On Thursday 23 July 2015 14:21:15 Dave Garrett wrote:
> On Thursday, July 23, 2015 01:10:30 pm Eric Rescorla wrote:
> > On Thu, Jul 23, 2015 at 7:06 PM, Stephen Farrell
> > >
> > wrote:
> > > A suggestion - could we remove mention of anything that
> > > is not a MUST or SHOULD ciphersuite from the
On Thursday 16 July 2015 18:09:38 Ilari Liusvaara wrote:
> > > > 6.3.1.2. (Server Hello)
> > >
> > > Well, at least it wouldn't be backward compatiblity hazard to remove
> > > session_id_len, since it comes after server version.
> >
> > I'm sold.
>
> However, that would change ServerHello parsin
On Friday, July 24, 2015 01:50:31 am Andrei Popov wrote:
> > I'm proposing renaming "insufficient_security" to
> > "unsupported_cipher_suites", which is explicitly what it's been for since
> > TLS 1.0.
>
> Not quite. Insufficient_security alert is defined as follows:
> " Returned instead of hand
On Friday, July 24, 2015 06:43:17 am Hubert Kario wrote:
> And I completely agree. FREAK and Logjam wouldn't happen at all if we didn't
> drag with us stuff that was considered legacy 10 years ago.
>
> But stuff like "server MUST abort handshake if it sees export grade ciphers
> in
> Client Hel
On Friday 24 July 2015 12:57:42 Dave Garrett wrote:
> On Friday, July 24, 2015 06:43:17 am Hubert Kario wrote:
> > And I completely agree. FREAK and Logjam wouldn't happen at all if we
> > didn't drag with us stuff that was considered legacy 10 years ago.
> >
> > But stuff like "server MUST abort
On Friday, July 24, 2015 01:18:41 pm Hubert Kario wrote:
> On Friday 24 July 2015 12:57:42 Dave Garrett wrote:
> > To be clear, the wording I have in the PR is not this broad. It only
> > requires aborting if export ciphers were offered by a TLS 1.3+ client, not
> > just any client.
>
> and how a
> On Friday, July 24, 2015 01:18:41 pm Hubert Kario wrote:
>> On Friday 24 July 2015 12:57:42 Dave Garrett wrote:
>>> To be clear, the wording I have in the PR is not this broad. It only
>>> requires aborting if export ciphers were offered by a TLS 1.3+ client, not
>>> just any client.
>>
>> and ho
Yes, this sounds good to me too.
Cheers,
Andrei
-Original Message-
From: Dave Garrett [mailto:davemgarr...@gmail.com]
Sent: Friday, July 24, 2015 6:16 PM
To: Andrei Popov
Cc: Eric Rescorla; tls@ietf.org
Subject: Re: [TLS] new error alerts?
On Friday, July 24, 2015 01:50:31 am Andrei Po
* Andrei Popov [25/07/2015 01:26:41] wrote:
> Yes, this sounds good to me too.
>
+1.
Aaron
signature.asc
Description: Digital signature
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
On Thu, Jul 23, 2015 at 07:10:30PM +0200, Eric Rescorla wrote:
> On Thu, Jul 23, 2015 at 7:06 PM, Stephen Farrell
> wrote:
>
> > A suggestion - could we remove mention of anything that
> > is not a MUST or SHOULD ciphersuite from the TLS1.3 document
> > and then have someone write a separate draf
On Fri, Jul 24, 2015 at 02:03:13PM -0400, Dave Garrett wrote:
> > and how a server can tell that the client is TLS1.3 only and not
> > TLS1.0-up-to-
> > TLS1.3?
>
> TLS 1.0-1.3 shouldn't be offering export ciphers any more than TLS 1.3
> only. A TLS 1.0-1.2 client, or at least one offering that,
> What we've cannot yet turn off is RC4.
Then do not use TLS 1.3
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
12 matches
Mail list logo
