Re: [TLS] Analysis of Interop scenarios TLS extension RI w/MCSV
Nelson B Bolyard <nelson@bolyard.me> Fri, 11 December 2009 22:41 UTC
Return-Path: <nelson@bolyard.me>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 456D93A67F6 for <tls@core3.amsl.com>; Fri, 11 Dec 2009 14:41:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.526
X-Spam-Level:
X-Spam-Status: No, score=-2.526 tagged_above=-999 required=5 tests=[AWL=0.073, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d1xoC56sieGB for <tls@core3.amsl.com>; Fri, 11 Dec 2009 14:41:32 -0800 (PST)
Received: from smtpauth13.prod.mesa1.secureserver.net (smtpauth13.prod.mesa1.secureserver.net [64.202.165.37]) by core3.amsl.com (Postfix) with SMTP id 092AD3A67FB for <tls@ietf.org>; Fri, 11 Dec 2009 14:41:31 -0800 (PST)
Received: (qmail 2724 invoked from network); 11 Dec 2009 22:41:19 -0000
Received: from unknown (24.5.142.42) by smtpauth13.prod.mesa1.secureserver.net (64.202.165.37) with ESMTP; 11 Dec 2009 22:41:19 -0000
Message-ID: <4B22CA88.7030007@bolyard.me>
Date: Fri, 11 Dec 2009 14:41:12 -0800
From: Nelson B Bolyard <nelson@bolyard.me>
Organization: Network Security Services
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.9.1b1pre) Gecko/20081004 NOT Firefox/2.0 SeaMonkey/2.0a2pre
MIME-Version: 1.0
To: tls@ietf.org
References: <200912111458.nBBEwPFR008154@fs4113.wdf.sap.corp>
In-Reply-To: <200912111458.nBBEwPFR008154@fs4113.wdf.sap.corp>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] Analysis of Interop scenarios TLS extension RI w/MCSV
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Dec 2009 22:41:33 -0000
On 2009-12-11 06:58 PST, Martin Rex wrote: > Nelson B Bolyard wrote: >>> Keeping an old version of a specification around in a MUCH >>> MORE promentiently fashion for 9 years tells a lot about what >>> Netscape thought of the draft-302.txt document. >> It's not "much more prominent". It's merely HTML. Prettier, perhaps. > > > Let's see: > > The following URL says "SPEC": > http://web.archive.org/web/20050207004652/wp.netscape.com/eng/ssl3/3-SPEC.HTM > > This URL says "Draft": > http://web.archive.org/web/20050206122938/wp.netscape.com/eng/ssl3/draft302.txt > > and includes an _explicit_ expiration of May 1997. Yes, all the drafts expired, including the one that says "spec". > And concerning extensibility of SSLv3, here's a statement > from Tom Weinstein, listed in the Authors section of the > Nov 18th, 1996 draft as a Netscape employee from > 10-Oct-1996: > > http://www.imc.org/ietf-tls/mail-archive/msg00325.html > > The lack of a general extension mechanism in SSL v3 is a feature, not a > bug. This is a security protocol, and so susceptibility to analysis is > a good thing. Simplicity and rigidity are features here. SSL does > provide for forwards compatibility by allowing version negotiation and > protection from version rollback attacks. > > -Tom Weinstein, Netscape, 10-Oct-1996, Co-Author of draft302.txt Tom and I shared a cubicle. His brother Jeff sat in the next cubicle over. One of my first mistakes in working on NSS's SSL code was changing the code for handling received client hellos to require that the length of the message be exact, with no extra. Tom caught this mistake in his review of my patch. That was one of my first lessons learned in working on SSL in 1997. > So as far as Netscape's SSLv3 is concerned it didn't not contain > extensibility. In your opinion. If you wish, you may continue to try to get the last word in on this subject, but I think the group decision will not be based on who gets the last word. >> It amuses me that you tell me what Netscape did and didn't do with those >> pages, because *I* was the Netscape employee who maintained that section >> of the web site from 1998-2005, beginning when I implemented TLS 1.0 >> in Netscape's NSS. > > You could have removed the explicit expiration notice on draft302.txt > and you could have renamed it to "3.0 final SPEC", you could have > removed the version that you condered outdated--or at least clearly > marked it as outdated _in_the_document_ if that was what you or > Netscape intended it to be. I consciously chose to make NO changes at all to any of those documents, lest anyone accuse Netscape of continuing to try to revise the SSL 3.0 specification rather than (or in parallel with) adopting the TLS 1.0 specification.
- [TLS] Analysis of Interop scenarios TLS extension… Martin Rex
- Re: [TLS] Analysis of Interop scenarios TLS exten… Marsh Ray
- Re: [TLS] Analysis of Interop scenarios TLS exten… Martin Rex
- Re: [TLS] Analysis of Interop scenarios TLS exten… Martin Rex
- Re: [TLS] Analysis of Interop scenarios TLS exten… Michael Gray
- Re: [TLS] Analysis of Interop scenarios TLS exten… Marsh Ray
- Re: [TLS] Analysis of Interop scenarios TLS exten… Dieter Bratko
- Re: [TLS] Analysis of Interop scenarios TLS exten… Martin Rex
- Re: [TLS] Analysis of Interop scenarios TLS exten… Marsh Ray
- Re: [TLS] Analysis of Interop scenarios TLS exten… Martin Rex
- Re: [TLS] Analysis of Interop scenarios TLS exten… Martin Rex
- Re: [TLS] Analysis of Interop scenarios TLS exten… Nelson B Bolyard
- Re: [TLS] Analysis of Interop scenarios TLS exten… Nelson B Bolyard
- Re: [TLS] Analysis of Interop scenarios TLS exten… Martin Rex
- Re: [TLS] Analysis of Interop scenarios TLS exten… Nelson B Bolyard
- Re: [TLS] Analysis of Interop scenarios TLS exten… David-Sarah Hopwood
- Re: [TLS] Analysis of Interop scenarios TLS exten… Michael Gray
- Re: [TLS] Analysis of Interop scenarios TLS exten… Martin Rex
- Re: [TLS] Analysis of Interop scenarios TLS exten… Martin Rex
- Re: [TLS] Analysis of Interop scenarios TLS exten… Marsh Ray
- Re: [TLS] Analysis of Interop scenarios TLS exten… Martin Rex
- Re: [TLS] Analysis of Interop scenarios TLS exten… David-Sarah Hopwood
- Re: [TLS] Analysis of Interop scenarios TLS exten… tom.petch
- Re: [TLS] Analysis of Interop scenarios TLS exten… Nelson B Bolyard
- Re: [TLS] Analysis of Interop scenarios TLS exten… Martin Rex
- Re: [TLS] Analysis of Interop scenarios TLS exten… Nelson B Bolyard
- Re: [TLS] Analysis of Interop scenarios TLS exten… Steve Checkoway
- [TLS] Black hole was Re: Analysis of Interop scen… tom.petch
- Re: [TLS] Analysis of Interop scenarios TLS exten… Michael Gray
- Re: [TLS] Analysis of Interop scenarios TLS exten… David-Sarah Hopwood
- Re: [TLS] Analysis of Interop scenarios TLS exten… Michael Gray
- Re: [TLS] Analysis of Interop scenarios TLS exten… Pasi.Eronen
- Re: [TLS] Black hole was Re: Analysis of Interop … Martin Rex
- Re: [TLS] Black hole was Re: Analysis of Interop … Pasi.Eronen
- Re: [TLS] Black hole was Re: Analysis of Interop … Martin Rex
- Re: [TLS] Black hole was Re: Analysis of Interop … Bill Frantz
- Re: [TLS] Analysis of Interop scenarios TLS exten… Martin Rex
- Re: [TLS] Analysis of Interop scenarios TLS exten… Marsh Ray