IETF Logo Mail Archive

Re: [TLS] checking on an scsv point

Martin Thomson <martin.thomson@gmail.com> Tue, 17 February 2015 23:49 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B29F1A6F3F for <tls@ietfa.amsl.com>; Tue, 17 Feb 2015 15:49:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WuSZ29bLLHJW for <tls@ietfa.amsl.com>; Tue, 17 Feb 2015 15:49:42 -0800 (PST)
Received: from mail-ob0-x232.google.com (mail-ob0-x232.google.com [IPv6:2607:f8b0:4003:c01::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0BB991A88D7 for <tls@ietf.org>; Tue, 17 Feb 2015 15:49:40 -0800 (PST)
Received: by mail-ob0-f178.google.com with SMTP id uz6so59378987obc.9 for <tls@ietf.org>; Tue, 17 Feb 2015 15:49:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=L0fzxqp0zuOnWpr824Lpl/tiQ0/oxv1DRwYoPrZP1Ao=; b=tFBkHfKv0hy1iD9wXJKg6fCh3nSyOLLoPdN+d4Zr6xiqJ3GGBIwpIq0JoYDjjnIEfn tfpWIBNU6qRag92jMBPAw09u9P1UDEM+bJRYn09RxGwOQwE7i4af56zwsSUXsKxsIO42 JOd0Kur67eGuvHrAulC0ra+53jLw5gsbrfCv5390qpL+7uSXIrjDFjR06Exg0ZhdMQmR p+7Ofj53UQ0pCJ6PRLBaMTIgDoAXqG8CzD+TiT8BGdXphOZfMIC0zTaWNnTFt7KIh2k5 pGlJrubNzKhfQSE8azTLaRJRWbfjjy8o7lbv236dm60LLWme4j52rVSE7vKlOpJdnBEN 47Ag==
MIME-Version: 1.0
X-Received: by 10.202.94.197 with SMTP id s188mr19225375oib.94.1424216979300; Tue, 17 Feb 2015 15:49:39 -0800 (PST)
Received: by 10.202.225.135 with HTTP; Tue, 17 Feb 2015 15:49:39 -0800 (PST)
In-Reply-To: <20150217231046.517061B1B1@ld9781.wdf.sap.corp>
References: <CABkgnnW+HpGuKq5BZo+OAeF_p00sWqccPk5bcsWJ-obKNU-7eg@mail.gmail.com> <20150217231046.517061B1B1@ld9781.wdf.sap.corp>
Date: Wed, 18 Feb 2015 10:49:39 +1100
Message-ID: <CABkgnnWywGzhpvN3-Brjt_DRYQSm7db7=v0wE0exNPaSNjqKpA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: "mrex@sap.com" <mrex@sap.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/vV1p4Uo8CmooQNti-HikA8Xk134>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] checking on an scsv point
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Feb 2015 23:49:43 -0000

On 18 February 2015 at 10:10, Martin Rex <mrex@sap.com> wrote:
> But that is a question for the apps on top rather than for NSS.

I have access to one of those as well.  That implementation would
consider the failure to be *another* sign of version intolerance,
triggering further fallback.  If the pattern of version+1 responses
continues, and I expect it to, it will reset any version intolerance
state after exhausting all the options.

Of course, that implementation is about to disable fallback, so the
window of applicability is extremely narrow in that case.

v2.23.0 | Report a Bug | By Email