Re: [TLS] Analysis of Interop scenarios TLS extension RI w/MCSV

Nelson B Bolyard <nelson@bolyard.me> Fri, 11 December 2009 03:08 UTC

Return-Path: <nelson@bolyard.me>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6EFDC3A67F2 for <tls@core3.amsl.com>; Thu, 10 Dec 2009 19:08:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.525
X-Spam-Level:
X-Spam-Status: No, score=-2.525 tagged_above=-999 required=5 tests=[AWL=0.074, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Il3KPdo4riqW for <tls@core3.amsl.com>; Thu, 10 Dec 2009 19:08:32 -0800 (PST)
Received: from smtpauth14.prod.mesa1.secureserver.net (smtpauth14.prod.mesa1.secureserver.net [64.202.165.39]) by core3.amsl.com (Postfix) with SMTP id A78043A682E for <tls@ietf.org>; Thu, 10 Dec 2009 19:08:25 -0800 (PST)
Received: (qmail 11373 invoked from network); 11 Dec 2009 03:08:13 -0000
Received: from unknown (24.5.142.42) by smtpauth14.prod.mesa1.secureserver.net (64.202.165.39) with ESMTP; 11 Dec 2009 03:08:13 -0000
Message-ID: <4B21B79E.8060509@bolyard.me>
Date: Thu, 10 Dec 2009 19:08:14 -0800
From: Nelson B Bolyard <nelson@bolyard.me>
Organization: Network Security Services
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.9.1b1pre) Gecko/20081004 NOT Firefox/2.0 SeaMonkey/2.0a2pre
MIME-Version: 1.0
To: tls@ietf.org
References: <200912110255.nBB2tE1V027686@fs4113.wdf.sap.corp>
In-Reply-To: <200912110255.nBB2tE1V027686@fs4113.wdf.sap.corp>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] Analysis of Interop scenarios TLS extension RI w/MCSV
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Dec 2009 03:08:33 -0000

On 2009-12-10 18:55 PST, Martin Rex wrote:
> Nelson B Bolyard wrote:
>>>>> That is interesting information. Would you happen to have a copy of the
>>>>> last "official" spec you can send me?
>>>> Netscape's official SSLv3 spec as of 2005:
>>>> http://web.archive.org/web/20050207004652/wp.netscape.com/eng/ssl3/3-SPEC.HTM
>>> That's pretty clear, SSLv3 did not have a provision for extending Client
>>> Hello.
>>>
>>>> As obvious from it's name that spec is a product of the TLS WG and
>>>> the TLS WG decided to completely abandon (instead of publishing as
>>>> informational RFC) that document so that it expired and vanished
>>>> from the I-D repository 6 month later.
>>> Seems like SSLv3 was simultaneously one of the most critical protocols
>>> for net security and orphaned.
>> Stop right there.  Don't be led down the garden path.
>>
>> Look at the parent page.  Look at
>> http://web.archive.org/web/20050205162914/wp.netscape.com/eng/ssl3/


> Keeping an old version of a specification around in a MUCH
> MORE promentiently fashion for 9 years tells a lot about what
> Netscape thought of the draft-302.txt document.

It's not "much more prominent".  It's merely HTML.  Prettier, perhaps.

It amuses me that you tell me what Netscape did and didn't do with those
pages, because *I* was the Netscape employee who maintained that section
of the web site from 1998-2005, beginning when I implemented TLS 1.0
in Netscape's NSS.