IETF Logo Mail Archive

[TLS] draft-thomson-tls-snip-01

Martin Thomson <mt@lowentropy.net> Mon, 04 January 2021 06:45 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDECC3A16F1 for <tls@ietfa.amsl.com>; Sun, 3 Jan 2021 22:45:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.22
X-Spam-Level:
X-Spam-Status: No, score=-0.22 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=S+ITnEty; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=VAW0S3QB
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0jqBmZ-6u72s for <tls@ietfa.amsl.com>; Sun, 3 Jan 2021 22:45:25 -0800 (PST)
Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFEC73A16F0 for <tls@ietf.org>; Sun, 3 Jan 2021 22:45:25 -0800 (PST)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id F2C3A18F7 for <tls@ietf.org>; Mon, 4 Jan 2021 01:45:23 -0500 (EST)
Received: from imap10 ([10.202.2.60]) by compute1.internal (MEProxy); Mon, 04 Jan 2021 01:45:24 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:date:from:to:subject:content-type; s= fm1; bh=i7u3LTsvkDXeIG7x2n+JkJTG6/2HraRFh/6p63qvHxg=; b=S+ITnEty lbJYYGRgrkOTEMSsgAdHx9/ofepu3dHWw6KAS0EiiHC8uLXPcQapUDJSG1XnD/Gs FCE/RA0iuimHlu8lZXI37gSSSO5eh4W8RKiCUO6JzVRvpqQJcCRiJkHqCM6fLiIX L4zo/sHhTNUV25gGorCBYtKgdX9IBm1URK2RIOE6rwQVCmy5/2daxhnLd7EBS1bE 2R6p6/ZWbPbJLt5aUgx91K3Su9k+buwHTKooQn6X/K5ZGXwCeYpR0l1Ppb81rBvF 02TZqmC2Dy4EWvhKyearHbIuTy3h+/eSLnLTBbnSCVXlGdshxTyHX4/bq6LilgiP NbeJGiHYKOxJLQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=i7u3LTsvkDXeIG7x2n+JkJTG6/2Hr aRFh/6p63qvHxg=; b=VAW0S3QBoIhVqnGoS/iL9b4VWPhhVTlbcLiXI1JCVh9ff zixiJsIcZN2LfF8rPF5pc/dVakEhwghWGiPoMohiuUH9oB/BEUEVvyJvDAf7AtZg horm2Z2a6WnvyjTZN0sWt50CveHPQuJ2ikueu0oBJACtcz2rFW7R4fhSE2vxJkaB RusCA2ME+ZkZ1iyUB1fGNzZ+czf+GYXjFRjTZy2gskM+yz6In/ULWvydUbJIffUz qEn8ic9T54B+oARWw2oyxF0s629aXYGO60bJeqnru7lOuJ+cC+pU3N2P1yZAIoVY ytlY2VYcRpN3yWGHu3+gL2ybg9IHmjCoXRa3h6jzQ==
X-ME-Sender: <xms:g7nyX7ZB-3uJmhuntXxc1OreyDyo9o2gdXrllAsNHkvilx_s3rc-GQ> <xme:g7nyX6aawjZN7W0DpLvD-ulpr-92dZVtLnzBZZOMKE0xN5S7u149HRR9GKbAjlwTX vQKCPKVQe8M-EO6rak>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrvdefvddgleelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfffhffvufgtsehttdertd erredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigv nhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpefgheeigefgieelkefhtdfhtd ffgeejffdvkedufffgledtudejhfeiiefhhfevgeenucffohhmrghinhepihgvthhfrdho rhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmh htsehlohifvghnthhrohhphidrnhgvth
X-ME-Proxy: <xmx:g7nyX99UNaSFsU6Pp5DSLkcOwEb9QfAqI8QgbezON3x1N6B5NqCOOQ> <xmx:g7nyXxrpbLniBk_-wNuDBfHnglOLqDoulAhRZ6R-yaKF0FpjvLLJKQ> <xmx:g7nyX2pgCHlmzdKiPxVGWBetsFcGlhLmZ0CywUV4ZMYN7eQk6VGItQ> <xmx:g7nyXz3t0R6qMmdhq7t-kuZaarjJ21t14pVnEwr6NZIyPqQSYLrzIg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 36F4920121; Mon, 4 Jan 2021 01:45:23 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.1-61-gb52c239-fm-20201210.001-gb52c2396
Mime-Version: 1.0
Message-Id: <3408a291-92b5-43f3-8295-eea5e5d22a19@www.fastmail.com>
Date: Mon, 04 Jan 2021 17:45:03 +1100
From: Martin Thomson <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/h8YImeQdnmZUzObc0Vnbbg2dWMI>
Subject: [TLS] draft-thomson-tls-snip-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jan 2021 06:45:28 -0000

Hi all,

I've refreshed this draft:

https://datatracker.ietf.org/doc/draft-thomson-tls-snip/

Synopsis: This describes a method for protecting against downgrade attack when protocols are in some way incompatible such that ALPN cannot provide that protection.

This revision is an attempt to more fully and clearly describe how this works.  I'm still not entirely happy with how this explains itself, but it should be marginally clearer now.

Cheers,
Martin

v2.23.0 | Report a Bug | By Email