Re: [TLS] Comments/Questions on draft-gutmann-tls-encrypt-then-mac-00.txt

Michael D'Errico <mike-list@pobox.com> Wed, 25 September 2013 21:17 UTC

Return-Path: <mike-list@pobox.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB09E21F8267 for <tls@ietfa.amsl.com>; Wed, 25 Sep 2013 14:17:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.57
X-Spam-Level:
X-Spam-Status: No, score=-2.57 tagged_above=-999 required=5 tests=[AWL=0.029, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TM-eXMEZ+nUo for <tls@ietfa.amsl.com>; Wed, 25 Sep 2013 14:17:12 -0700 (PDT)
Received: from sasl.smtp.pobox.com (a-pb-sasl-quonix.pobox.com [208.72.237.25]) by ietfa.amsl.com (Postfix) with ESMTP id 3DF7211E80ED for <tls@ietf.org>; Wed, 25 Sep 2013 14:17:09 -0700 (PDT)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id BC538D70F; Wed, 25 Sep 2013 17:17:08 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=Npdk85IXYQ2u 8BJc2Z614A+CqxY=; b=Zj4jIw8VTtzq5ePE3QxHF9v5JC83OfhPMyzTQC8igx2O 5A7RKn10qQzRJlL0n5/JLiyYArF3WPgyDKiT6iY8LIjXfso0uTems0ySNGvTucSO U6aIcuvWWl51mj85VK2bWj2RH4sduj7t4mFm3ioF5tElggPyYxaqCIzYbi44kg8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=lgCGxl +fYisTCsWroblv7xzvw0iKxgSOzCoT575wAcmLPDC5rOLJNaiF8pU4gptAuThnZZ 6dzmjBVnX+PEJXPrnpI8RsXZYY+7v4+Ho1dgYh6uaO2e3Jb3VDvOf38UWJDSbxDY PBS21k1JeiWIqsHJuJzyg89upK91C68QWYKbY=
Received: from a-pb-sasl-quonix.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id B1AA5D70E; Wed, 25 Sep 2013 17:17:08 -0400 (EDT)
Received: from iMac.local (unknown [24.234.153.62]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTPSA id 0B7C1D70D; Wed, 25 Sep 2013 17:17:07 -0400 (EDT)
Message-ID: <524352D3.4020601@pobox.com>
Date: Wed, 25 Sep 2013 14:17:07 -0700
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228)
MIME-Version: 1.0
To: Bodo Moeller <bmoeller@acm.org>
References: <9A043F3CF02CD34C8E74AC1594475C735567D321@uxcn10-6.UoA.auckland.ac.nz> <CADMpkcJtp-+P8CFn_K7uptXtorYom0ALdaUn6xB16JFZSHoBtg@mail.gmail.com> <CAMfhd9U2eBdeO4MuDBW9hcuxzu0sttkifySSHJp9=bm5n3NNEg@mail.gmail.com> <5243119D.4070001@pobox.com> <CADMpkcKBOTs06DuJfsqDtZuhAzmxeGghXMhe2PPYBq9Ct_oxiA@mail.gmail.com> <CADMpkc+3ifDbnSxp9jiiPAKDPxaCWpkKHXTfgygpN3kOXMUFFQ@mail.gmail.com>
In-Reply-To: <CADMpkc+3ifDbnSxp9jiiPAKDPxaCWpkKHXTfgygpN3kOXMUFFQ@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: D5B3DBAE-2627-11E3-913F-CE710E5B5709-38729857!a-pb-sasl-quonix.pobox.com
Cc: TLS Mailing List <tls@ietf.org>
Subject: Re: [TLS] Comments/Questions on draft-gutmann-tls-encrypt-then-mac-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Sep 2013 21:17:17 -0000

> http://www.ietf.org/internet-drafts/draft-bmoeller-tls-downgrade-scsv-00.txt

I think that the server MUST send a FATAL alert only if it would
not have been willing to negotiate the lower TLS version in the
absence of the SCSV.

A WARNING alert from the server (or some extension_data with more
information) lets the client decide whether to continue.  Both
sides can keep track of these occurrences for further investigation
by interested admins at their leisure (not via calls to the help
desk).

Also RFC 3546 and 4366 have been obsoleted by RFC 6066.

Mike