Re: [TLS] Fingerprinting weaknesses (was: The risk of misconfiguration)
Alyssa Rowan <akr@akr.io> Wed, 07 May 2014 19:04 UTC
Return-Path: <akr@akr.io>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0818E1A0362 for <tls@ietfa.amsl.com>; Wed, 7 May 2014 12:04:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oiFvOyJo3dlb for <tls@ietfa.amsl.com>; Wed, 7 May 2014 12:04:16 -0700 (PDT)
Received: from entima.net (entima.net [78.129.143.175]) by ietfa.amsl.com (Postfix) with ESMTP id 6A09F1A0298 for <tls@ietf.org>; Wed, 7 May 2014 12:04:16 -0700 (PDT)
Message-ID: <536A83A2.3070701@akr.io>
Date: Wed, 07 May 2014 20:04:02 +0100
From: Alyssa Rowan <akr@akr.io>
MIME-Version: 1.0
To: tls@ietf.org
References: <CACsn0cnvV9c5aH5p8cD1fJEzF4dmNXBaEaHCfkX82AZqKOUYaQ@mail.gmail.com> <CAK3OfOgYr7d88iuxhXZcos55ymg0i_Q_GHNcXB+w7GRUaEj0bw@mail.gmail.com> <536A67D9.2070302@pobox.com> <CAK3OfOjTehkbKMg40_ZXGXOVjyHHY7UrxLmpyr7Mz00rRo+RLQ@mail.gmail.com> <536A6F8C.7020702@akr.io> <20140507181651.GX27883@mournblade.imrryr.org> <536A7AAE.9030801@akr.io> <20140507184748.GY27883@mournblade.imrryr.org>
In-Reply-To: <20140507184748.GY27883@mournblade.imrryr.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/ryE1Vn7feJwrCzs1LMv-2dcuyVQ
Subject: Re: [TLS] Fingerprinting weaknesses (was: The risk of misconfiguration)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 May 2014 19:04:18 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/05/2014 19:47, Viktor Dukhovni wrote: > This is not a compelling reason to remove protocol capabilities. I think that they are insecure _is_ a compelling reason: we seem simply to disagree on that point. More interestingly: > Cipher-suite signalling is just one of many ways that Mallory can > determine which clients she can attack undetected. I wonder, what other ways are there; and how can we stop them, too? - -- /akr -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTaoOiAAoJEOyEjtkWi2t62/oQAJxVClVxEEZI5xLczaN5pDEN aXZXRwQeXxjA00up/5brurTweXhVvocg43XprsMHf9S/zw+V3TgeaqSejKWjduZR nIS1cRXfxdhaOWrnEHFeZcPRNGUFLzgq5nlt4/jRWsl475XCExdcSfbuFGgG27mr BKLWcxc+N0W3ZNLdz8LRJk1y+NRd9vNGHW9j2i+pYOo2eBYS91dADlS/YavnDQOz P6SQv/OPEfYWscaejWiC/1dgMx2OplSMzk5vAuNmnoRTJyMSoakUBDqYdxH1UxQ1 cOWjGiIE+bTAfe0rUQ7xVkMiBGuwthuX3tuRH+p5Y27z2pEKk47sYZ5ExSh7BS6V 4wlEUirfgNyuULrckCiridXK7RVU33Nw/WD234+w30GDL+ExGX3qTi1/mNMlHH8C hPzkCAOjkc+HJVfAqqlrW4EQvGMLx9FdjCD2wgJ6yslTYL8AmTmOrS3AMRGLL+pu Bop8tHxa+LCf8kEOlMkBzJQ0KmeYyQaKd2CunCl45cYiyNlL1mURlKe/NrXChmKP IptNwbwIQGXQ0xz8x+0+FSs9/48NyLNtZddbtor0Od/YkzwR0YtKRCW6HDTa4ajg Z1qsBuDpsacOxj4iXYKo2vV7RGJImxQ6yIEQdsHgGeSxLW3Kgsg7fpAOwUW6F93d LI7e/RyQooysl5kJ/MTx =czh+ -----END PGP SIGNATURE-----
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Watson Ladd
- [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Alyssa Rowan
- Re: [TLS] The risk of misconfiguration James Cloos
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Andrei Popov
- Re: [TLS] The risk of misconfiguration Alyssa Rowan
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Ralph Holz
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Fedor Brunner
- Re: [TLS] The risk of misconfiguration Nikos Mavrogiannopoulos
- Re: [TLS] The risk of misconfiguration Warren Kumari
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Michael D'Errico
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Michael D'Errico
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Alyssa Rowan
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] Fingerprinting weaknesses (was: The ris… Alyssa Rowan
- Re: [TLS] Fingerprinting weaknesses (was: The ris… Salz, Rich
- Re: [TLS] The risk of misconfiguration Alyssa Rowan
- Re: [TLS] Fingerprinting weaknesses (was: The ris… Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] Fingerprinting weaknesses (was: The ris… Nico Williams
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] Fingerprinting weaknesses (was: The ris… Watson Ladd
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] Fingerprinting weaknesses (was: The ris… Nico Williams
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Salz, Rich
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Manuel Pégourié-Gonnard
- Re: [TLS] The risk of misconfiguration Yoav Nir
- Re: [TLS] The risk of misconfiguration Salz, Rich
- Re: [TLS] The risk of misconfiguration Martin Rex
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Martin Thomson
- Re: [TLS] The risk of misconfiguration Stephen Farrell
- Re: [TLS] The risk of misconfiguration Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] The risk of misconfiguration Manuel Pégourié-Gonnard
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Russ Housley
- Re: [TLS] The risk of misconfiguration Bill Frantz
- Re: [TLS] The risk of misconfiguration Michael D'Errico
- Re: [TLS] The risk of misconfiguration Daniel Kahn Gillmor
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration (Muphry's … Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Stephen Farrell
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni