Re: [TLS] Downgrade protection, fallbacks, and server time

On 2 June 2016 at 08:56, Eric Rescorla wrote: >> (Although, do we actually get the stronger protection if the client >> accepts plain RSA key exchange? I've never been very clear on that. >> Realistically, clients will be accepting plain RSA for a long while.) > > > Yes, that's

[TLS] tls - Update to a Meeting Session Request for IETF 96

An update to a meeting session request has just been submitted by Sean Turner, a Chair of the tls working group. - Working Group Name: Transport Layer Security Area Name: Security Area Session Requester: spt Number of Sessions: 1 Length

Re: [TLS] Downgrade protection, fallbacks, and server time

On Wed, Jun 1, 2016 at 6:43 PM Eric Rescorla wrote: > 2% is actually pretty good, but I agree that we're going to need fallback. > > I'd be fine with moving the 8 bytes to the end, but I wonder if it would > be better to > instead have the *client* indicate its max version and the

Re: [TLS] Downgrade protection, fallbacks, and server time

2% is actually pretty good, but I agree that we're going to need fallback. I'd be fine with moving the 8 bytes to the end, but I wonder if it would be better to instead have the *client* indicate its max version and the server check. That would have the advantage that it would leave more of the

[TLS] Downgrade protection, fallbacks, and server time

In case folks hoped we could bump the ClientHello version without those dreaded browser fallbacks, I have bad news. :-( 1.3 intolerance very much exists. (Maybe we should just give up on ClientHello.version and use an extension? Extensions have rusted less.) I picked a large list of top sites and

[TLS] tls - New Meeting Session Request for IETF 96

A new meeting session request has just been submitted by Joseph A. Salowey, a Chair of the tls working group. - Working Group Name: Transport Layer Security Area Name: Security Area Session Requester: J. Salowey Number of Sessions: 1