Re: [TLS] An SCSV to stop TLS fallback.

Trevor Perrin <trevp@trevp.net> Tue, 26 November 2013 02:33 UTC

Return-Path: <trevp@trevp.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D45C1AE122 for <tls@ietfa.amsl.com>; Mon, 25 Nov 2013 18:33:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ChHmF133uYxK for <tls@ietfa.amsl.com>; Mon, 25 Nov 2013 18:33:08 -0800 (PST)
Received: from mail-wi0-f179.google.com (mail-wi0-f179.google.com [209.85.212.179]) by ietfa.amsl.com (Postfix) with ESMTP id 00BE11AE0BE for <tls@ietf.org>; Mon, 25 Nov 2013 18:33:07 -0800 (PST)
Received: by mail-wi0-f179.google.com with SMTP id ez12so6412008wid.12 for <tls@ietf.org>; Mon, 25 Nov 2013 18:33:07 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=cdt0C3BwB+ILktows7HK0Xsuvg0nguuLYZ9ZyzDwRc8=; b=G/Ign7sSUZ/EDDwWtRxZO30kxGG1yvulhzJx2Xhl/o6jAG6MlvGmz/BKmGeOUdsVph 3nVHlYefYNja8v/yW5AsDF+hG7dU4x0zMBqj2IcRItIKMAJzWgOd6x/U+t4kWKbZdgVE kniJiFL3coN8XSaLk8eCYhQH5dtnhs7NzEsnHgzQKl8/WQdj9+8n8VNKwN0AeqhoQt4l s8+VUNf15CFm4ZzZaT4pcmAW2guvcRAc0iOlJoRTu+Im8AFmRWqb3HMFV6vlfk1aZLgS w6u8lZAOAhse2nGkmRKSjWWXThd4N5WK5dHr7LmfLBroPDz0/4sWarkbEUpugQEcapKo 41UA==
X-Gm-Message-State: ALoCoQnEbMXvvTv/pi8632Hl1sXrn8UIa9Ce1L7utli4ShRpIHuXLwWzH3iSxDqMKMWgUD3ncv81
MIME-Version: 1.0
X-Received: by 10.180.20.102 with SMTP id m6mr16123891wie.22.1385433187399; Mon, 25 Nov 2013 18:33:07 -0800 (PST)
Received: by 10.216.214.134 with HTTP; Mon, 25 Nov 2013 18:33:07 -0800 (PST)
X-Originating-IP: [12.27.66.5]
In-Reply-To: <CAL9PXLzWPY5o2SeV=kUPWxznkw+3cmpbMpYifCebfqd48VW9UA@mail.gmail.com>
References: <CAL9PXLzWPY5o2SeV=kUPWxznkw+3cmpbMpYifCebfqd48VW9UA@mail.gmail.com>
Date: Mon, 25 Nov 2013 18:33:07 -0800
Message-ID: <CAGZ8ZG2oBwx_Hb3mM59jWx9rZm4zcm4Sv6AdypK4WdciUtG8Bg@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: Adam Langley <agl@google.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] An SCSV to stop TLS fallback.
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Nov 2013 02:33:09 -0000

On Mon, Nov 25, 2013 at 3:27 PM, Adam Langley <agl@google.com> wrote:
[...]
> Chrome 31 has been released and saw a fair amount of breakage due to
> an anti-virus that (in some configurations) acts as a local MITM and
> had bugs. Previously it was depending on browsers falling back to
> SSLv3 in order to function at all.
>
> I've since contacted a few other anti-virus and MITM vendors and asked
> them about the Chrome 32 change. A couple have informed me that they
> will break, at least in some configurations, if Chrome removes all
> fallback because they cannot do version negotiation correctly.

Hi Adam,

Are these MITM products using special root certs installed in the
browser for MITM purposes?  If so, could the browser simply allow
SSLv3 fallback only when connecting to a cert under such an installed
root, while otherwise rejecting such a fallback?


Trevor