Re: [TLS] drop obsolete SSL 2 backwards compatibility from TLS 1.3 draft
Dave Garrett <davemgarrett@gmail.com> Mon, 29 December 2014 20:32 UTC
Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDA5C1A8AD7 for <tls@ietfa.amsl.com>; Mon, 29 Dec 2014 12:32:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WP9JW5e350yE for <tls@ietfa.amsl.com>; Mon, 29 Dec 2014 12:32:43 -0800 (PST)
Received: from mail-qc0-x22a.google.com (mail-qc0-x22a.google.com [IPv6:2607:f8b0:400d:c01::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1967E1A8AEB for <tls@ietf.org>; Mon, 29 Dec 2014 12:32:43 -0800 (PST)
Received: by mail-qc0-f170.google.com with SMTP id x3so9985562qcv.29 for <tls@ietf.org>; Mon, 29 Dec 2014 12:32:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:references:in-reply-to:mime-version :content-type:content-transfer-encoding:message-id; bh=n57PPar5nI3zS8quVmj+cSMYGGejtqMQ50UPC7fgqxQ=; b=vzEUkHROESGerMo+j7JNOHZ9h+oJ/r6yJlW9oEuQnGrM7/7hyp7AHG05FEwCdPJa4l TZd6FaosVQPb4Sm5ZMdzv3+2TOsKZJD2tA1W6jySlMbmYunmCEC7ZKyNIl+Iu4ppYWvQ 60AiaFOtx+YUaE/CNVXuekUVO5Ye/RaqNK9V+j+9/8CfKKYJ3FFNadaZZP2xdycQOyh4 Ei0JhBsPHJ9KBonc28i+Kf2KR8Vt7O+VkDy6zjQe3bdxD7mbZ4wMsqPR5esh2jvQzkB7 E6M8gD2AJ9mgyXiLYiAEbvKzWNBP3s9zwuChOc3y/HyZxEylFNlFGiT6v4U05vqhkbhS F6wg==
X-Received: by 10.224.112.9 with SMTP id u9mr85908795qap.18.1419885162214; Mon, 29 Dec 2014 12:32:42 -0800 (PST)
Received: from dave-laptop.localnet (pool-72-78-212-218.phlapa.fios.verizon.net. [72.78.212.218]) by mx.google.com with ESMTPSA id r16sm34361193qay.10.2014.12.29.12.32.41 (version=TLSv1 cipher=RC4-SHA bits=128/128); Mon, 29 Dec 2014 12:32:41 -0800 (PST)
From: Dave Garrett <davemgarrett@gmail.com>
To: mrex@sap.com, "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Date: Mon, 29 Dec 2014 15:32:39 -0500
User-Agent: KMail/1.13.5 (Linux/2.6.32-66-generic-pae; KDE/4.4.5; i686; ; )
References: <20141229192657.A288B1B0B6@ld9781.wdf.sap.corp> <201412291528.11915.davemgarrett@gmail.com>
In-Reply-To: <201412291528.11915.davemgarrett@gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201412291532.39846.davemgarrett@gmail.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/xiDBrKdcuy6_rNfUKTN_vFCJyDM
Subject: Re: [TLS] drop obsolete SSL 2 backwards compatibility from TLS 1.3 draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Dec 2014 20:32:45 -0000
On Monday, December 29, 2014 03:28:11 pm Dave Garrett wrote: > On Monday, December 29, 2014 02:26:57 pm Martin Rex wrote: > > A SSL Version 2.0 CLIENT-HELLO offering TLSv1.2 is perfectly sufficient > > to negotiate the mandatory-to-implement TLSv1.2 TLS cipher suite: > > https://tools.ietf.org/html/rfc5246#section-9 > > Wrong reference? That's just the MTI cipher. SSL2 compatibility in TLS 1.2 > is here: > https://tools.ietf.org/html/rfc5246#appendix-E.2 Sorry, misunderstanding what you were referencing there. The backwards compatibility is in the appendix. The MTI cipher _itself_ is in section 9. Dave
- [TLS] drop obsolete SSL 2 backwards compatibility… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Brian Smith
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yoav Nir
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yuhong Bao
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yoav Nir
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- [TLS] explicitly specify ClientHello record versi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Kurt Roeckx
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Jeffrey Walton
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Kurt Roeckx
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Hauke Mehrtens
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yoav Nir
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Fabrice
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Brian Smith
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Brian Smith
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Brian Smith
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Kurt Roeckx
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Hauke Mehrtens
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Kurt Roeckx
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Salz, Rich
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Watson Ladd
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Martin Rex
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Martin Thomson
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Martin Rex
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Peter Gutmann
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Brian Smith
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Martin Rex
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Salz, Rich
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yuhong Bao
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Florian Weimer
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Florian Weimer
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Daniel Kahn Gillmor
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yuhong Bao
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Andrei Popov
- [TLS] Downgrade Dance steps (Re: drop obsolete SS… Martin Rex
- Re: [TLS] Downgrade Dance steps (Re: drop obsolet… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yuhong Bao
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Martin Rex
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yuhong Bao