IETF Logo Mail Archive

[TLS] Comments on draft-rescorla-tls-renegotiation-01.txt

Kyle Hamilton <aerowolf@gmail.com> Tue, 24 November 2009 23:23 UTC

Return-Path: <aerowolf@gmail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8405D3A67C1 for <tls@core3.amsl.com>; Tue, 24 Nov 2009 15:23:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6qb5a1Ng3xo6 for <tls@core3.amsl.com>; Tue, 24 Nov 2009 15:23:06 -0800 (PST)
Received: from mail-pz0-f176.google.com (mail-pz0-f176.google.com [209.85.222.176]) by core3.amsl.com (Postfix) with ESMTP id AB2653A67AF for <tls@ietf.org>; Tue, 24 Nov 2009 15:23:04 -0800 (PST)
Received: by pzk6 with SMTP id 6so4907446pzk.29 for <tls@ietf.org>; Tue, 24 Nov 2009 15:22:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=bvbALgrQQYQBFniR6BKG9Y27SSheZx/0f2M2bcGVP2Q=; b=YavCRvsPyhCCXkV0L6ZJUIvwNfsPwoWHXFZPQ4Fo97cvKRYnVs6Ic0q2I/eO2lAweE pajtfYDeLX4W44NqmnCNmUydnjEQY6BFdWYGiYXaMbm5due+rq4Mj0s2L6yveCWbuQ0G 75E/PAM1VtXS46NPOgW7V/RIiLE3f1KJfLVKY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=WmavWeqTwUF/2KYyo9jfsUXwrD1jJrSHBkgzgCXf1iTMPXounb7wW1tZj9O1FYt6jx TkwbmiWliaWj5U80BY6XzX8pLcfwNjJbDaGqZtXZMO/ICkJAtyQv2w6utZrOtCVxG72s GhX/622DANZGZ3dY+UKp2+1tyhBOULVkIp45g=
MIME-Version: 1.0
Received: by 10.142.8.35 with SMTP id 35mr794548wfh.30.1259104977627; Tue, 24 Nov 2009 15:22:57 -0800 (PST)
Date: Tue, 24 Nov 2009 15:22:57 -0800
Message-ID: <6b9359640911241522q6e31633bp3fd48bc2922c0cdf@mail.gmail.com>
From: Kyle Hamilton <aerowolf@gmail.com>
To: tls@ietf.org
Content-Type: text/plain; charset="UTF-8"
X-Mailman-Approved-At: Tue, 24 Nov 2009 15:49:13 -0800
Subject: [TLS] Comments on draft-rescorla-tls-renegotiation-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Nov 2009 23:41:36 -0000

I hadn't actually read this before I wrote my last message.  It
includes both of the aspects that I stated were necessary (a TLS
extension and a magic cipher identifier), and I support it.

4.3.1:
Clients which choose to fall back to an extensionless mode of
   operation MUST include the magic cipher suite [TBD] in any such
   handshake.  Servers MUST reject any ClientHello which uses this
   cipher suite but does not include RI with a fatal "handshake_failure"
   alert.  Because servers ordinarily ignore unknown cipher suites, this
   cipher suite can be added safely on any handshake, thus allowing
   detection and prevention of the MITM attack described above.

This is absolutely essential.  TLS extensions exist, but SSL 3 is
still commonly used.  There's no reason why SSL 3 shouldn't benefit
from anything that happens after-the-fact, even though it was never an
actual IETF protocol.

The only issue I see is... we've got an issue in signalling back to
the client that it knows how to do the updated handshake.  Would a
slightly modified HelloRequest do it?

-Kyle H

v2.23.0 | Report a Bug | By Email