SMTP id t125so147593791ywc.1
 for <tls@ietf.org>; Wed, 16 Nov 2016 23:15:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=rtfm-com.20150623.gappssmtp.com; s=20150623;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=Ys/bRxQQAHjsYcQ1GVvDgSvxj5MRxdS6PdDowbRghFM=;
 b=EFjHfHx5GK/bqdreO5GVwvL0SnEjPXRQA6uC02hPzLKgXtwLw4nJmNhrXLoJkJPQ9u
 nfKRB/PmdpxX0x7tuPJ0NoD8s0yE38BrepKfMxITCvgXrNJcu79NC612hA/M+AFqup+k
 7yOk3shlRjvgidGfowSopIXYtFfigJS4rNUQ7MNxRKf6fHKAGe38on24G8luWv66Lzmq
 oayebV7fV5rGzCgDqgonaKpLwoDeZrTUoucBvwWdQfKt7bGegPFeLLSpY5Dv2Y7S/IX5
 sRve03h/2elVDWAbpZd4kjouyY+NGmIj589bsQwnv4eL62Op1y+kYMc1azDpS5ASgmmI
 5XaA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=Ys/bRxQQAHjsYcQ1GVvDgSvxj5MRxdS6PdDowbRghFM=;
 b=daeOxo5NwEhjBntGtkfKGIKaJXcx6EKF/4nnI+fDDffxSYxpwZXlENS6TG9kNHzsyD
 Ud2mpFABVCJWuym6MndiEUlwZF++A9WkYpP3cdrPuOrlCljqK+ktW+YaJvaN3Zxg1DAm
 S30+aJorD9VCWBsrzpIU1/YrkIaAxJMLMotaSeAvxJskfwQgaV/0BLE3n4WhLSddeJdN
 cFLq03NZMMVNpd8R5bTX5azwx6eyIm7UrOIdleEm2MjtDTt9eLdGlJ3LkO/2Azt2lkqU
 g8hwY/MA7/0iy76P0L4MFHXZlGRlne7FXjfl/BZO66XlNRCeWt/y8ZLSIQNzeSMgJE6X
 5Ubw==
X-Gm-Message-State: ABUngvf1UNM0vUD63bnqNsJvazLXs9E9uOTIv+MepNWj8KMVI3zrn7Zqat8ndTpxAzCMBMXV4+wwYhN79RxzUA==
X-Received: by 10.129.125.215 with SMTP id y206mr1410115ywc.234.1479366919761; 
 Wed, 16 Nov 2016 23:15:19 -0800 (PST)
MIME-Version: 1.0
Received: by 10.129.159.141 with HTTP; Wed, 16 Nov 2016 23:14:39 -0800 (PST)
In-Reply-To: <8C67E8BB-B230-4C84-A890-C57614FF8A46@esat.kuleuven.be>
References: <2d2ba626-0b5d-590f-efb7-e4ad30b5608b@esat.kuleuven.be>
 <201611081626.03635.davemgarrett@gmail.com>
 <8C67E8BB-B230-4C84-A890-C57614FF8A46@esat.kuleuven.be>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 17 Nov 2016 16:14:39 +0900
Message-ID: <CABcZeBNHCxyUfvT2G1LMuQqYQGZttpGoz+DNEJj7Do4ie0=9Xg@mail.gmail.com>
To: Roel Peeters <roel.peeters@esat.kuleuven.be>
Content-Type: multipart/alternative; boundary=001a11492dfabee41b054179f360
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/fuOwoiYx22mBu9JmUioK3y15gqE>
Cc: Jens Hermans <Jens.Hermans@esat.kuleuven.be>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] COSIC's look on TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
 group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
 <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
 <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Nov 2016 07:15:23 -0000

--001a11492dfabee41b054179f360
Content-Type: text/plain; charset=UTF-8

This paragraph refers to the anti-downgrade mechanism described in 4.1.3.

-Ekr


On Wed, Nov 9, 2016 at 6:56 AM, Roel Peeters <roel.peeters@esat.kuleuven.be>
wrote:

> Hi Dave,
>
> We are wondering because of this piece of text from the RFC EDITOR just
> above paragraph 4.1.4 on Hello Retry Request:
>
> RFC EDITOR: PLEASE REMOVE THE FOLLOWING PARAGRAPH Implementations of draft
> versions (see Section 4.2.1.1) of this specification SHOULD NOT implement
> this mechanism on either client and server. A pre-RFC client connecting to
> RFC servers, or vice versa, will appear to downgrade to TLS 1.2. With the
> mechanism enabled, this will cause an interoperability failure.
> Best,
> Roel
>
> On 8 Nov 2016, at 22:26, Dave Garrett <davemgarrett@gmail.com> wrote:
>
> On Tuesday, November 08, 2016 09:55:36 am Roel Peeters wrote:
>
> we are also wondering whether or not the Hello Retry Request will be
> included or omitted in the standard. Leaving it out will make TLS 1.3
> vulnerable again to downgrade attacks ...
>
>
> Why are you wondering about this? HRR is in the specification and there
> has been no discussion to remove it.
>
>
> Dave
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>

--001a11492dfabee41b054179f360
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">This paragraph refers to the anti-downgrade mechanism desc=
ribed in 4.1.3.<div><br></div><div>-Ekr</div><div><br></div><div class=3D"g=
mail_extra"><br><div class=3D"gmail_quote">On Wed, Nov 9, 2016 at 6:56 AM, =
Roel Peeters <span dir=3D"ltr">&lt;<a href=3D"mailto:roel.peeters@esat.kule=
uven.be" target=3D"_blank">roel.peeters@esat.kuleuven.be</a><wbr>&gt;</span=
> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bo=
rder-left:1px #ccc solid;padding-left:1ex"><div style=3D"word-wrap:break-wo=
rd"><p id=3D"m_-2041757525079643111m_1426703244980873732rfc.section.4.1.3.p=
.8">Hi Dave,</p><p id=3D"m_-2041757525079643111m_1426703244980873732rfc.sec=
tion.4.1.3.p.8">We are wondering because of this piece of text from the RFC=
 EDITOR just above paragraph 4.1.4 on Hello Retry Request:</p><p id=3D"m_-2=
041757525079643111m_1426703244980873732rfc.section.4.1.3.p.8">RFC EDITOR: P=
LEASE REMOVE THE FOLLOWING PARAGRAPH Implementations of draft versions (see=
 Section 4.2.1.1)
 of this specification SHOULD NOT implement this mechanism on either=20
client and server.  A pre-RFC client connecting to RFC servers, or vice=20
versa, will appear to downgrade to TLS 1.2. With the mechanism enabled,=20
this will cause an interoperability failure.</p><div>Best,</div><div>Roel</=
div><span><div><br></div><div><blockquote type=3D"cite"><div>On 8 Nov 2016,=
 at 22:26, Dave Garrett &lt;<a href=3D"mailto:davemgarrett@gmail.com" targe=
t=3D"_blank">davemgarrett@gmail.com</a>&gt; wrote:</div><br class=3D"m_-204=
1757525079643111m_1426703244980873732Apple-interchange-newline"><div><div>O=
n Tuesday, November 08, 2016 09:55:36 am Roel Peeters wrote:<br><blockquote=
 type=3D"cite">we are also wondering whether or not the Hello Retry Request=
 will be<br>included or omitted in the standard. Leaving it out will make T=
LS 1.3<br>vulnerable again to downgrade attacks ...<br></blockquote><br>Why=
 are you wondering about this? HRR is in the specification and there has be=
en no discussion to remove it.<br><br><br>Dave<br></div></div></blockquote>=
</div><br></span></div><br>______________________________<wbr>_____________=
____<br>
TLS mailing list<br>
<a href=3D"mailto:TLS@ietf.org" target=3D"_blank">TLS@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/tls" rel=3D"noreferrer" ta=
rget=3D"_blank">https://www.ietf.org/mailman/l<wbr>istinfo/tls</a><br>
<br></blockquote></div><br></div></div>

--001a11492dfabee41b054179f360--