Re: [TLS] SCSV vs RI when both specified. Was: Updated draft

[Marsh Ray <marsh@extendedsubset.com>]

Blumenthal, Uri - 0662 - MITLL wrote:
> Is this why soldiers in the field switch off their accredited
> certified secure comm gear (which won't talk when things look the
> least bit funny?)

That's something of a complex question in general. It might be
instructive to run down the problems with specific cases though.

> and turn to cell phones? As for them the need to
> communicate usually does NOT take a back seat.

Perhaps the priorities of the soldiers in the field are not in perfect
alignment with those who specified the equipment?

> We are talking hypothetically of course rather than about this
> particular TLS decision, which might well be the right choice.

Even when the goal is successful communcation, my experience is the
opposite.

Paradoxically, it seems that the stricter implementations are expected
to be about data they receive, the better they will interoperate in the
wild.

When receivers are "lenient", senders grow up and get shipped counting
on that undocumented behavior. Later receivers come along which are not
as lenient, or lenient in different ways, and things break.

Compare TLS and HTML: Both were largely driven by Netscape early on. TLS
is relatively strict, whereas HTML was intentionally loose.

TLS has had a few interop issues, but mainly it's deciding how far back
to support old versions. You implementers of course know of some bugs.
We've expended a huge amount of effort to work around the few
extension-intolerant servers out there, but it sounds like that
originated from a document versioning mixup more than anything.

HTML, on the other hand, well, it looked to me like Netscape (and later
Microsoft) attempted to use its undocumented rendering behavior as some
kind of perverse competitive advantage. It was lenient in all sorts of
ways and the result is varying degrees of 'quirks mode', which is still
with us today.

- Marsh


> ----- Original Message ----- From: Marsh Ray
> <marsh@extendedsubset.com> To: Blumenthal, Uri - 0662 - MITLL Cc:
> 'tls@ietf.org' <tls@ietf.org> Sent: Mon Dec 21 11:28:29 2009 Subject:
> Re: [TLS] SCSV vs RI when both specified. Was: Updated draft
> 
> Blumenthal, Uri - 0662 - MITLL wrote:
>> The only purpose of any protocol is to allow entities to
>> communicate (under a given set of constraints). Thus every effort
>> SHOULD be invested to provide this capability whenever possible.
> 
> TLS is a cryptographic data security protocol.
> 
> "Allowing entities to communicate" takes a back seat to the primary
> goal of preventing unauthorized communication.
> 
>> If the protocol spec demands aborting connection, it better have a
>> damn good reason to do so - and more substantive than "some Steve
>> decided it doesn't really matter to him if the peers connect or
>> not".
> 
> How about "remote endpoint doesn't pass the bozo test"?
> 
>> Personal curiosity - what kind of work do you do? (Feel free to 
>> answer in a private email or to ignore altogether.)
> 
> I do software development (and security research) work on
> PhoneFactor, a product/service for doing two-factor authentication
> with ordinary phones.
> 
>> I'm shocked that nobody else seems to pick on this. Is it that 
>> mid-weekend thing, or am I the only one who cares whether the peer 
>> would establish or refuse connection?!
> 
> Yes, I care greatly that the peer refuses any connection that looks
> the least bit funny.
> 
> - Marsh
> 
> _______________________________________________ TLS mailing list 
> TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls