Re: [TLS] TLS Protocol Version

[Martin Rex <mrex at sap.com>]

Blumenthal, Uri - 0662 - MITLL wrote:
> 
> After following this discussion for a while, I can say that I too
> am against fooling around with protocol version number
> (or with re-purposing an existing field). A clean extension-based
> solution is what's needed. And if SSLv3 can't/won't support it - so be it.

This is definitely not about fooling around.
It is strictly about compressing the information in the
ServerHello.server_version field while it travels the network
in a fashion that the client will understand perfectly well.

I expect that we will want to make the protected renegotiation
part of the TLSv1.3 base spec, and will prohibit the use of the
unprotected TLS renegotiation if the protocol version TLSv1.3
is negotiated.

So it is actually the exact same position in the client code
(parsing of ServerHello) that will decide when secure renegotiation
is used there.

   if ( 0!=(ServerHello.server_version & PATCHED_RENEGO_FLAG) )
        || (ServerHello.server_version & ~PATCHED_RENEGO_FLAG) >= TLSv13 ) {
      s->use_secure_renegotiation = TRUE;
   }

So it is a very good and the most natural place.

We are definitely changing an essential part of the protocol.
But we are also changing it orthogonal to regular TLS-versioning,
i.e. were _NOT_ creating TLSv1.3, but instead we are creating
modified protocol versions of  SSLv3, TLSv1.0, TLSv1.1 and TLSv1.2


What exactly is you problem with sacrificing a bit of the
server_version network encoding(!) in order to signal a protocol
change that is orthogonal to TLS protocol versioning?


-Martin