Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard
Bodo Moeller <bmoeller@acm.org> Fri, 16 January 2015 21:04 UTC
Return-Path: <SRS0=Nj8K=CD=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 577A01B2C20; Fri, 16 Jan 2015 13:04:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.362
X-Spam-Level: *
X-Spam-Status: No, score=1.362 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, MANGLED_BACK=2.3, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 337wqNtOHYk4; Fri, 16 Jan 2015 13:04:19 -0800 (PST)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42DA51B2C18; Fri, 16 Jan 2015 13:04:19 -0800 (PST)
Received: from mail-la0-f43.google.com ([209.85.215.43]) by mrelayeu.kundenserver.de (mreue102) with ESMTPSA (Nemesis) id 0MeSdD-1YOVJu0aaN-00QDwN; Fri, 16 Jan 2015 22:04:17 +0100
Received: by mail-la0-f43.google.com with SMTP id q1so5598017lam.2; Fri, 16 Jan 2015 13:04:16 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.112.172.194 with SMTP id be2mr17950161lbc.53.1421442256351; Fri, 16 Jan 2015 13:04:16 -0800 (PST)
Received: by 10.25.25.145 with HTTP; Fri, 16 Jan 2015 13:04:16 -0800 (PST)
In-Reply-To: <20150116210327.61046788@pc>
References: <20150109180539.22231.7270.idtracker@ietfa.amsl.com> <20150116210327.61046788@pc>
Date: Fri, 16 Jan 2015 22:04:16 +0100
Message-ID: <CADMpkcKkdhiEpJSUzsk-rEtCLhYgfMSzcFAwtVzYb96EK2hhZQ@mail.gmail.com>
Subject: Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard
From: Bodo Moeller <bmoeller@acm.org>
To: ietf@ietf.org
Content-Type: multipart/alternative; boundary="001a11c34730c2380e050ccb5030"
X-Provags-ID: V03:K0:L5EDn+tCGoFmFPTR9uRdrQ+oU3M2US2rmdDINJJySqB4iGH1e1s M+dReZ93ybqNKtU76Dkor29zz4M43O9raf7wuOGRrt+ByofzTlqEnGYT6g5vkQapJWCybrv fvDMOPJQq804jrn6HDG7y77xxLkDklKomfthBI/aXG3nGlsK0lsPRgZewPnG9Dv89YtdSk4 EyBuvBWz+55dWpleu9Jiw==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/kWpqnB4lSriRxDCQPcGCcwA5OyQ>
X-Mailman-Approved-At: Tue, 20 Jan 2015 07:53:16 -0800
Cc: Hanno Böck <hanno@hboeck.de>, "tls@ietf.org" <tls@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jan 2015 21:05:45 -0000
Hanno Böck <hanno@hboeck.de>: I think this adds further evidence that adding another workaround layer > (SCSV) is the wrong thing to do. Instead browsers should just stop > doing weird things with protocols that compromise security and drop > the protocol dance completely. > They shouldn't have to do the downgrade dance (and indeed draft-ietf-tls-downgrade-scsv-03 does say so), and certainly I'll be very glad if it turns out that now they really won't have to, but I wouldn't hold my breath. Ideally, the server-side TLS_FALLBACK_SCSV logic will be present as dormant code that never gets executed (because clients just don't do those fallbacks), but which is available if and when needed again. I hope that the Firefox change will make it into the release channel and survive there, but note that it doesn't actually remove the downgrade dance entirely. Rather, there's now a setting that controls whether the downgrade dance is enabled (https://bugzilla.mozilla.org/show_bug.cgi?id=1083058), and the plan merely is to disable this by default ( https://bugzilla.mozilla.org/show_bug.cgi?id=1084025). Also, you may be able to enable the kludge on a per-domain basis ( https://bugzilla.mozilla.org/show_bug.cgi?id=1114816). There's still a lot that can happen here. If the change works well enough for the Firefox release channel (and for all other browsers), I still expect that a bunch of users will need to enable the downgrade dance to get HTTPS connections to legacy devices on their local networks to work. Then it would be discomforting to not have TLS_FALLBACK_SCSV support in servers. Also, quite clearly, we can't yet know how the TLS 1.3 (1.4, 1.5, ...) rollout will work out. Bodo
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Stephen Farrell
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Stephen Farrell
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Bodo Moeller
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Nikos Mavrogiannopoulos
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Nikos Mavrogiannopoulos
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Nikos Mavrogiannopoulos
- RE: Last Call: <draft-ietf-tls-downgrade-scsv-03.… Salz, Rich
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Brian Smith
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Martin Rex
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Martin Rex
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Yoav Nir
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Eric Rescorla
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Adam Langley
- RE: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Andrei Popov
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Bodo Moeller
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Bodo Moeller
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Colm MacCárthaigh
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Hanno Böck
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Jeffrey Walton
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Watson Ladd
- RE: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Yuhong Bao
- RE: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Yuhong Bao
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Henrik Grubbström
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Hubert Kario
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Michael D'Errico
- Re: Last Call: <draft-ietf-tls-downgrade-scsv-03.… Stephen Farrell
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Martin Rex
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Bodo Moeller