Re: [TLS] SCSV vs RI when both specified. Was: Updated draft

Ben Laurie <benl@google.com> Mon, 28 December 2009 13:37 UTC

Return-Path: <benl@google.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D9BB43A67A2 for <tls@core3.amsl.com>; Mon, 28 Dec 2009 05:37:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.793
X-Spam-Level:
X-Spam-Status: No, score=-105.793 tagged_above=-999 required=5 tests=[AWL=0.183, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lpjaoOejvdAh for <tls@core3.amsl.com>; Mon, 28 Dec 2009 05:37:02 -0800 (PST)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.33.17]) by core3.amsl.com (Postfix) with ESMTP id 6A2FE3A65A6 for <tls@ietf.org>; Mon, 28 Dec 2009 05:37:02 -0800 (PST)
Received: from spaceape7.eur.corp.google.com (spaceape7.eur.corp.google.com [172.28.16.141]) by smtp-out.google.com with ESMTP id nBSDagpe021669 for <tls@ietf.org>; Mon, 28 Dec 2009 13:36:42 GMT
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1262007402; bh=y07hJKJ4aGV56ipiHYDzgIjEK/0=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type; b=WqjUOBoIxMjN7JWbRA61P/E380j1TZmUoNR5Z3EvskBI1iaPot0OAnwGFPKkdZi94 TqaJy6XbOO80d4DshsRaw==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:in-reply-to:references:date:message-id:subject:from:to: cc:content-type:x-system-of-record; b=DpWeDdPnph/1yJm5vlYV/GU1Rd37V0W1PDGmSDyp/kbQkScUEVtYNeU/YbSvXpXhC Ul8lyYKdu1jsVEtnsw7qg==
Received: from qyk37 (qyk37.prod.google.com [10.241.83.165]) by spaceape7.eur.corp.google.com with ESMTP id nBSDadp2005225 for <tls@ietf.org>; Mon, 28 Dec 2009 05:36:41 -0800
Received: by qyk37 with SMTP id 37so4129273qyk.18 for <tls@ietf.org>; Mon, 28 Dec 2009 05:36:39 -0800 (PST)
MIME-Version: 1.0
Received: by 10.229.111.143 with SMTP id s15mr6533725qcp.23.1262007399034; Mon, 28 Dec 2009 05:36:39 -0800 (PST)
In-Reply-To: <BA53741D-8774-41AD-91FF-0882DEAD3BD3@checkpoint.com>
References: <90E934FC4BBC1946B3C27E673B4DB0E4A7EE854013@LLE2K7-BE01.mitll.ad.local> <4B2FA22D.2090800@extendedsubset.com> <BA53741D-8774-41AD-91FF-0882DEAD3BD3@checkpoint.com>
Date: Mon, 28 Dec 2009 13:36:36 +0000
Message-ID: <1b587cab0912280536u2fbfaa6eo1f1c28b3c3c6da05@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Yoav Nir <ynir@checkpoint.com>
Content-Type: multipart/alternative; boundary=0023544715ecb941f6047bc9feb1
X-System-Of-Record: true
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] SCSV vs RI when both specified. Was: Updated draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Dec 2009 13:37:04 -0000

On Tue, Dec 22, 2009 at 8:21 AM, Yoav Nir <ynir@checkpoint.com> wrote:

>
> On Dec 21, 2009, at 6:28 PM, Marsh Ray wrote:
>
> > Blumenthal, Uri - 0662 - MITLL wrote:
> >
> >> If the
> >> protocol spec demands aborting connection, it better have a damn good
> >> reason to do so - and more substantive than "some Steve decided it
> >> doesn't really matter to him if the peers connect or not".
> >
> > How about "remote endpoint doesn't pass the bozo test"?
>
> We do not discriminate against bozos.
>
> Seriously, servers are there to communicate. Amazon or Google are not going
> to turn away customers because their browsers are a little off. That's why
> they agree to work in SSLv2.
>

Oh yes we are :-)

$ openssl s_client -ssl2 -connect www.google.com:443
CONNECTED(00000003)
write:errno=54


> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>