Re: [TLS] Comments on TLS identity protection

[EKR <ekr@xxxxxxxxxxxxxxxxxxxx>]

<home_pw@xxxxxxx> wrote:
> TLS does indeed forbid the _negotiation_ of this defined
> ciphersuite. (This is
> why I phrased my claim in terms of SSLv3, which allows it.

Another way of looking at this is that it's a bug in the
SSLv3 spec that was fixed in TLS. Are you aware of any
implementation that in fact allows you to negotiate this
cipher suite?

> In SSLv3 one can choose to changeCipherSuite to a null encryption and
> null mac state, and merely use the fragmentation, sequencing and reassembly
> functions of the SSL protocol machine.

The what? SSL offers no capabilities here that are not offered
by the reliable transport it must ride on top of.

> (Nothing in SSLv3 states how the
> seq_num is calculated , note. It can be simple or fancy (provided it starts
> at zero, when the connection state is initialized or assigned).)

I don't have the v3 spec in front of me, but if that's true, it's
a bug in the spec, IMO.

-Ekr

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls