IETF Logo Mail Archive

Re: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv

Michael D'Errico <mike-list@pobox.com> Mon, 27 January 2014 17:22 UTC

Return-Path: <mike-list@pobox.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9A951A0141 for <tls@ietfa.amsl.com>; Mon, 27 Jan 2014 09:22:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.536
X-Spam-Level:
X-Spam-Status: No, score=-2.536 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ns_wD4b0jGsX for <tls@ietfa.amsl.com>; Mon, 27 Jan 2014 09:22:31 -0800 (PST)
Received: from sasl.smtp.pobox.com (a-pb-sasl-quonix.pobox.com [208.72.237.25]) by ietfa.amsl.com (Postfix) with ESMTP id 474901A0230 for <tls@ietf.org>; Mon, 27 Jan 2014 09:22:31 -0800 (PST)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 86B3AF080; Mon, 27 Jan 2014 12:22:28 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=eKGGLKQj6Ilk 56/FUH6o769cQvY=; b=xeT19FgFlYnJfvSCaV3bWnZmK9ZDrIZGerO7XGCkwbYK S3yRFV4GHSuo11GoAC/xhhvtnNhZHqazvrbrIINWJOfTsQ/PTLMC+4ABYYw7OqCs 44IwFDteGbFEo5o6Zq9gHMOu35lJRqt/enndsLVCJ4Yg1zAF10s9QI3PXwh5ntM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=uVI+fI zhLfcxkWLtJBNTay7c4VTKTGo3Ven4FvkGhKXQPZwgDrAYPyxzwl8FvHeHsWMlyj /jwLINA4a3WkdMVMR6qZ+6xEVu7TEd7rz1j7+Chz9MlLow+rpRvjAptHmqeNZcf+ 3rfNqMUl3xRwKiNT3taz285n7G15XnyTbA5SE=
Received: from a-pb-sasl-quonix.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 7CD76F07F; Mon, 27 Jan 2014 12:22:28 -0500 (EST)
Received: from iMac.local (unknown [24.234.153.62]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTPSA id C77EFF07E; Mon, 27 Jan 2014 12:22:26 -0500 (EST)
Message-ID: <52E695D1.5050504@pobox.com>
Date: Mon, 27 Jan 2014 09:22:25 -0800
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228)
MIME-Version: 1.0
To: Eric Rescorla <ekr@rtfm.com>
References: <CABcZeBP_-MUonYYsxgz2ZdokiEDVhx4mYq1a4BMayuGbbxb2Gg@mail.gmail.com>
In-Reply-To: <CABcZeBP_-MUonYYsxgz2ZdokiEDVhx4mYq1a4BMayuGbbxb2Gg@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: 97DED7DC-8777-11E3-A0B4-873F0E5B5709-38729857!a-pb-sasl-quonix.pobox.com
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jan 2014 17:22:33 -0000

-1

We should consider whether we can define a single SCSV that a
client issues when it thinks a server is extension intolerant.

Such an SCSV could be used in conjunction with a normal extension
used for downgrade protection, if the client gets pushed all the
way back to TLSv1.0 without extensions, or to SSLv3.

This approach could solve the problem of desiring more SCSVs in
the future.

Mike



Eric Rescorla wrote:
> WG Members,
> 
> This message is a call for acceptance of
> http://tools.ietf.org/html/draft-bmoeller-tls-downgrade-scsv-01
> 
> As a TLS WG item.
> 
> Please provide any comments on this action by Feb 7. Because
> there has been only modest discussion of this document, the
> chairs ask people who have already spoken in favor or against
> this document to re-register their opinion (feel free to just say
> +1 or -1 and point back to the archives.)
> 
> -Ekr
> [For the chairs]

v2.23.0 | Report a Bug | By Email