IETF Logo Mail Archive

Re: [TLS] Non-browser clients.

Nelson B Bolyard <nelson@bolyard.me> Sun, 22 November 2009 21:42 UTC

Return-Path: <nelson@bolyard.me>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9F7343A6920 for <tls@core3.amsl.com>; Sun, 22 Nov 2009 13:42:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.31
X-Spam-Level:
X-Spam-Status: No, score=-2.31 tagged_above=-999 required=5 tests=[AWL=0.289, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ic+vjKuLHQRY for <tls@core3.amsl.com>; Sun, 22 Nov 2009 13:42:22 -0800 (PST)
Received: from p3plsmtpa01-06.prod.phx3.secureserver.net (p3plsmtpa01-06.prod.phx3.secureserver.net [72.167.82.86]) by core3.amsl.com (Postfix) with SMTP id 8FDF63A67DD for <tls@ietf.org>; Sun, 22 Nov 2009 13:42:22 -0800 (PST)
Received: (qmail 23069 invoked from network); 22 Nov 2009 21:42:13 -0000
Received: from unknown (24.5.142.42) by p3plsmtpa01-06.prod.phx3.secureserver.net (72.167.82.86) with ESMTP; 22 Nov 2009 21:42:13 -0000
Message-ID: <4B09AFC0.3030009@bolyard.me>
Date: Sun, 22 Nov 2009 13:40:16 -0800
From: Nelson B Bolyard <nelson@bolyard.me>
Organization: Network Security Services
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.9.1b1pre) Gecko/20081004 NOT Firefox/2.0 SeaMonkey/2.0a2pre
MIME-Version: 1.0
To: "tls@ietf.org" <tls@ietf.org>
References: <C72AB6FD.670D%stefan@aaa-sec.com> <4B04F92A.8050903@extendedsubset.com> <4B053CF5.7000105@drh-consultancy.demon.co.uk> <4B059658.2010200@extendedsubset.com> <4B07EA2B.5040809@drh-consultancy.demon.co.uk> <4B08CCA3.3050104@bolyard.me> <4B09339D.7080108@drh-consultancy.demon.co.uk>
In-Reply-To: <4B09339D.7080108@drh-consultancy.demon.co.uk>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] Non-browser clients.
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Nov 2009 21:42:23 -0000

On 2009-11-22 04:50 PST, Dr Stephen Henson wrote:
> Nelson B Bolyard wrote:
>> On 2009-11-21 05:24 PST, Dr Stephen Henson wrote:
>> 
>>> Just to add a point to this which hasn't really been mentioned.
>>> 
>>> The discussion of connection logic has largely been browser centric, 
>>> non-browser clients often work in a different way and the current 
>>> proposal (draft-ietf-tls-renegotiation-01.txt) can cause them
>>> significant problems.
>> 
>> Where is this draft?  It's not on rfc-editor.org nor on ietf.org. Are
>> you referring to draft-RESCORLA-tls-renegotiation-01.txt?
>> 
> 
> Yes I meant the 01 version at: 
> https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt

That draft has been superseded.  There has been a succession of 3 drafts:

draft-RESCORLA-tls-renegotiation-00.txt
draft-RESCORLA-tls-renegotiation-01.txt
    draft-IETF-tls-renegotiation-00.txt

each of which superseded the previous.

> Fallbacks aren't explicitly mentioned in the 00 draft. The whole issue of
> how one can support secure renegotiation (if the server supports it) but
> still connect to an unpatched SSLv3 or unpatched extension intolerant TLS
> server isn't covered.

Isn't it outside of scope?

The draft named IETF (which I support with some minor clarifications) seems
to address this quite directly.  It says that secure renegotiation cannot
be done with SSLv3.  It talks about clients who want to take the risk may
do it anyway.  But clearly, doing so is outside of the scope and intent of
this draft, which intent is to do things securely.

> The 01 draft resolves this issue but requires fallbacks.
> 
> It has been mentioned elsewhere that the obvious fallback techniques
> using the 00 draft are vulnerable to downgrade attacks. If anyone has a
> reference to a fallback technique that isn't vulnerable and complies to
> the 00 draft I'd be interested to hear it.

I believe that it is the intent of EKR's succession of drafts to NOT attempt
to create an invulnerable form of SSLv3.  Others in this list want to try to
do that with alternative proposals.

> Steve.

v2.23.0 | Report a Bug | By Email