IETF Logo Mail Archive

Re: [TLS] Non-extension solutions (requirements)

Bodo Moeller <bmoeller@acm.org> Sun, 15 November 2009 21:48 UTC

Return-Path: <bmoeller@acm.org>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3DF903A6A0A for <tls@core3.amsl.com>; Sun, 15 Nov 2009 13:48:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.412
X-Spam-Level:
X-Spam-Status: No, score=-101.412 tagged_above=-999 required=5 tests=[AWL=0.837, BAYES_00=-2.599, HELO_EQ_DE=0.35, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qOCxyqbjwYOY for <tls@core3.amsl.com>; Sun, 15 Nov 2009 13:48:34 -0800 (PST)
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186]) by core3.amsl.com (Postfix) with ESMTP id B90893A67F4 for <tls@ietf.org>; Sun, 15 Nov 2009 13:48:33 -0800 (PST)
Received: from [10.1.64.105] (216-239-44-65.google.com [216.239.44.65]) by mrelayeu.kundenserver.de (node=mreu1) with ESMTP (Nemesis) id 0MGmAP-1NND5S0Lmz-00DLQm; Sun, 15 Nov 2009 22:48:32 +0100
From: Bodo Moeller <bmoeller@acm.org>
To: Nelson B Bolyard <nelson@bolyard.me>
In-Reply-To: <4B006D46.6070107@bolyard.me>
References: <4AFF79A4.6020706@extendedsubset.com> <20091115111834.334A869F79B@kilo.networkresonance.com> <4B006D46.6070107@bolyard.me>
Message-Id: <FCF8F926-85D2-4E45-871E-103F23A1B060@acm.org>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Sun, 15 Nov 2009 13:48:28 -0800
X-Mailer: Apple Mail (2.936)
X-Provags-ID: V01U2FsdGVkX1+ZBhIyyiVpiVEIrscjIMwby9Wi/o9O0fFaWr1 2Sct+US9fv+m73gEfP5IBtuYkmg3JuRjH1CwcpSPV15uCOnQDx E+ImNrdYJf7NhEgaiDbzQ==
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Non-extension solutions (requirements)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Nov 2009 21:48:35 -0000

On Nov 15, 2009, at 1:06 PM, Nelson B Bolyard wrote:
> On 2009-11-15 03:18 PDT, Eric Rescorla wrote:

>>   Thus, the minimal change is not to change initial negotiations at
>>   all but simply to change renegotiations. This is quite possible
>>   with RI simply by not sending it on the initial negotiation. Of
>>   course, sending it on renegotiation will cause interoperation
>>   failure with vulnerable servers, but that's the desired outcome.

> Are there clients who really want to remain vulnerable?

Um, strawman?

The minimal change is helpful for clients that want to remain  
interoperable with servers that haven't been updated yet, because

- some servers wouldn't really have to be updated because they don't  
support renegotiation in the first place;

- atomically updating all clients and servers isn't possible;

- the attack is irrelevant for opportunistic-encryption scenarios --

if these clients *accept*, as trade-off, that they'd also continue to  
be able to engage in insecure connections (when connecting to insecure  
servers).  This doesn't mean that they *want* to be vulnerable.  It  
doesn't even imply that they necessarily *are* vulnerable (this  
depends on what the higher protocol layers are actually doing with the  
TLS connections, and what servers they open connections to).

Bodo

v2.23.0 | Report a Bug | By Email