Re: [TLS] PR for anti-downgrade mechanism
Eric Rescorla <ekr@rtfm.com> Fri, 09 October 2015 13:43 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDF221B3E71 for <tls@ietfa.amsl.com>; Fri, 9 Oct 2015 06:43:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z9njaHyufIPo for <tls@ietfa.amsl.com>; Fri, 9 Oct 2015 06:43:05 -0700 (PDT)
Received: from mail-wi0-f174.google.com (mail-wi0-f174.google.com [209.85.212.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B1E71B3E6E for <tls@ietf.org>; Fri, 9 Oct 2015 06:43:05 -0700 (PDT)
Received: by wiclk2 with SMTP id lk2so67852936wic.1 for <tls@ietf.org>; Fri, 09 Oct 2015 06:43:03 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=JjxCJNU5JyS/9oez06Vjyk4dvURcvsSkk3XIr02UoHA=; b=ma6VF4cG53Vn44aooQjvX/y61cTxP6QiHcm5Y5XEcguhFACJc9K9rXOEmAhp7qkjMI a6caI5wAnhXZnrlpUTzcz4neWm1HLsitWbpEfoGaLMYGd6lhFqm4YZAxTJEsDlixSBGd vIVi2ZiK7ufCu758+GPAK0tCpbAWWk/Td4oNTQgQhPhbDSJ8X/UuhyA/gufZNnORETvr eSdCDrwmQJkWc3hI/rYaQabaiQJiC0YO7Ar7MTzciXqP9DLdCr9GA8GYyqAEyUDlK73a 9gx8RDy8uTwCOg0crmroinnWX4X6UOeItc90i6RCnUdtzGOVQuu0Ku5CvMM/SYVpJLP8 NqQw==
X-Gm-Message-State: ALoCoQntX4MufFlXdIZRnQWuYuFZ9WU3Ht2gznMlwaLQFwDy4ea/gKc704O7u6wmkBHDMuzGe+XH
X-Received: by 10.194.133.129 with SMTP id pc1mr14587890wjb.148.1444398183783; Fri, 09 Oct 2015 06:43:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.27.79.200 with HTTP; Fri, 9 Oct 2015 06:42:24 -0700 (PDT)
In-Reply-To: <ADFC607B-D2B4-4BFB-A8FB-A10F1DC2B21C@akamai.com>
References: <CABcZeBOB9mnQ8bLOCSysnx9LMv0hxrPCA21jTnxAMb3Yom_Aow@mail.gmail.com> <B6621FBD-8C45-43CC-96BB-FD71F279E339@gmail.com> <ADFC607B-D2B4-4BFB-A8FB-A10F1DC2B21C@akamai.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 09 Oct 2015 15:42:24 +0200
Message-ID: <CABcZeBOAy5pHr_5MPiWC_BEg6KgqacjUtVEnb=465w=yd4saNg@mail.gmail.com>
To: "Short, Todd" <tshort@akamai.com>
Content-Type: multipart/alternative; boundary="089e01227d94a8b7d00521ac2836"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/2FoTxsXNdBGgCtCRywxfvaGH2pw>
Cc: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] PR for anti-downgrade mechanism
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Oct 2015 13:43:07 -0000
On Fri, Oct 9, 2015 at 3:23 PM, Short, Todd <tshort@akamai.com> wrote: > > > On Oct 9, 2015, at 8:48 AM, Karthikeyan Bhargavan < > karthik.bhargavan@gmail.com> wrote: > > - There is a 1/(2^N) chance that valid connections to TLS 1.2 servers will > be dropped by > TLS 1.3 clients, because of this proposal. This only happens for > servers that do not > use the unix timestamp (the current timestamp is greater than 0304xxxx). > Still, we need to carefully choose N so that this risk of connection > dropping is acceptable. > > > I’m thinking this chance can be reduced to 0. > Wouldn’t a TLSv1.3 client be able to recognize that it’s connecting to a > TLSv1.2 server, and not parse the first N bits of the server random? > The idea is to distinguish this case from the case where they are connecting to an attacker pretending to be a TLS 1.2 server. -Ekr -- > -Todd Short > // tshort@akamai.com > // "One if by land, two if by sea, three if by the Internet." > >
- [TLS] PR for anti-downgrade mechanism Eric Rescorla
- Re: [TLS] PR for anti-downgrade mechanism Karthikeyan Bhargavan
- Re: [TLS] PR for anti-downgrade mechanism Yngve N. Pettersen
- Re: [TLS] PR for anti-downgrade mechanism Karthikeyan Bhargavan
- Re: [TLS] PR for anti-downgrade mechanism Eric Rescorla
- Re: [TLS] PR for anti-downgrade mechanism Short, Todd
- Re: [TLS] PR for anti-downgrade mechanism Eric Rescorla
- Re: [TLS] PR for anti-downgrade mechanism Viktor Dukhovni
- Re: [TLS] PR for anti-downgrade mechanism Eric Rescorla
- Re: [TLS] PR for anti-downgrade mechanism Dave Garrett
- Re: [TLS] PR for anti-downgrade mechanism Dave Garrett
- Re: [TLS] PR for anti-downgrade mechanism Viktor Dukhovni
- Re: [TLS] PR for anti-downgrade mechanism Dave Garrett
- Re: [TLS] PR for anti-downgrade mechanism Salz, Rich
- Re: [TLS] PR for anti-downgrade mechanism Brian Smith
- Re: [TLS] PR for anti-downgrade mechanism Karthikeyan Bhargavan
- Re: [TLS] PR for anti-downgrade mechanism Dave Garrett
- Re: [TLS] PR for anti-downgrade mechanism Eric Rescorla
- Re: [TLS] PR for anti-downgrade mechanism Brian Smith
- Re: [TLS] PR for anti-downgrade mechanism Martin Thomson
- Re: [TLS] PR for anti-downgrade mechanism Brian Smith
- Re: [TLS] PR for anti-downgrade mechanism Martin Thomson
- Re: [TLS] PR for anti-downgrade mechanism Brian Smith
- Re: [TLS] PR for anti-downgrade mechanism Karthikeyan Bhargavan
- Re: [TLS] PR for anti-downgrade mechanism Eric Rescorla
- Re: [TLS] PR for anti-downgrade mechanism Viktor Dukhovni
- Re: [TLS] PR for anti-downgrade mechanism Eric Rescorla
- Re: [TLS] PR for anti-downgrade mechanism Martin Thomson
- Re: [TLS] PR for anti-downgrade mechanism Dave Garrett
- Re: [TLS] PR for anti-downgrade mechanism Eric Rescorla
- Re: [TLS] PR for anti-downgrade mechanism Viktor Dukhovni
- Re: [TLS] PR for anti-downgrade mechanism Dave Garrett
- Re: [TLS] PR for anti-downgrade mechanism Eric Rescorla
- Re: [TLS] PR for anti-downgrade mechanism Dave Garrett
- Re: [TLS] PR for anti-downgrade mechanism Viktor Dukhovni
- Re: [TLS] PR for anti-downgrade mechanism Eric Rescorla
- Re: [TLS] PR for anti-downgrade mechanism Viktor Dukhovni
- Re: [TLS] PR for anti-downgrade mechanism Eric Rescorla
- Re: [TLS] PR for anti-downgrade mechanism Viktor Dukhovni
- Re: [TLS] PR for anti-downgrade mechanism Short, Todd
- Re: [TLS] PR for anti-downgrade mechanism Eric Rescorla
- Re: [TLS] PR for anti-downgrade mechanism David Benjamin
- Re: [TLS] PR for anti-downgrade mechanism Martin Thomson
- Re: [TLS] PR for anti-downgrade mechanism Eric Rescorla
- Re: [TLS] PR for anti-downgrade mechanism Christian Huitema
- Re: [TLS] PR for anti-downgrade mechanism Eric Rescorla
- Re: [TLS] PR for anti-downgrade mechanism Christian Huitema
- Re: [TLS] PR for anti-downgrade mechanism Eric Rescorla
- Re: [TLS] PR for anti-downgrade mechanism Christian Huitema
- Re: [TLS] PR for anti-downgrade mechanism Colm MacCárthaigh
- Re: [TLS] PR for anti-downgrade mechanism Colm MacCárthaigh
- Re: [TLS] PR for anti-downgrade mechanism Joseph Salowey