IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00

Andrey Jivsov <crypto@brainhub.org> Mon, 27 October 2014 18:58 UTC

Return-Path: <crypto@brainhub.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1B3D1A802B for <tls@ietfa.amsl.com>; Mon, 27 Oct 2014 11:58:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rnS3CGqg71Lw for <tls@ietfa.amsl.com>; Mon, 27 Oct 2014 11:58:21 -0700 (PDT)
Received: from resqmta-ch2-01v.sys.comcast.net (resqmta-ch2-01v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:33]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 309201AC41F for <tls@ietf.org>; Mon, 27 Oct 2014 11:58:21 -0700 (PDT)
Received: from resomta-ch2-08v.sys.comcast.net ([69.252.207.104]) by resqmta-ch2-01v.sys.comcast.net with comcast id 8JxL1p00G2Fh1PH01JyL5o; Mon, 27 Oct 2014 18:58:20 +0000
Received: from [IPv6:::1] ([71.202.164.227]) by resomta-ch2-08v.sys.comcast.net with comcast id 8JyK1p00B4uhcbK01JyK0A; Mon, 27 Oct 2014 18:58:20 +0000
Message-ID: <544E95CB.4090507@brainhub.org>
Date: Mon, 27 Oct 2014 11:58:19 -0700
From: Andrey Jivsov <crypto@brainhub.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.1
MIME-Version: 1.0
To: tls@ietf.org
References: <2112FCAD-4820-49D9-9871-6501C83A554D@cisco.com> <5449E969.9000800@brainhub.org> <CADMpkc+cLJNMYZb4OqukM7qT1aPsqEmCF0JxOyuLYe=78BEcgQ@mail.gmail.com> <544AB4B4.2010305@brainhub.org> <CADMpkc+cku0G6SKs7ZX6oHidiP2X8x8KfB9+E7mjYcNDXrPw9w@mail.gmail.com> <544B5764.9020006@brainhub.org> <CABkgnnVcNgC0SXFkfLYJHyxWe0uxDDShfgPgH=JmmTv0KVQhpg@mail.gmail.com> <544B5D82.2080900@brainhub.org> <CADMpkcLzXV0P8uyoL7F=o3fMUkaJwWZUF7+fBoGYaBri1DgDcg@mail.gmail.com> <544BFCED.9080904@brainhub.org> <CAFewVt4=uBP-J0WJyppph_BzbdEsTHw63BF9XrrHNfqUwapvSg@mail.gmail.com> <544C6C00.3070903@brainhub.org> <87a94hwna5.fsf@alice.fifthhorseman.net>
In-Reply-To: <87a94hwna5.fsf@alice.fifthhorseman.net>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1414436300; bh=PIp4s6/Obpg3h/VKLa+W2sKvEN1rMkAvH2Jc24TIEdc=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=fbmMg6Tld5nj/wYipdWTdOphVIn35CJWXFrr77TeVmUbdGQDspHSVXhKkGgfjEoN1 YmExtm7VxAtbuX2oXs4FB98KEXnvpIk/QNSDBU8Uq4kRHEcq6T6cVpGTIJH+HJ2mUB 20EFPvlQrs9J68M81D+93kR+cxwzmgTuiNhGxuwsUn8FXLdhAypVL09WLoaigaDOLx FIU/YUN9sMRhFicq8CGwhczFE5wnhQz4OLaw+oLve7zfNKQ+qp+zqJdjtztBZj2Eiz Nx9F8WSg//9TWMFqFCSd45Bb2dLlt5wE6CcPgSeZnGNIj8i4/jT/g5DQ16CmXZKPK/ v/9zKgkoi+Hkw==
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/44rjJ33t3OIGU5ollnYX0JF0pI4
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Oct 2014 18:58:25 -0000

On 10/27/2014 08:22 AM, Daniel Kahn Gillmor wrote:
> On Sat 2014-10-25 23:35:28 -0400, Andrey Jivsov wrote:
>> Let's wait with TLS_FALLBACK_SCSV for a minute :-).
>>
>> To be even more specific, let's simplify the above a bit:
>>
>>          TLS1.2: X, Y
>>          TLS1.1: X
>>          TLS1.0: X
>>          SSL3.0: RC4-MD5
>>
>> ( SSL3.0 has only RC4-MD5, and RC4-MD5 is not in X or Y. )
>   [...]
>> Example, using the above table:
>>
>> ClientHello: TLS1.1+RC4-MD5+TLS_FALLBACK_SCSV
>> Server: MUST fail
>>
>> v.s.
>>
>> ClientHello: TLS1.1+RC4-MD5
>> Server: negotiates SSL3.0+RC4-MD5
>
> I think you've just demonstrated that the server is misconfigured in
> this example.
>
> Because of its misconfiguration, the server has selected SSL3.0 when it
> could have selected TLS1.1.
>

... or it's a feature on the server to kill SSL3.0-era cipher when 
SSL3.0 is disabled in a browser

> (this scenario might have more nuance if we're talking about a TLS 1.3
> specification that doesn't permit negotiation of RC4-MD5, but that's not
> the scenario painted above)


>
> ----
>
> In general, i don't have a lot of sympathy for the complaint that a
> network failure causes fallback negotiation, which might fail.  Outside
> of TLS, when a network failure causes a TCP session to abort, the
> connection fails anyway.
>
> We should have guidance to the implementer of any fallback dance that
> the receipt of an inappropriate_fallback alert means you should clear
> your notion of whether a given host needs a fallback.
>
> In a browser context, this means that the user clicks "reload", and they
> get a new try at the connection.  This is something users are familiar
> with in other network-glitch scenarios.
>

I think that these fallback heuristics will contain false-positives. My 
thought was that if the server has SHOULD fail, it could do something 
like never fail on TLS1.1 and higher (or TLS1.2 when TLS1.3 is out). 
Otherwise one must accept that servers implementing TLS_FALLBACK_SCSV 
will contribute to higher number of failed handshakes.

>       --dkg
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email