[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Open issue: Record Version Numbers

To: Pasi.Eronen@xxxxxxxxx
Subject: Re: [TLS] Open issue: Record Version Numbers
From: Bodo Moeller <bmoeller@xxxxxxx>
Date: Wed, 25 Oct 2006 15:55:44 +0200
Cc: tls@xxxxxxxx
In-reply-to: <B356D8F434D20B40A8CEDAEC305A1F2403500D01@xxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <20061023090757.GA10448@xxxxxxxxxxx> <B356D8F434D20B40A8CEDAEC305A1F2403500D01@xxxxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.9i

On Wed, Oct 25, 2006 at 04:26:15PM +0300, Pasi.Eronen@xxxxxxxxx wrote:

> Thanks for your comments. I agree about the first change;
> the second change I would reword slightly...

>>    TLS versions 1.0, 1.1, and 1.2, and SSL 3.0 are very similar, and
>>    use compatible ClientHello messages; thus, supporting all of them
>>    is relatively easy.  Similarly, servers can easily handle clients
>>    trying to use future versions of TLS as long as the clients still
>>    support the highest protocol version available in the server.

> This assumes the ClientHello format remains the same;

This is true, but intentional.  If the ClientHello format is ever
changed in an incompatible way such that existing servers cannot
handle it, then a client using this new format cannot support the
highest protocol version available in such servers.  (Unless they use
some kind of future backwards-compatible ClientHello, in which case
servers *can* easily handle such clients, after all.)  Well, and if a
client cannot support the highest protocol version available in the
server, then the above "as long as"-clause does not pretend to apply.

But I guess it still can't hurt to mention the format compatibility
requirement, and use your proposed wording:

>                                                       perhaps this
> is worth mentioning explicitly:
> 
>     TLS versions 1.0, 1.1, and 1.2, and SSL 3.0 are very similar, and
>     use compatible ClientHello messages; thus, supporting all of them
>     is relatively easy.  Similarly, servers can easily handle clients
>     trying to use future versions of TLS as long as the ClientHello
>     format remains compatible, and the client support the highest
>     protocol version available in the server.

Bodo

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] Open issue: Record Version Numbers
  - From: Bodo Moeller
- RE: [TLS] Open issue: Record Version Numbers
  - From: Pasi.Eronen

Prev by Date: RE: [TLS] Open issue: Record Version Numbers
Previous by thread: RE: [TLS] Open issue: Record Version Numbers
Next by thread: [TLS] TLS 1.1 and static DH
Index(es):
- Date
- Thread