IETF Logo Mail Archive

Re: [TLS] PR for anti-downgrade mechanism

Karthikeyan Bhargavan <karthik.bhargavan@gmail.com> Fri, 09 October 2015 13:09 UTC

Return-Path: <karthik.bhargavan@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 169481B3CD7 for <tls@ietfa.amsl.com>; Fri, 9 Oct 2015 06:09:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.65
X-Spam-Level:
X-Spam-Status: No, score=-1.65 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HELO_EQ_FR=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9KZdofZYux8O for <tls@ietfa.amsl.com>; Fri, 9 Oct 2015 06:09:40 -0700 (PDT)
Received: from mail-wi0-x230.google.com (mail-wi0-x230.google.com [IPv6:2a00:1450:400c:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 982101B3C92 for <tls@ietf.org>; Fri, 9 Oct 2015 06:09:39 -0700 (PDT)
Received: by wiclk2 with SMTP id lk2so69919728wic.0 for <tls@ietf.org>; Fri, 09 Oct 2015 06:09:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=LUmkiyGDhLPDvXhanbJcMEvOOh5Y73OfV1tS94oZYWE=; b=umrsHhV8b2oUEd7urQQ5j90Jygr9k8yKk0E28aLkVPjL4rfLm+EYKURavLeTOOdl5f GembjUZ4YlMfFxG5mfiIi1SXe3afQqU3db5T7IIDLAYTJpkDh+Bt60FPTc/OMVmQxiHR +tV0YtpY98EeC9PZzqKu+my2DA4CTjOsgEXw1v0apNgcQE0JifxhojioMLlgobVFHJ+6 482t29xQIIBdW5M6cYVeoyUvu6f443WPxpYJ0B9OiDJIHIFf3XNiufvwQk12if/LvHYM sa4L2fsQDJn1aEquzNOIHw0veFUgnt1ceG4k/Lmftap8MS8hDl5Id2hsRWKC06sGLkX8 12Sg==
X-Received: by 10.194.204.195 with SMTP id la3mr13990630wjc.77.1444396178138; Fri, 09 Oct 2015 06:09:38 -0700 (PDT)
Received: from wifi-auth-191208.inria.fr (wifi-auth-191208.inria.fr. [128.93.191.208]) by smtp.gmail.com with ESMTPSA id he3sm2019292wjc.48.2015.10.09.06.09.37 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 09 Oct 2015 06:09:37 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
In-Reply-To: <op.x58o56lr3dfyax@lessa>
Date: Fri, 09 Oct 2015 15:09:36 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <2A91A065-3F7C-4DB7-81E7-BD5A2A4FA794@gmail.com>
References: <CABcZeBOB9mnQ8bLOCSysnx9LMv0hxrPCA21jTnxAMb3Yom_Aow@mail.gmail.com> <B6621FBD-8C45-43CC-96BB-FD71F279E339@gmail.com> <op.x58o56lr3dfyax@lessa>
To: "Yngve N. Pettersen" <yngve@spec-work.net>
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/gGOX0doDugYG-gE0NhOOy3mCo58>
Cc: tls@ietf.org
Subject: Re: [TLS] PR for anti-downgrade mechanism
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Oct 2015 13:09:41 -0000

> For reference, the version field in the TLS premaster secret is not checked by many servers, IIRC some of them have large market shares.

That’s good to know. It would be tempting to recommend that TLS 1.3 servers disable RSA (encryption) ciphersuites for all protocol versions, but I guess this is not likely to happen for backwards compatibility reasons?

> 
> -- 
> Sincerely,
> Yngve N. Pettersen
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email