Re: [TLS] no fallbacks please [was: Downgrade protection, fallbacks, and server time]

On 3 June 2016 at 01:07, David Benjamin wrote: > But reality is what it is. The Law of the Internet is the last thing that > changed is blamed. We have a limited "budget" we can spend breaking things > (otherwise I'd have removed almost everything by now!) and there is no >

Re: [TLS] no fallbacks please [was: Downgrade protection, fallbacks, and server time]

On Thursday 02 June 2016 15:22:03 David Benjamin wrote: > On Thu, Jun 2, 2016 at 11:07 AM David Benjamin > wrote: > > On Thu, Jun 2, 2016 at 6:43 AM Hubert Kario wrote: > >> On Thursday 02 June 2016 11:39:20 Yoav Nir wrote: > >> > > On 2 Jun 2016, at

Re: [TLS] Downgrade protection, fallbacks, and server time

> On Jun 2, 2016, at 11:16 AM, David Benjamin wrote: > > I've mused on something like that (I was the main driver behind painstakingly > removing the existing version fallback in Chrome), but I don't think > non-determinism is a good idea. Site owners need to be able to

Re: [TLS] no fallbacks please [was: Downgrade protection, fallbacks, and server time]

On Thursday 02 June 2016 15:07:53 David Benjamin wrote: > On Thu, Jun 2, 2016 at 6:43 AM Hubert Kario wrote: > > On Thursday 02 June 2016 11:39:20 Yoav Nir wrote: > > > > On 2 Jun 2016, at 10:31 AM, Nikos Mavrogiannopoulos > > > > wrote:> > > > > > > > > On

Re: [TLS] Downgrade protection, fallbacks, and server time

On Thu, Jun 2, 2016 at 11:20 AM Hubert Kario wrote: > > > Speaking of version number, does the text say that a server _MUST_ > > > accept any version higher than the one that is specified in the RFC, > > > but reply with 0x03,0x04 in case it doesn't support any future > > >

Re: [TLS] no fallbacks please [was: Downgrade protection, fallbacks, and server time]

On Thu, Jun 2, 2016 at 11:07 AM David Benjamin wrote: > On Thu, Jun 2, 2016 at 6:43 AM Hubert Kario wrote: > >> On Thursday 02 June 2016 11:39:20 Yoav Nir wrote: >> > > On 2 Jun 2016, at 10:31 AM, Nikos Mavrogiannopoulos >> > > wrote:>

Re: [TLS] Downgrade protection, fallbacks, and server time

On Thursday 02 June 2016 14:49:52 David Benjamin wrote: > On Thu, Jun 2, 2016 at 6:40 AM Hubert Kario wrote: > > On Wednesday 01 June 2016 22:29:06 David Benjamin wrote: > > > In case folks hoped we could bump the ClientHello version without > > > those dreaded browser

Re: [TLS] no fallbacks please [was: Downgrade protection, fallbacks, and server time]

On Thu, Jun 2, 2016 at 6:43 AM Hubert Kario wrote: > On Thursday 02 June 2016 11:39:20 Yoav Nir wrote: > > > On 2 Jun 2016, at 10:31 AM, Nikos Mavrogiannopoulos > > > wrote:> > > > On Wed, 2016-06-01 at 15:43 -0700, Eric Rescorla wrote: > > >> 2% is actually

Re: [TLS] Downgrade protection, fallbacks, and server time

> On Jun 2, 2016, at 10:49 AM, David Benjamin wrote: > > I'm not sure I follow. The specification certainly spells out how version > negotiation is supposed to work. That hasn't stopped servers from getting it > wrong. Fundamentally this is the sort of thing where bugs

Re: [TLS] Downgrade protection, fallbacks, and server time

On Thu, Jun 2, 2016 at 6:40 AM Hubert Kario wrote: > On Wednesday 01 June 2016 22:29:06 David Benjamin wrote: > > In case folks hoped we could bump the ClientHello version without > > those dreaded browser fallbacks, I have bad news. :-( 1.3 intolerance > > very much exists.

Re: [TLS] no fallbacks please [was: Downgrade protection, fallbacks, and server time]

On Thursday 02 June 2016 11:39:20 Yoav Nir wrote: > > On 2 Jun 2016, at 10:31 AM, Nikos Mavrogiannopoulos > > wrote:> > > On Wed, 2016-06-01 at 15:43 -0700, Eric Rescorla wrote: > >> 2% is actually pretty good, but I agree that we're going to need > >> fallback. > > > > Please

[TLS] no fallbacks please [was: Downgrade protection, fallbacks, and server time]

On Wed, 2016-06-01 at 15:43 -0700, Eric Rescorla wrote: > 2% is actually pretty good, but I agree that we're going to need > fallback. Please not. Lets let these fallbacks die. Not every client is a browser. TLS 1.3 must be a protocol which doesn't require hacks to operate. CBC was removed, lets