Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00
Bodo Moeller <bmoeller@acm.org> Wed, 15 October 2014 18:09 UTC
Return-Path: <SRS0=qaHA=7G=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 348391A9036 for <tls@ietfa.amsl.com>; Wed, 15 Oct 2014 11:09:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.938
X-Spam-Level:
X-Spam-Status: No, score=-0.938 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NieZTUdEj3zE for <tls@ietfa.amsl.com>; Wed, 15 Oct 2014 11:09:49 -0700 (PDT)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.24]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AFB21A902D for <tls@ietf.org>; Wed, 15 Oct 2014 11:09:49 -0700 (PDT)
Received: from mail-yh0-f48.google.com (mail-yh0-f48.google.com [209.85.213.48]) by mrelayeu.kundenserver.de (node=mreue103) with ESMTP (Nemesis) id 0Lnlkd-1Y5XEr2wiV-00hrMP; Wed, 15 Oct 2014 20:09:47 +0200
Received: by mail-yh0-f48.google.com with SMTP id v1so833987yhn.35 for <tls@ietf.org>; Wed, 15 Oct 2014 11:09:45 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.236.229.164 with SMTP id h34mr4008167yhq.199.1413396585479; Wed, 15 Oct 2014 11:09:45 -0700 (PDT)
Received: by 10.170.194.15 with HTTP; Wed, 15 Oct 2014 11:09:42 -0700 (PDT)
Received: by 10.170.194.15 with HTTP; Wed, 15 Oct 2014 11:09:42 -0700 (PDT)
In-Reply-To: <543E9FFA.5030102@redhat.com>
References: <2112FCAD-4820-49D9-9871-6501C83A554D@cisco.com> <5438CFEA.7000401@brainhub.org> <543E9435.8000905@redhat.com> <2A0EFB9C05D0164E98F19BB0AF3708C71D39ECE9C9@USMBX1.msg.corp.akamai.com> <543E9C9F.5050104@redhat.com> <2A0EFB9C05D0164E98F19BB0AF3708C71D39ECE9D5@USMBX1.msg.corp.akamai.com> <543E9FFA.5030102@redhat.com>
Date: Wed, 15 Oct 2014 20:09:42 +0200
Message-ID: <CADMpkcLnOh3HGD+urWuo6fPfkX4WfGhwckE0jg5jS2KqD2RuMQ@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: Florian Weimer <fweimer@redhat.com>
Content-Type: multipart/alternative; boundary="001a11c1db2a67895105057a09fe"
X-Provags-ID: V02:K0:SVHlqAr4dlCcn1Z4EI170w6mALi/aMs5r/DU7y/eyKC 37661GjXxBItqM0adgHj6Kjr6rS4Wo/8dq5tNvbwuFxg9lCmQ2 3MNIk6M5GTfLh9My745kyXyMa94JFDX2KF32MCGyg8i+X684tF 3xMdnc+CPVcQWRv03/5xF5BoVz1plkzM9qvmng3nWV3pdccy1O 20GmAwp3n5+Yolu6hXSKUAtdvD5dYjcO/aShz4MWzJrIwVEcgU YdAxnMrV32H7Frcnpa3HxUY865jhqoZw2dKNhMJwe97FBdvvSV WxzivnchBh+hCWDCYheHIrB0ugfy7ccCQ9M3QRgpUHnZyA8WOO pZ4fcUaxizzwB0dwrO4zMfbOXh2NPGPKDO7TxCkjwFgPV+vpiL i0PTH1sCMWZ6hvpACN8qnxrvXP342V2ODsFeuSw0hKcqaDxQ8/ oQHLb
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/oCk7_Nlod5vUlOTxLniIRB6iZ3s
Cc: tls@ietf.org
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Oct 2014 18:09:50 -0000
"Florian Weimer" <fweimer@redhat.com>: > *) Deploying an SCSV-enabled browser to users on an intercepting network will largely knock these users off the net (assuming that SCSV support is widely deployed in public-facing TLS termination), so such attacks are hopefully very isolated, or else it's not possible to deploy this feature in browsers. Thanks for the value proposition, by the way :-) Preventing such attacks, of course, is what we consider a feature. Google servers support the SCSV, and so does the Chrome browser; so we have the required real-life experience indicating that deploying the SCSV is practical. Bodo
- [TLS] Working Group Last Call for draft-ietf-tls-… Joseph Salowey (jsalowey)
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrei Popov
- Re: [TLS] Working Group Last Call for draft-ietf-… Adam Langley
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrei Popov
- Re: [TLS] Working Group Last Call for draft-ietf-… Adam Langley
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrei Popov
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrei Popov
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Rex
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Rex
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrey Jivsov
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Fabrice
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Nikos Mavrogiannopoulos
- Re: [TLS] Working Group Last Call for draft-ietf-… Hanno Böck
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… CodesInChaos
- Re: [TLS] Working Group Last Call for draft-ietf-… Hanno Böck
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Nikos Mavrogiannopoulos
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Tom Ritter
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
- Re: [TLS] Working Group Last Call for draft-ietf-… Manuel Pégourié-Gonnard
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Rex
- Re: [TLS] Working Group Last Call for draft-ietf-… Watson Ladd
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Fahima Ahmed Khan Etha
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Hubert Kario
- Re: [TLS] Working Group Last Call for draft-ietf-… Hubert Kario
- Re: [TLS] Working Group Last Call for draft-ietf-… Manuel Pégourié-Gonnard
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Manuel Pégourié-Gonnard
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Nikos Mavrogiannopoulos
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Daniel Kahn Gillmor
- Re: [TLS] Working Group Last Call for draft-ietf-… Manuel Pégourié-Gonnard
- Re: [TLS] Working Group Last Call for draft-ietf-… Hubert Kario
- Re: [TLS] Working Group Last Call for draft-ietf-… Hubert Kario
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Henrik Grubbström
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Peter Gutmann
- Re: [TLS] Working Group Last Call for draft-ietf-… Adam Langley
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrey Jivsov
- [TLS] The TLS_FALLBACK_SCSV time bomb (was: Re: W… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Hubert Kario
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Bodo Moeller
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Hubert Kario
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrey Jivsov
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Martin Thomson
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Andrei Popov
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Martin Thomson
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Jeffrey Walton
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Andrei Popov
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Marsh Ray
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Andrei Popov
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Martin Thomson
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Andrei Popov
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Yuhong Bao
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrey Jivsov
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Hubert Kario
- Re: [TLS] Working Group Last Call for draft-ietf-… Nikos Mavrogiannopoulos
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
- Re: [TLS] Working Group Last Call for draft-ietf-… Nikos Mavrogiannopoulos
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Manuel Pégourié-Gonnard
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Manuel Pégourié-Gonnard
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Nikos Mavrogiannopoulos
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Watson Ladd
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Manuel Pégourié-Gonnard
- Re: [TLS] Working Group Last Call for draft-ietf-… Salz, Rich
- Re: [TLS] Working Group Last Call for draft-ietf-… Manuel Pégourié-Gonnard
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Andrei Popov
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Salz, Rich
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Andrei Popov
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Andrei Popov
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Bodo Moeller
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Marsh Ray
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Bodo Moeller
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: R… Andrei Popov
- Re: [TLS] Working Group Last Call fordraft-ietf-t… Rob Stradling
- Re: [TLS] Working Group Last Call fordraft-ietf-t… Ilari Liusvaara
- Re: [TLS] Working Group Last Call for draft-ietf-… Bill Frantz
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] Working Group Last Call fordraft-ietf-t… Brian Smith
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrey Jivsov
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrey Jivsov
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrey Jivsov
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrey Jivsov
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrey Jivsov
- Re: [TLS] Working Group Last Call for draft-ietf-… Brian Smith
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb Andrei Popov
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrey Jivsov
- Re: [TLS] The TLS_FALLBACK_SCSV time bomb Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Daniel Kahn Gillmor
- Re: [TLS] Working Group Last Call for draft-ietf-… Andrey Jivsov
- Re: [TLS] Working Group Last Call for draft-ietf-… Daniel Kahn Gillmor
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Rex
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Florian Weimer
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Rex
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller