Re: [TLS] assert TLSext in renego-ServerHello instead of disable renego

Bodo Moeller <bmoeller@acm.org> Sun, 15 November 2009 23:36 UTC

Return-Path: <bmoeller@acm.org>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BC24F3A688E for <tls@core3.amsl.com>; Sun, 15 Nov 2009 15:36:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.929
X-Spam-Level:
X-Spam-Status: No, score=-101.929 tagged_above=-999 required=5 tests=[AWL=0.320, BAYES_00=-2.599, HELO_EQ_DE=0.35, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wW1Rwm8Wh4KU for <tls@core3.amsl.com>; Sun, 15 Nov 2009 15:36:36 -0800 (PST)
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.8]) by core3.amsl.com (Postfix) with ESMTP id BDE533A6832 for <tls@ietf.org>; Sun, 15 Nov 2009 15:36:35 -0800 (PST)
Received: from [10.1.64.105] (216-239-44-65.google.com [216.239.44.65]) by mrelayeu.kundenserver.de (node=mrbap1) with ESMTP (Nemesis) id 0MbrOw-1NT8i91Sn0-00IiSQ; Mon, 16 Nov 2009 00:36:33 +0100
From: Bodo Moeller <bmoeller@acm.org>
To: Marsh Ray <marsh@extendedsubset.com>
In-Reply-To: <4B0066C9.9090901@extendedsubset.com>
References: <200911092035.nA9KZviE026489@fs4113.wdf.sap.corp> <4AF8EF8F.3090100@jacaranda.org> <4AF8F7B4.7020101@pobox.com> <4AF8FDBD.4080003@jacaranda.org> <4AF9070E.4050305@jacaranda.org> <4AF99E04.3060604@pobox.com> <20091112055910.58D2369EF16@kilo.networkresonance.com> <4AFC46D8.9050905@pobox.com> <20091113060004.55DC569F31E@kilo.networkresonance.com> <3494BBB0-E80A-4CCA-92EF-A7EC794BEF9D@acm.org> <4B005E54.6030600@extendedsubset.com> <FD7FB19E-2A6B-48FA-9DAD-D0C4835C22EF@acm.org> <4B0062EA.8060906@extendedsubset.com> <1F698852-2C4B-4F21-8B4F-0D6CFA6BB41E@acm.org> <4B0066C9.9090901@extendedsubset.com>
Message-Id: <A929DD1E-BAA3-448E-BF54-CEF7F11BC3FE@acm.org>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Sun, 15 Nov 2009 15:36:28 -0800
X-Mailer: Apple Mail (2.936)
X-Provags-ID: V01U2FsdGVkX1+TnyRFCfG3Hrnah+Bc23tLouZkEVDPY4sGyJu f3du0PtGM8BRVR5jSCXuQsy03Y5eIJhlroapq0s4Jw3G7GDx73 Xzx0KvIUSONtf7nVlp5bw==
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] assert TLSext in renego-ServerHello instead of disable renego
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Nov 2009 23:36:36 -0000

On Nov 15, 2009, at 12:38 PM, Marsh Ray wrote:

> Bodo Moeller wrote:
>>
>> How would they do that?  Everything is supposed to be encrypted then.
>
> They will notice handshake messages after the initial handshake. The
> record content type field is never encrypted.

Oh, so you meant *potentially* unsafe renegotiations.

>
>> I don't think the protocol should too much be designed around making
>> monitoring systems happy.  You can't do this for all interesting  
>> issues
>> that client or server implementations might have anyway.  Here we  
>> have a
>> vulnerability that's easy to fix in such a way that monitoring  
>> systems
>> can see some fix deployment information, so why not.  Adding extra  
>> flags
>> just for monitoring's sake, I'm not so sure.
>
> Many, many sites will configure their stateful firewalls to shoot down
> any potentially-unsafe renegotiations. Without plaintext indicators,
> that will mean all renegotiations.

Not sending the extension when you don't intend to abort if the server  
doesn't echo it back and don't intend to renegotiate seems right then.

Bodo