Re: [TLS] Prohibiting SSL 3.0
Bodo Moeller <bmoeller@acm.org> Fri, 31 October 2014 13:15 UTC
Return-Path: <SRS0=EU1W=7W=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE3291A0029 for <tls@ietfa.amsl.com>; Fri, 31 Oct 2014 06:15:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.762
X-Spam-Level: *
X-Spam-Status: No, score=1.762 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cvV-HjWdTeuW for <tls@ietfa.amsl.com>; Fri, 31 Oct 2014 06:15:38 -0700 (PDT)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D16F21A001B for <tls@ietf.org>; Fri, 31 Oct 2014 06:15:37 -0700 (PDT)
Received: from mail-yh0-f54.google.com (mail-yh0-f54.google.com [209.85.213.54]) by mrelayeu.kundenserver.de (node=mreue101) with ESMTP (Nemesis) id 0MQNoq-1XenAx15tE-00TjfR; Fri, 31 Oct 2014 14:15:35 +0100
Received: by mail-yh0-f54.google.com with SMTP id 29so2852974yhl.41 for <tls@ietf.org>; Fri, 31 Oct 2014 06:15:33 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.236.220.97 with SMTP id n91mr13664338yhp.127.1414761333992; Fri, 31 Oct 2014 06:15:33 -0700 (PDT)
Received: by 10.170.99.4 with HTTP; Fri, 31 Oct 2014 06:15:33 -0700 (PDT)
In-Reply-To: <CACsn0cn0CFxt-tnnkTr8OF41uLxx8SGTNM8yK90SUiJDPgcN_Q@mail.gmail.com>
References: <BLU177-W4981235CC3AA2325B8CC01C39F0@phx.gbl> <20141031010310.2F9631AF6E@ld9781.wdf.sap.corp> <CACsn0cn0CFxt-tnnkTr8OF41uLxx8SGTNM8yK90SUiJDPgcN_Q@mail.gmail.com>
Date: Fri, 31 Oct 2014 14:15:33 +0100
Message-ID: <CADMpkc+sBA8X4XodX2S_S4jTkpixzJfQ82UKUQyF-_fHG5Vqrg@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a11c23220c134ea0506b7ca05"
X-Provags-ID: V02:K0:m083EAHGWG7opn68KnbpufmErIuN5E3sotEH77bQkOR UvM0MrWl+t34HI0wX2tBIOwczTo/ylkpWxIHaeIJ9xsCOKzdq2 8yP4qg9T8i25dSVY1J2dS6pVBFb0687venslLdXCgTNhZWQ9nr 4gdjJNTNioTTTsKpwY9N6JaJOoqgPRpQ/s8Z6KtgZ6Wt3No1Ma 7qtuq7uN0G9SSyZONyHGbRffISRAzEzDSMYqhyaATwO1L5rtKl tDEnJAq6A5UZfND+TiXGPfvWj1WRD1yOsBvVYBJx+J+jiMGe+d wf80oThChTfPJ9Rwb7+c+XWp3HCwT2/y3p9TNc7/bhnl13n0/3 6WZdcoXxEhk80KDYFz+mtwNA2GSbSI2BpXXyyKywgMK/n/0xGM j0tkyFMSBRDHQA3qRyepquJOmPZmuNi7qShWi8QPTDtMThgpid Mxr4W
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/k3BvZ1NTVohZDXj-jkoSRzgdC0w
Subject: Re: [TLS] Prohibiting SSL 3.0
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Oct 2014 13:18:30 -0000
Watson Ladd <watsonbladd@gmail.com>: No, the root of all evil is hiring a biology student for a summer to > make a security protocol. It's a miracle SSLv3 works at all, showing > that the Lord protects drunks, fools, and interns. I don't think that's fair to Paul Kocher; see also https://www.usenix.org/legacy/publications/library/proceedings/ec96/full_papers/wagner/wagner.pdf for a protocol analysis done by people that I think don't have a biology background. (Was Paul an intern or a paid consultant at that time? I thought the latter [cf. http://www.informatik.uni-trier.de/~ley/pers/hd/k/Kocher:Paul_C=]. He'd been a consultant to RSA Data Security before, although the only thing I seem to remember about his work at that time was that he found not much wrong with RC4.) It seems pretty safe to say that Phil Rogaway would have been able to spot additional problems and improve the SSL 3.0 protocol, but this was years before there was a systematic understanding of many of the relevant concepts. Chosen-ciphertext attacks were a thing, but "authenticated encryption" was unheard of. This was even before http://web.cs.ucdavis.edu/~rogaway/papers/sym-enc.pdf. Bodo
- [TLS] Prohibiting SSL 3.0 Yuhong Bao
- Re: [TLS] Prohibiting SSL 3.0 Martin Thomson
- Re: [TLS] Prohibiting SSL 3.0 Florian Weimer
- Re: [TLS] Prohibiting SSL 3.0 Hubert Kario
- Re: [TLS] Prohibiting SSL 3.0 Peter Gutmann
- Re: [TLS] Prohibiting SSL 3.0 Florian Weimer
- Re: [TLS] Prohibiting SSL 3.0 Ilari Liusvaara
- Re: [TLS] Prohibiting SSL 3.0 Manuel Pégourié-Gonnard
- Re: [TLS] Prohibiting SSL 3.0 Bodo Moeller
- Re: [TLS] Prohibiting SSL 3.0 Eric Rescorla
- Re: [TLS] Prohibiting SSL 3.0 Manuel Pégourié-Gonnard
- Re: [TLS] Prohibiting SSL 3.0 Salz, Rich
- Re: [TLS] Prohibiting SSL 3.0 Hubert Kario
- Re: [TLS] Prohibiting SSL 3.0 Yoav Nir
- Re: [TLS] Prohibiting SSL 3.0 Hubert Kario
- Re: [TLS] Prohibiting SSL 3.0 Yoav Nir
- Re: [TLS] Prohibiting SSL 3.0 Hubert Kario
- Re: [TLS] Prohibiting SSL 3.0 Martin Rex
- Re: [TLS] Prohibiting SSL 3.0 Manuel Pégourié-Gonnard
- Re: [TLS] Prohibiting SSL 3.0 Martin Rex
- Re: [TLS] Prohibiting SSL 3.0 Watson Ladd
- Re: [TLS] Prohibiting SSL 3.0 Martin Rex
- Re: [TLS] Prohibiting SSL 3.0 Geoffrey Keating
- Re: [TLS] Prohibiting SSL 3.0 Watson Ladd
- Re: [TLS] Prohibiting SSL 3.0 Bodo Moeller
- Re: [TLS] Prohibiting SSL 3.0 Watson Ladd
- Re: [TLS] Prohibiting SSL 3.0 Bodo Moeller
- Re: [TLS] Prohibiting SSL 3.0 Watson Ladd
- Re: [TLS] Prohibiting SSL 3.0 Sean Turner
- Re: [TLS] Prohibiting SSL 3.0 Joseph Salowey
- Re: [TLS] Prohibiting SSL 3.0 Yuhong Bao
- Re: [TLS] Prohibiting SSL 3.0 Yoav Nir
- Re: [TLS] Prohibiting SSL 3.0 Dave Garrett
- Re: [TLS] Prohibiting SSL 3.0 Jeffrey Walton
- Re: [TLS] Prohibiting SSL 3.0 Yoav Nir