Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt>

ietf

Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt>

2015-01-22 10:17:18

On Wednesday 21 January 2015 16:45:31 Michael D'Errico wrote:

Martin Rex wrote:

Rubber-Stamping the fallback-scsv hack onto the standards track is
IMHO a very bad idea.


I apologize if this has been discussed before (I have about 1400
unread TLS mailing list messages in my queue), but it seems that
a simpler SCSV or extension could just ask the server to echo its
highest supported version:

     ClientHello w/SCSV    ----->
                           <-----    ServerHello w/version extension


that's not allowed by the RFC's, the server can send back only the extension 
id's client has sent

-- 
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard, (continued) Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard, Nikos Mavrogiannopoulos Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard, Bodo Moeller RE: Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard, Salz, Rich Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard, Colm MacCárthaigh Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard, Hanno Böck Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard, Adam Langley Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard, Brian Smith Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard, Martin Rex Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard, Martin Rex Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt>, Michael D'Errico Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt>, Hubert Kario <= Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt>, Henrik Grubbström Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard, Eric Rescorla Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard, Bodo Moeller Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard, Jeffrey Walton Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard, Yoav Nir Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard, Bodo Moeller RE: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard, Yuhong Bao RE: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard, Yuhong Bao RE: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard, Andrei Popov Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard, Watson Ladd

Previous by Date:	Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt>, Henrik Grubbström
Next by Date:	Re: 2015-2016 IETF NomCom Chair Announcement, Michael Richardson
Previous by Thread:	Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt>, Michael D'Errico
Next by Thread:	Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt>, Henrik Grubbström
Indexes:	[Date] [Thread] [Top] [All Lists]