Re: [TLS] Protocol version for inappropriate_fallback alerts (was: Re: I-D Action: draft-ietf-tls-downgrade-scsv-01.txt)
Bodo Moeller <bmoeller@acm.org> Fri, 14 November 2014 05:38 UTC
Return-Path: <bmoeller@acm.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8228E1A6EE4 for <tls@ietfa.amsl.com>; Thu, 13 Nov 2014 21:38:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.262
X-Spam-Level:
X-Spam-Status: No, score=-0.262 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2BocFF29_lXM for <tls@ietfa.amsl.com>; Thu, 13 Nov 2014 21:38:15 -0800 (PST)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.131]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 474161A1B6E for <tls@ietf.org>; Thu, 13 Nov 2014 21:38:15 -0800 (PST)
Received: from mail-oi0-f47.google.com (mail-oi0-f47.google.com [209.85.218.47]) by mrelayeu.kundenserver.de (node=mreue003) with ESMTP (Nemesis) id 0MVZ1v-1XUcZe07QN-00Z31g; Fri, 14 Nov 2014 06:38:13 +0100
Received: by mail-oi0-f47.google.com with SMTP id v63so2327400oia.34 for <tls@ietf.org>; Thu, 13 Nov 2014 21:38:07 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.202.227.73 with SMTP id a70mr5560100oih.59.1415943487738; Thu, 13 Nov 2014 21:38:07 -0800 (PST)
Received: by 10.60.32.42 with HTTP; Thu, 13 Nov 2014 21:38:07 -0800 (PST)
Received: by 10.60.32.42 with HTTP; Thu, 13 Nov 2014 21:38:07 -0800 (PST)
In-Reply-To: <20141113231954.C65861AFCC@ld9781.wdf.sap.corp>
References: <CADMpkcJyojb_=g3uinQX+YTN0tdYD6jivOwgoB_OGqB-6i4B1g@mail.gmail.com> <20141113231954.C65861AFCC@ld9781.wdf.sap.corp>
Date: Fri, 14 Nov 2014 06:38:07 +0100
Message-ID: <CADMpkcLo04Ns4X6P27CqinWb+rfyVEWd0OmuT0_tfZ_=a7tNBw@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary="001a114093d29bdb1d0507cb08fb"
X-Provags-ID: V02:K0:jRXDUwGE0M4VzikgWt8PkJyWsdXQJmbNI7IoWpgTZhE UGXQo6IHN46FeqyluqLL1sTDlFVNMe7v7/4niOKJ1tIujXR8l7 Ybkoq8Ke4lMRm5n8VpCYK6nU76bRDGieojzpwV3WZrrAF7Fea8 Gg4Ruq2wqglmsTQU0T+lMHiMqM93+Qi2Qaix/lBtvnW+2y2plD 1dfmasx26YKuLW49PkIf08IaP92pHRMl3wAd6bxQD/W5JNjdR2 EdsqDAY135ydETIlEGfysNshMCo3ZWfSz4et9vnx/oEP5sCtl5 yxX7cXsneyLMgKQBKFOx2+A0KjGExXrk5ZzWrPvjdjuAVhZlpz BWz4NQQOJcUchLSe8ngGvl30n5WPvgOYoc4UNpdyQGoPHkkQZ7 Go92o+FKF+pZhbt2EOF/yJqE+WNs+s/6nlGhS2C06QRJalCZYr lJDtR
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/o3UN-L1CSnAP0tULLe4GwQTWN5w
Subject: Re: [TLS] Protocol version for inappropriate_fallback alerts (was: Re: I-D Action: draft-ietf-tls-downgrade-scsv-01.txt)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Nov 2014 05:38:16 -0000
> > The above wording is *not* meant to encourage servers to send a > > protocol_version alert if client_version is too high (new), which I think > > is what you got from it. > The wording clearly suggests that it would be OK for servers for too high > as well. As I subsequently explained, it doesn't if you don't take it out of context. The context is that the version is low. That wording in the TLS RFCs indeed appears to encourage version-intolerant behavior and should be fixed. However, for this I-D, I'm not worried.
- [TLS] I-D Action: draft-ietf-tls-downgrade-scsv-0… internet-drafts
- [TLS] Protocol version for inappropriate_fallback… Florian Weimer
- Re: [TLS] Protocol version for inappropriate_fall… Bodo Moeller
- Re: [TLS] Protocol version for inappropriate_fall… Florian Weimer
- Re: [TLS] Protocol version for inappropriate_fall… Martin Thomson
- Re: [TLS] Protocol version for inappropriate_fall… Bodo Moeller
- Re: [TLS] Protocol version for inappropriate_fall… Martin Rex
- Re: [TLS] Protocol version for inappropriate_fall… Martin Thomson
- Re: [TLS] Protocol version for inappropriate_fall… Bodo Moeller
- Re: [TLS] Protocol version for inappropriate_fall… Martin Rex
- Re: [TLS] Protocol version for inappropriate_fall… Bodo Moeller
- Re: [TLS] Protocol version for inappropriate_fall… Martin Rex
- Re: [TLS] Protocol version for inappropriate_fall… Bodo Moeller
- Re: [TLS] Protocol version for inappropriate_fall… Bodo Moeller
- Re: [TLS] Protocol version for inappropriate_fall… Florian Weimer
- Re: [TLS] Protocol version for inappropriate_fall… Bodo Moeller
- Re: [TLS] Protocol version for inappropriate_fall… Florian Weimer
- Re: [TLS] Protocol version for inappropriate_fall… Martin Rex
- Re: [TLS] Protocol version for inappropriate_fall… Ben Laurie
- Re: [TLS] Protocol version for inappropriate_fall… Martin Rex
- Re: [TLS] Protocol version for inappropriate_fall… Watson Ladd
- Re: [TLS] Protocol version for inappropriate_fall… Martin Rex
- Re: [TLS] Protocol version for inappropriate_fall… Bodo Moeller
- Re: [TLS] Protocol version for inappropriate_fall… Martin Rex