Re: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv
Yoav Nir <synp71@live.com> Sun, 26 January 2014 14:12 UTC
Return-Path: <synp71@live.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACE061A012B for <tls@ietfa.amsl.com>; Sun, 26 Jan 2014 06:12:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Level:
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ptPd0G6hIwSY for <tls@ietfa.amsl.com>; Sun, 26 Jan 2014 06:12:26 -0800 (PST)
Received: from blu0-omc3-s15.blu0.hotmail.com (blu0-omc3-s15.blu0.hotmail.com [65.55.116.90]) by ietfa.amsl.com (Postfix) with ESMTP id 3BC2A1A011A for <tls@ietf.org>; Sun, 26 Jan 2014 06:12:26 -0800 (PST)
Received: from BLU0-SMTP173 ([65.55.116.73]) by blu0-omc3-s15.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Sun, 26 Jan 2014 06:12:24 -0800
X-TMN: [3We93v/C59r9FX+acXhM6HtYs77hmji1]
X-Originating-Email: [synp71@live.com]
Message-ID: <BLU0-SMTP1738DF906BCBD666044DA2AB1A30@phx.gbl>
Received: from ynir-MBA.local ([194.29.32.131]) by BLU0-SMTP173.phx.gbl over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Sun, 26 Jan 2014 06:12:22 -0800
Date: Sun, 26 Jan 2014 16:12:10 +0200
From: Yoav Nir <synp71@live.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Eric Rescorla <ekr@rtfm.com>, "tls@ietf.org" <tls@ietf.org>
References: <CABcZeBP_-MUonYYsxgz2ZdokiEDVhx4mYq1a4BMayuGbbxb2Gg@mail.gmail.com>
In-Reply-To: <CABcZeBP_-MUonYYsxgz2ZdokiEDVhx4mYq1a4BMayuGbbxb2Gg@mail.gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms050300070506050004010809"
X-OriginalArrivalTime: 26 Jan 2014 14:12:22.0246 (UTC) FILETIME=[A16DF060:01CF1AA0]
Subject: Re: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Jan 2014 14:12:27 -0000
On 23/1/14 12:06 PM, Eric Rescorla wrote: > WG Members, > > This message is a call for acceptance of > http://tools.ietf.org/html/draft-bmoeller-tls-downgrade-scsv-01 > > As a TLS WG item. > > Please provide any comments on this action by Feb 7. Because > there has been only modest discussion of this document, the > chairs ask people who have already spoken in favor or against > this document to re-register their opinion (feel free to just say > +1 or -1 and point back to the archives.) +0.5 I'm not opposed to this document, but we should be realistic as to what this solution can accomplish. This extension (I use this term in the sense of protocol extension, not TLS ClientHello Extension) will not protect the client or the server from a TLS proxy. TLS proxies that do not support high versions of TLS will negotiate both the client and the server down to TLS 1.0, and will not forward the SCSV. Also, older servers will not recognize the SCSV and ignore it. So to have this extension add any value, all of the following much be true: - an updated server - an updated client - Something that causes the negotiation to fail. This something could be the client, the server, or something in between. The goal of this extension is to catch the something in the middle. So presumably, the server blocks the connection, or returns a poorly-protected error page whenever it gets the SCSV. But this could be caused by a MitM that drops negotiations that have a too-high TLS version, or by client bugs or by server bugs. Broadly speaking, I think there are four failure scenarios: 1. either the (updated) client or the (updated) server have bugs that caused the TLS 1.2 handshake to fail. 2. The (updated) client has a bug causing it to send the SCSV even though no downgrade happened 3. An attacker is on-path and is dropping TLS 1.2 because it can break TLS 1.2. 4. An older firewall is dropping the TLS 1.2 connections, because they fail some sanity check. (that all TLS records have 3.0 or 3.1 in the record header) So the extension makes sense if #3 is the likely scenario for failure. Any failure for the other reasons is kind of "collateral damage" that I don't think is justified in a world where TLS 1.0 is not considered so terrible as to disable it entirely. So I guess we need to hear some real-world experience about where most such failures would come from. Of course, we don't have any data *now* about buggy updated servers, so we'd have to guess how many and what kind of bugs are going to be present in not-yet-written code. Yoav
- [TLS] Call for acceptance of draft-moeller-tls-do… Eric Rescorla
- Re: [TLS] Call for acceptance of draft-moeller-tl… Ben Laurie
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Kurt Roeckx
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Rob Stradling
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Rob Stradling
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Michael D'Errico
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Thomson
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Ben Laurie
- Re: [TLS] Call for acceptance of draft-moeller-tl… Kurt Roeckx
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Daniel Kahn Gillmor
- Re: [TLS] Call for acceptance of draft-moeller-tl… Salz, Rich
- Re: [TLS] Call for acceptance of draft-moeller-tl… Geoffrey Keating
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yoav Nir
- Re: [TLS] Call for acceptance of draft-moeller-tl… Daniel Kahn Gillmor
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bill Frantz
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yoav Nir
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yngve N. Pettesen
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Michael D'Errico
- Re: [TLS] Call for acceptance of draft-moeller-tl… Michael D'Errico
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Andrei Popov
- Re: [TLS] Call for acceptance of draft-moeller-tl… Andrei Popov
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… t.petch
- Re: [TLS] Call for acceptance of draft-moeller-tl… Andrei Popov
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yoav Nir
- Re: [TLS] Call for acceptance of draft-moeller-tl… Andrei Popov
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Joseph Salowey (jsalowey)
- Re: [TLS] Call for acceptance of draft-moeller-tl… Russ Housley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Marsh Ray
- Re: [TLS] Call for acceptance of draft-moeller-tl… Eric Rescorla
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Möller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yngve N. Pettersen