Hi Yaron, Thanks for the response. My the point remains is why treat TLS1.0 different to SSL3.0 if they have the same security characteristics. Why is fallback to TLS1.0 is ok, but is SSL 3.0 not? The only rationale I can think of is given their similarity, the odd of success with SSL 3.0 if TLS 1.0 fails are slim, but that seems a weak case for prohibition.
Trevor -----Original Message----- From: Yaron Sheffer [mailto:[email protected]] Sent: Sunday, July 06, 2014 12:29 PM To: Trevor Freeman; [email protected] Subject: Re: [Uta] TLS BCP 01 Draft Adding some data to my previous mail: As of Jan. 2014, 65% of the top 1M Web servers did not speak TLS 1.1 or 1.2 [1]. So while we should move implementations to TLS 1.2 (as we do in this draft), it is probably too early to mandate against the fallback to TLS 1.0. Thanks, Yaron [1] https://jve.linuxwall.info/blog/index.php?post/TLS_Survey On 07/06/2014 10:09 PM, Yaron Sheffer wrote: > Hi Trevor, thanks for your review. Please see my comments in line. > > On 06/30/2014 09:11 PM, Trevor Freeman wrote: >> General Comments. >> [...] >> >> Section 3.2 still treats SSL 3.0 differently to TLS 1.0. Why is it ok >> to fall back to TLS 1.0 but not SSL 3.0 if both offer the same security? > > This is a good question. I believe the answer is, because much of the > server population still only supports TLS 1.0, and if we recommend > otherwise, the recommendation will be ignored for (justified) > interoperability reasons. But I may be wrong about the prevalence of > such servers. > [...] _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
