ietf
[Top] [All Lists]

Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt>

2015-01-22 10:14:12
On Thu, Jan 22, 2015 at 12:07 PM, Hubert Kario <hkario(_at_)redhat(_dot_)com> 
wrote:
On Wednesday 21 January 2015 16:45:31 Michael D'Errico wrote:
Martin Rex wrote:
Rubber-Stamping the fallback-scsv hack onto the standards track is
IMHO a very bad idea.

I apologize if this has been discussed before (I have about 1400
unread TLS mailing list messages in my queue), but it seems that
a simpler SCSV or extension could just ask the server to echo its
highest supported version:

     ClientHello w/SCSV    ----->
                           <-----    ServerHello w/version extension

that's not allowed by the RFC's, the server can send back only the extension
id's client has sent

Not quite; cf RFC 5746 (Renegotiation Indication Extension), where the
client may use the SCSV TLS_EMPTY_RENEGOTIATION_INFO_SCSV instead of
the renegotiation_info extension in its ClientHello, but the server
will reply with the renegotiation_info extension.

/grubba

-- 
Henrik Grubbström                                       
grubba(_at_)grubba(_dot_)org
Roxen Internet Software AB                              
grubba(_at_)roxen(_dot_)com


<Prev in Thread] Current Thread [Next in Thread>