Re: [TLS] Version (in)tolerance
Martin Rex <mrex@sap.com> Thu, 17 June 2010 14:21 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9092D3A6855 for <tls@core3.amsl.com>; Thu, 17 Jun 2010 07:21:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.715
X-Spam-Level:
X-Spam-Status: No, score=-7.715 tagged_above=-999 required=5 tests=[AWL=-0.066, BAYES_50=0.001, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HEMuOPQTL4fS for <tls@core3.amsl.com>; Thu, 17 Jun 2010 07:21:06 -0700 (PDT)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by core3.amsl.com (Postfix) with ESMTP id 339713A67D3 for <tls@ietf.org>; Thu, 17 Jun 2010 07:21:06 -0700 (PDT)
Received: from mail.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id o5HEL0nV007112 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 17 Jun 2010 16:21:00 +0200 (MEST)
From: Martin Rex <mrex@sap.com>
Message-Id: <201006171420.o5HEKxq9002213@fs4113.wdf.sap.corp>
To: marsh@extendedsubset.com
Date: Thu, 17 Jun 2010 16:20:59 +0200
In-Reply-To: <4C1A0D75.1050309@extendedsubset.com> from "Marsh Ray" at Jun 17, 10 06:56:37 am
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal08
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] Version (in)tolerance
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jun 2010 14:21:07 -0000
Marsh Ray wrote: > > On 6/17/2010 1:48 AM, Peter Gutmann wrote: > > "Brian Smith" <brian@briansmith.org> writes: > > > >> NSS has an explicit check that the first byte of every version > >> number is 0x03. I imagine other implementations have a similar > >> check. > > > > I do that too, and it's quite deliberate, we've been using 3.x for > > 15-odd years and there's no sign, even with major incompatible > > protocol revisions, that we're going to 4.x at any point. > > But this is the part of the handshake where the protocol version hasn't > actually been agreed on yet. Some future TLS may, in fact, be a big > protocol change but a server is still wrong to refuse to interoperate on > the basis that the client merely proposed a higher protocol version. > > For testing purposes, a client which specified a client_version of > 0xFFFF should be able to successfully handshake using the highest > version the server supports. This works with some implementations today. Maybe you want to turn your attention to the DTLS spec and reconsider your recommendation: http://tools.ietf.org/html/rfc-4347#section-4 version The version of the protocol being employed. This document describes DTLS Version 1.0, which uses the version { 254, 255 }. The version value of 254.255 is the 1's complement of DTLS Version 1.0. This maximal spacing between TLS and DTLS version numbers ensures that records from the two protocols can be easily distinguished. It should be noted that future on-the-wire version numbers of DTLS are decreasing in value (while the true version number is increasing in value.) > > > Any change to 4.x is therefore going to either never happen or will > > be something so major, probably a complete break of the entire > > protocol, that I want to force users to upgrade to a completely new > > release. > > A. We don't know anything about future protocols yet, other than that > the client hello message will probably try to maintain compatibility > back to 1.0 and IANA-assigned identifiers won't collide. If, after all, > TLS version 1.2 is 0x0303 then who can say what 0x0404 will mean? TLS protocol_version numbers work differently. The version negotiation is not capable of dealing with "holes". So the next version of TLS should be using the protocol_version of { 0x03, 0x04 }, no matter how much it differs from TLSv1.2 (protocol_version { 0x03, 0x03 }) and even if we give it the "marketing name" TLSv2.0, it should use the protocol_version { 0x03, 0x04 } on the wire. But there is really a design problem in the "common version" negotiation of TLS because of the implication that the client supports lower protocol version than the one it proposes. If we were to define a substantially different TLSv2.0, and a problem would be found that needed fixing, the current versioning precludes that a TLSv1.3 is defined _after_ a TLSv2.0. -- which is why I strongly prefer fancy new features to be added through TLS extensions rather than a bump of the protocol version -- because it can be more easily adopted by implementations and the installed base. -Martin
- [TLS] Renego Indication RI patch interaction with… Marsh Ray
- Re: [TLS] Renego Indication RI patch interaction … Brian Smith
- Re: [TLS] Renego Indication RI patch interaction … Michael D'Errico
- Re: [TLS] Renego Indication RI patch interaction … Marsh Ray
- Re: [TLS] Renego Indication RI patch interaction … Simon Josefsson
- Re: [TLS] Renego Indication RI patch interaction … Adam Langley
- Re: [TLS] Renego Indication RI patch interaction … Simon Josefsson
- Re: [TLS] Renego Indication RI patch interaction … Brian Smith
- Re: [TLS] Renego Indication RI patch interaction … Marsh Ray
- Re: [TLS] Renego Indication RI patch interaction … Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] Renego Indication RI patch interaction … Martin Rex
- Re: [TLS] Renego Indication RI patch interaction … Michael D'Errico
- Re: [TLS] Renego Indication RI patch interaction … Martin Rex
- Re: [TLS] Renego Indication RI patch interaction … Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] Renego Indication RI patch interaction … Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] Renego Indication RI patch interaction … Ivan Ristic
- Re: [TLS] Renego Indication RI patch interaction … Peter Gutmann
- Re: [TLS] Renego Indication RI patch interaction … Peter Gutmann
- Re: [TLS] Version (in)tolerance Marsh Ray
- Re: [TLS] Version (in)tolerance Peter Gutmann
- Re: [TLS] Version (in)tolerance Marsh Ray
- Re: [TLS] Version (in)tolerance Martin Rex
- Re: [TLS] Version (in)tolerance Marsh Ray