Re: [TLS] Accept draft-turner-ssl-must-not-02 as WG item
Sean Turner <turners@ieca.com> Wed, 06 October 2010 16:40 UTC
Return-Path: <turners@ieca.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D29BE3A6ED4 for <tls@core3.amsl.com>; Wed, 6 Oct 2010 09:40:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.598
X-Spam-Level:
X-Spam-Status: No, score=-102.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, UNPARSEABLE_RELAY=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qPphsnwNl6m6 for <tls@core3.amsl.com>; Wed, 6 Oct 2010 09:40:16 -0700 (PDT)
Received: from smtp115.biz.mail.mud.yahoo.com (smtp115.biz.mail.mud.yahoo.com [209.191.68.75]) by core3.amsl.com (Postfix) with SMTP id E1DF73A6D33 for <tls@ietf.org>; Wed, 6 Oct 2010 09:40:15 -0700 (PDT)
Received: (qmail 71258 invoked from network); 6 Oct 2010 16:41:11 -0000
Received: from thunderfish.local (turners@96.241.1.248 with plain) by smtp115.biz.mail.mud.yahoo.com with SMTP; 06 Oct 2010 09:41:11 -0700 PDT
X-Yahoo-SMTP: ZrP3VLSswBDL75pF8ymZHDSu9B.vcMfDPgLJ
X-YMail-OSG: gXyRllkVM1m6gKIe6gBulbbWgAeN_b5yE0cRFM5qUzmSCqs bOdUm65WhmSKiLKR_I922RXMobDTZYeLRNYD.0dBM0sAANersxkFusOTXyfD m2uS0FvwWIYdSC.8A_okBf096ixh.Vc0pju37836Vp2IR9W3Qoel3kVs0bmi dOSLops7TcBBVQM905A1j9zCz3e5ZIWJf8X7XroSKhNUIkuSm8R_2KGAF1Te WlOE3dA7rELbWPIbLbpDb0wkcgqQkDo.Qm3Pvyc4Pj.Lk5h4pg10XHHWKKsC CL2GDecclEzScICaR5RgWY6wPpey.2ROBOIQ6HYkCKNQvx3O9FMog
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4CACA6A6.3000906@ieca.com>
Date: Wed, 06 Oct 2010 12:41:10 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228)
MIME-Version: 1.0
To: mrex@sap.com
References: <E1Ovj4f-0007mZ-4a@wintermute02.cs.auckland.ac.nz> <201009151926.o8FJQjWp009193@fs4113.wdf.sap.corp> <8762y55r3c.fsf@mocca.josefsson.org>
In-Reply-To: <8762y55r3c.fsf@mocca.josefsson.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Simon Josefsson <simon@josefsson.org>, tls@ietf.org
Subject: Re: [TLS] Accept draft-turner-ssl-must-not-02 as WG item
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Oct 2010 16:40:16 -0000
Simon Josefsson wrote: > Martin Rex <mrex@sap.com> writes: > >> Peter Gutmann wrote: >>> Martin Rex <mrex@sap.com> writes: >>> >>>> Personally I can not think of a reason to move away from what rfc-5246 >>>> appendix E.2 says. >>> I can. That language has been in there more or less forever, and it's had >>> pretty much zero effect in encouraging implementations to drop the SSLv2 >>> handshake (some implementations gradually have over time, but probably not >>> because of text that says "well, you know, it would be really uncool if you >>> kept sending SSLv2 hello's for the next twenty years"). Without a clear MUST >>> NOT for the server to finally get clients to switch off SSLv2 hellos, we're >>> never going to get rid of these things. >> client MUST NOT negotiate or use SSL 2.0 is fine with me >> client MUST NOT send SSL 2.0 CLIENT-HELLO is fine with me >> server MUST NOT negotiate or use SSL 2.0 is fine with me >> >> but >> >> server SHOULD NOT accept SSL 2.0 CLIENT-HELLO as the first message >> of a TLS handshake is not sensible and is in clear >> conflict with rfc2119 section 6. > > This is exactly my preference too. Thanks for expressing it so clearly. I'll update the section to have the three bullets Martin listed above (without the "is fine with me" of course). spt
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Martin Rex
- [TLS] Accept draft-turner-ssl-must-not-02 as WG i… Eric Rescorla
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Peter Gutmann
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Paul Hoffman
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Michael D'Errico
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Sean Turner
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Marsh Ray
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Yoav Nir
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Peter Saint-Andre
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Martin Rex
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Russ Housley
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Martin Rex
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Geoffrey Keating
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Simon Josefsson
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Sean Turner
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Sean Turner
- Re: [TLS] Accept draft-turner-ssl-must-not-02 as … Martin Rex