________________________________ > Date: Sun, 18 Jan 2015 21:12:01 +0100 > From: bmoeller@xxxxxxx > To: ietf@xxxxxxxx > CC: tls@xxxxxxxx > Subject: Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> > (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing > Protocol Downgrade Attacks) to Proposed Standard > > Jeffrey Walton <noloader@xxxxxxxxx<mailto:noloader@xxxxxxxxx>>: > Bodo Moeller <bmoeller@xxxxxxx<mailto:bmoeller@xxxxxxx>> wrote: > >> Also, quite clearly, we can't yet know how the TLS 1.3 (1.4, 1.5, ...) >> rollout will work out. > > The WG should be solving problems that do exist; and not manufactured > problems or theoretical future problems that don't exist. > > I can't entirely agree with second part of this statement: presumably > everyone in the TLS WG is well aware of past design decisions that > didn't take into account problems that didn't exist then but should > have been foreseeable. (Related: I really shouldn't have had to > write https://www.openssl.org/~bodo/ssl-poodle.pdf to kill off the > fallback to SSL 3.0 in practice ... the "insecure fallback" to earlier > protocol versions, including SSL 3.0, was a known "theoretical > problem", and deserving of being addressed independently of concrete > attacks). POODLE being in the news probably helped pushed admins to fix these servers, though it wasn't initially made clear that TLS extension intolerance can also cause SSLv3 fallback.