IETF Logo Mail Archive

Re: [TLS] Consensus Call for draft-ietf-tls-renegotiation-00.txt

Geoffrey Keating <geoffk@apple.com> Sun, 29 November 2009 03:27 UTC

Return-Path: <geoffk@apple.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6D4B23A6925 for <tls@core3.amsl.com>; Sat, 28 Nov 2009 19:27:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jOkgQMJMAkpN for <tls@core3.amsl.com>; Sat, 28 Nov 2009 19:27:20 -0800 (PST)
Received: from mail-out4.apple.com (mail-out4.apple.com [17.254.13.23]) by core3.amsl.com (Postfix) with ESMTP id B96C43A6825 for <tls@ietf.org>; Sat, 28 Nov 2009 19:27:20 -0800 (PST)
Received: from relay15.apple.com (relay15.apple.com [17.128.113.54]) by mail-out4.apple.com (Postfix) with ESMTP id CD0DD80E2B20 for <tls@ietf.org>; Sat, 28 Nov 2009 19:27:13 -0800 (PST)
X-AuditID: 11807136-b7bafae000000e8d-cb-4b11ea11837f
Received: from [17.151.122.21] (Unknown_Domain [17.151.122.21]) (using TLS with cipher AES128-SHA (AES128-SHA/128 bits)) (Client did not present a certificate) by relay15.apple.com (Apple SCV relay) with SMTP id EC.0F.03725.11AE11B4; Sat, 28 Nov 2009 19:27:13 -0800 (PST)
From: Geoffrey Keating <geoffk@apple.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Sat, 28 Nov 2009 19:27:13 -0800
Message-Id: <59FE2EFB-F8EC-489D-AFCE-3D3C29291ADF@apple.com>
To: tls@ietf.org
Mime-Version: 1.0 (Apple Message framework v1077)
X-Mailer: Apple Mail (2.1077)
X-Brightmail-Tracker: AAAAAQAAAZE=
X-Mailman-Approved-At: Sat, 28 Nov 2009 19:42:15 -0800
Subject: Re: [TLS] Consensus Call for draft-ietf-tls-renegotiation-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Nov 2009 03:32:59 -0000

Apple supports this draft, with the following modification:

The draft does not address the security issue for existing clients unless it requires that renegotiation occur only when the extension is present.  I suggest strengthening the language in 4.2 to read

To prevent such attacks, servers MUST NOT allow clients who do not offer the "renegotiation_info" extension to complete a renegotiation.  If the client initiated the renegotiation the server SHOULD respond to such requests with a "no_renegotiation" alert [RFC 5246 requires this alert to be at the "warning" level.]  If the server initiated the renegotiation the fatal "handshake_failure" alert is appropriate.

and delete the sentence 'Servers SHOULD follow this behaviour'.

With this modification, section 4.1.1 is redundant and may be deleted.  It is also possible to delete section 4.3 as with this modification, if the client is convinced to drop the extension, either servers support the draft and will refuse to renegotiate without the extension and are still secure, or don't support the draft and will ignore the extension, and so would be insecure anyway.

v2.23.0 | Report a Bug | By Email