Re: [TLS] TLSrenego - current summary of semantics and possibilities

Marsh Ray <marsh@extendedsubset.com> Tue, 10 November 2009 21:17 UTC

Return-Path: <marsh@extendedsubset.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C6D013A6964 for <tls@core3.amsl.com>; Tue, 10 Nov 2009 13:17:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.483
X-Spam-Level:
X-Spam-Status: No, score=-2.483 tagged_above=-999 required=5 tests=[AWL=0.116, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id deOCRXOrRsYs for <tls@core3.amsl.com>; Tue, 10 Nov 2009 13:17:08 -0800 (PST)
Received: from mho-02-ewr.mailhop.org (mho-02-ewr.mailhop.org [204.13.248.72]) by core3.amsl.com (Postfix) with ESMTP id E7F2F3A68C7 for <tls@ietf.org>; Tue, 10 Nov 2009 13:17:07 -0800 (PST)
Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-02-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from <marsh@extendedsubset.com>) id 1N7y5m-000JDa-VK; Tue, 10 Nov 2009 21:17:35 +0000
Received: from [127.0.0.1] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id 0E8F26678; Tue, 10 Nov 2009 21:17:32 +0000 (UTC)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 69.164.193.58
X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX1+egRfDh4cdgSWTu0mI21Oob7S7dT642S8=
Message-ID: <4AF9D868.1030206@extendedsubset.com>
Date: Tue, 10 Nov 2009 15:17:28 -0600
From: Marsh Ray <marsh@extendedsubset.com>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: Nicolas Williams <Nicolas.Williams@sun.com>
References: <200911101928.nAAJSGjI020038@fs4113.wdf.sap.corp> <C71F1D17.251AC%dispensa@phonefactor.com> <20091110203245.GB1105@Sun.COM>
In-Reply-To: <20091110203245.GB1105@Sun.COM>
X-Enigmail-Version: 0.96.0
OpenPGP: id=1E36DBF2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] TLSrenego - current summary of semantics and possibilities
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2009 21:17:08 -0000

Nicolas Williams wrote:
> On Tue, Nov 10, 2009 at 01:37:27PM -0600, Steve Dispensa wrote:
>> This was discussed a bit at the Sept. 29 meeting. I had originally suggested
>> that the extension need not be present during initial negotiations at all,
>> but it was pointed out that network management systems might want to
>> inventory patched clients and servers.
> 
> I guess we'll see whether the need to interop with broken servers (which
> are probably broken forever, and therefore vulnerable forever) is
> important enough that implementors will have to include a knob for
> whether to send this extension on initial negotiations.  I consider the
> fact that it will break such broken servers a feature, but one must be
> realistic also.

It's one thing to say, realistically, some client applications may elect
to put their users at risk for the sake of continuing to work with
defective servers.

It's something else entirely to propose that an IETF spec's official
language and recommended practice for implementors should be weakened in
consideration for these noncompliant systems.

Perhaps those responsible for such systems will take this opportunity to
update them?

Yair Elharrar wrote:
> This could backfire. It would allow hackers to detect unpatched
> clients, and focus their attacks on them.

There are plenty of ways for to attackers to fingerprint clients (looked
at a user-agent string lately?) and it doesn't make sense to make life
difficult for those who have a legitimate need for the data.

Again, where there are trade-offs affecting security and
interoperability, let us favor the side of implementations that will
follow the specs and recommendations over those which do not.

- Marsh