Re: [TLS] Cipher suite values to indicate TLS capability
Adam Langley <agl@google.com> Tue, 05 June 2012 23:35 UTC
Return-Path: <agl@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C92E11E8086 for <tls@ietfa.amsl.com>; Tue, 5 Jun 2012 16:35:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.977
X-Spam-Level:
X-Spam-Status: No, score=-102.977 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V4mjDgoomfeL for <tls@ietfa.amsl.com>; Tue, 5 Jun 2012 16:35:37 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id A0D3921F86F9 for <tls@ietf.org>; Tue, 5 Jun 2012 16:35:37 -0700 (PDT)
Received: by yenq13 with SMTP id q13so5001999yen.31 for <tls@ietf.org>; Tue, 05 Jun 2012 16:35:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding:x-system-of-record; bh=5gpANkNupz5i2Rd+/SU1CJQEUf6s7f3C1//DHctwcMI=; b=PwamFLA3PxmeNnPDSRlipypKLuFrxQfL6fgvnzrGCAJVMMX5p/5iaz58rgrPINwJhP YDK0GpCQnuH8dyZ98UwFooEyPIRwSndRDeizS//PQt15G2e0HqRGDn5mHBLfAhVXS/BP vxkPtlcb2wCgTstGUw0wMwKJAxprq510XoYuFxD96xeVucgoFKQjl9ZFEGy25IxcIrux nl09h70eKI/3kv/4LSMVeKrJuBeLOJULZeoEkd/d+XMdztW3smIMJfEXDtnSfKTULfKL 3vfVB0gpcIJpoBx4jjSXuC06IXAEnsK360shwrKuyrpRHuUZgtPaNr+jF8RTrwfLdMhl /hgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding:x-system-of-record :x-gm-message-state; bh=5gpANkNupz5i2Rd+/SU1CJQEUf6s7f3C1//DHctwcMI=; b=Gccv3xkjuaPMwdA5cOJ43HXuGaC93SxUMqIzqxQajZwPO83mJYQgquqfTTFNoUTl9v ccLmewKAUMtOvt57En/QAXRoH6aAE8ljuOhX982tDy3rNSwmJ6w1cyqcuwpVY5rZWQ6k IfvrsMEPO+t12WeiSmgIZnbeBGMOdO52SyreMohjQzuSv8K07i1vUxjT/njd4KEEbBL6 hSZjDd6TFHfxWhC4Lm0Rw0olBwMcdmI8mbgUGEUmNWdXZLKSFH0AkqT86QMqmF+RoVoO c2/Lgsb4gcnHCOQx+53Cu/UZ9S4KC/OJCf70hQtbwF418ntXSsZ+dpNRCRmX0YDvLZY3 CpHA==
Received: by 10.50.185.163 with SMTP id fd3mr4949122igc.22.1338939331568; Tue, 05 Jun 2012 16:35:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.50.185.163 with SMTP id fd3mr4949116igc.22.1338939331395; Tue, 05 Jun 2012 16:35:31 -0700 (PDT)
Received: by 10.231.5.201 with HTTP; Tue, 5 Jun 2012 16:35:31 -0700 (PDT)
In-Reply-To: <m2sje9xsc0.fsf@localhost.localdomain>
References: <CAL9PXLwdQctUub5oPx0tepsfveDo0bNKGBUaUBBFeq4u4D0BbA@mail.gmail.com> <m2sje9xsc0.fsf@localhost.localdomain>
Date: Tue, 05 Jun 2012 19:35:31 -0400
Message-ID: <CAL9PXLy_Lr+-ehOKSddtooVBpgUzxCyLKhWghC7UtOAt3HH2Rw@mail.gmail.com>
From: Adam Langley <agl@google.com>
To: Geoffrey Keating <geoffk@geoffk.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-System-Of-Record: true
X-Gm-Message-State: ALoCoQlV0+GegE0M8UiL2aGz7ddZflRm6+e+GJthPrxhsj3xWorpfK0kmdxhMVL/4Yft1rE2H3iB2vhEomGu65bltIzPHZED6Qmp7qFlMsPBq3GHGE2Mm62XtkVP2AIBajdpo0OGsJdQ
Cc: tls@ietf.org
Subject: Re: [TLS] Cipher suite values to indicate TLS capability
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jun 2012 23:35:38 -0000
On Tue, Jun 5, 2012 at 7:16 PM, Geoffrey Keating <geoffk@geoffk.org> wrote: > Could you simply send the ECDHE values anyway? If the remote end > accepts them, you can reasonably be sure you're under a downgrade > attack (but see below). We would need to send both the ECDHE ciphersuites and the extensions outlining the acceptable curves and point formats. Adding all that would reasonably cause SSLv3-only servers to reject the ClientHello. > One problem with this proposal is that in practice it isn't really > indicating 'TLS 1.0 capable'. A system might actually support TLS > 1.0, but not extensions, or it might have trouble parsing the > particular EC extensions you sent, or some other extension, or it > might not like the negotiated cipher suite, or the total number of > proposed cipher suites, or the compression algorithm. Or it could > have mysteriously failed (once) for reasons unconnected to the TLS > negotiation. Well, all of those save the last are failures to implement TLS correctly, so then it's not TLS capable :) (As for transient network errors: these happen but fallback isn't intended to work around them. Whatever reconnection logic we might have is orthogonal to this and would be common between HTTP and HTTPS connections. We don't actually do fallback from TLS to SSLv3 for TCP level errors in Chrome.) Obviously this is a sacrifice of elegance on the alter of practical need. What the SCSV effectively says is that the server implements TLS to a level that was common at the time that servers started to be patched with SCSV support. That isn't perfect, or even good, but it is still very useful. Cheers AGL
- Re: [TLS] Cipher suite values to indicate TLS cap… Geoffrey Keating
- [TLS] Cipher suite values to indicate TLS capabil… Adam Langley
- Re: [TLS] Cipher suite values to indicate TLS cap… Adam Langley
- Re: [TLS] Cipher suite values to indicate TLS cap… Geoffrey Keating
- Re: [TLS] Cipher suite values to indicate TLS cap… Adam Langley
- Re: [TLS] Cipher suite values to indicate TLS cap… Adam Langley
- Re: [TLS] Cipher suite values to indicate TLS cap… Geoffrey Keating
- Re: [TLS] Cipher suite values to indicate TLS cap… Adam Langley
- Re: [TLS] Cipher suite values to indicate TLS cap… Chris Richardson
- Re: [TLS] Cipher suite values to indicate TLS cap… Wan-Teh Chang
- Re: [TLS] Cipher suite values to indicate TLS cap… Yoav Nir
- Re: [TLS] Cipher suite values to indicate TLS cap… Yoav Nir
- Re: [TLS] Cipher suite values to indicate TLS cap… Nikos Mavrogiannopoulos
- Re: [TLS] Cipher suite values to indicate TLS cap… Geoffrey Keating
- Re: [TLS] Cipher suite values to indicate TLS cap… Chris Richardson
- Re: [TLS] Cipher suite values to indicate TLS cap… Tom Ritter
- Re: [TLS] Cipher suite values to indicate TLS cap… Nikos Mavrogiannopoulos
- Re: [TLS] Cipher suite values to indicate TLS cap… Adam Langley
- Re: [TLS] Cipher suite values to indicate TLS cap… Nikos Mavrogiannopoulos
- Re: [TLS] Cipher suite values to indicate TLS cap… Adam Langley
- Re: [TLS] Cipher suite values to indicate TLS cap… Martin Rex