Re: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv
"Yngve N. Pettesen" <yngve@spec-work.net> Mon, 27 January 2014 00:35 UTC
Return-Path: <yngve@spec-work.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B60EA1A00B1 for <tls@ietfa.amsl.com>; Sun, 26 Jan 2014 16:35:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s2K6tROSZBKi for <tls@ietfa.amsl.com>; Sun, 26 Jan 2014 16:35:39 -0800 (PST)
Received: from smtp.domeneshop.no (smtp.domeneshop.no [194.63.252.54]) by ietfa.amsl.com (Postfix) with ESMTP id DA9901A00A7 for <tls@ietf.org>; Sun, 26 Jan 2014 16:35:38 -0800 (PST)
Received: from [31.209.139.223] (port=63910 helo=lessa.lan) by smtp.domeneshop.no with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <yngve@spec-work.net>) id 1W7aAq-0002VH-9M for tls@ietf.org; Mon, 27 Jan 2014 01:35:36 +0100
Content-Type: text/plain; charset="iso-8859-15"; format="flowed"; delsp="yes"
References: <CABcZeBP_-MUonYYsxgz2ZdokiEDVhx4mYq1a4BMayuGbbxb2Gg@mail.gmail.com>
To: tls@ietf.org
Date: Mon, 27 Jan 2014 01:35:34 +0100
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: "Yngve N. Pettesen" <yngve@spec-work.net>
Message-ID: <op.xabk33wdhf8200@lessa.lan>
In-Reply-To: <CABcZeBP_-MUonYYsxgz2ZdokiEDVhx4mYq1a4BMayuGbbxb2Gg@mail.gmail.com>
User-Agent: Opera Mail/12.16 (Win32)
Subject: Re: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jan 2014 00:35:41 -0000
On Thu, 23 Jan 2014 11:06:04 +0100, Eric Rescorla <ekr@rtfm.com> wrote: > WG Members, > > This message is a call for acceptance of > http://tools.ietf.org/html/draft-bmoeller-tls-downgrade-scsv-01 > > As a TLS WG item. > > Please provide any comments on this action by Feb 7. Because > there has been only modest discussion of this document, the > chairs ask people who have already spoken in favor or against > this document to re-register their opinion (feel free to just say > +1 or -1 and point back to the archives.) -1 I dislike this approach for several reasons: 1) I dislike the recent tendency to use (throw) an SCSV for (at) any protocol problem showing up. At present these decisions seem to be too ad-hoc IMO. If this use of SCSVs is to continue (which I do not recommend) perhaps the WG should first define a policy for when to use them, and possibly also set aside a range of ciphersuite values for SCSVs and interpretation of unknown SCSVs? E.g. should some SCSVs be considered critical, and should a server that knows about SCSVs but which does not understand a critical SCSV abort the connection? 2) The use of this SCSV require both client and server to be updated to understand the SCSV. The deployment of such a fix is going to take a minimum of 5-10 years (The renego patch, fixing a major security vulnerability, have only recently passed 80%, more than 3 years after it was released). I would prefer a solution that only require one party, the client, to be updated. 3) Involving two parties in determining what to do about the fallback issue will complicate implementations, and also risk interoperability problems. There is one party that specifically knows that it has been falling back, and who can (and IMO should) be making the decisions: the client. The reason for the fallback (assuming no client bugs) may be normal network issues, server non-compliance, non-compliant intermediates, or an MITM attack. The only cases in which an SCSV might help, is in the case of non-compliant intermediates and MITM attacks, but that requires (as mentioned above) that the server supports the SCSV indication. If the server does not support the SCSV the client will have to assume that the server is just non-compliant and continue the connection using an older protocol, or use other means to try to discover if the connection is being interfered with before trusting it. In my opinion the WG should not, at this stage, take on a specific solution as as work item, but should instead explore, as an I-D (by a neutral editor), the problem space and alternative proposals for solving the issues, including SCSVs, proxy indications (such as my renego-based proposal), or recommending "no fallback". That would collect information about the problems and proposals in a single document, and make the matter more readily accessible to new readers than trying to review several years of discussion threads in the WG mailing list. As for the time aspect, using 6-12 months to produce such a document might create a better understanding of the problem and solution, and would not delay the 5-10 year deployment by much (for that matter, there are still many SSL v3-only servers 15 years after TLS 1.0 was published, so deployment might be 10-20 years instead; unless the WG decides to set hard deadlines and to risk "breaking the internet"). A couple of questions that might be investigated in such a document includes: Should the solution support SSL v3-only servers? TLS 1.0 servers without TLS Extension support? Should SCSV capable servers be required to implement TLS 1.2? Can the indication be implemented as an extension instead? and so on. Sincerely, Yngve N. Pettersen -- Using Opera's mail client: http://www.opera.com/mail/
- [TLS] Call for acceptance of draft-moeller-tls-do… Eric Rescorla
- Re: [TLS] Call for acceptance of draft-moeller-tl… Ben Laurie
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Kurt Roeckx
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Rob Stradling
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Rob Stradling
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Michael D'Errico
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Thomson
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Ben Laurie
- Re: [TLS] Call for acceptance of draft-moeller-tl… Kurt Roeckx
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Daniel Kahn Gillmor
- Re: [TLS] Call for acceptance of draft-moeller-tl… Salz, Rich
- Re: [TLS] Call for acceptance of draft-moeller-tl… Geoffrey Keating
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yoav Nir
- Re: [TLS] Call for acceptance of draft-moeller-tl… Daniel Kahn Gillmor
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bill Frantz
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yoav Nir
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yngve N. Pettesen
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Michael D'Errico
- Re: [TLS] Call for acceptance of draft-moeller-tl… Michael D'Errico
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Andrei Popov
- Re: [TLS] Call for acceptance of draft-moeller-tl… Andrei Popov
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… t.petch
- Re: [TLS] Call for acceptance of draft-moeller-tl… Andrei Popov
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yoav Nir
- Re: [TLS] Call for acceptance of draft-moeller-tl… Andrei Popov
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Joseph Salowey (jsalowey)
- Re: [TLS] Call for acceptance of draft-moeller-tl… Russ Housley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Marsh Ray
- Re: [TLS] Call for acceptance of draft-moeller-tl… Eric Rescorla
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Möller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yngve N. Pettersen