IETF Logo Mail Archive

Re: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv

Adam Langley <agl@google.com> Tue, 28 January 2014 20:19 UTC

Return-Path: <agl@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CC871A0245 for <tls@ietfa.amsl.com>; Tue, 28 Jan 2014 12:19:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.914
X-Spam-Level:
X-Spam-Status: No, score=-1.914 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CqRVwNo2LLGU for <tls@ietfa.amsl.com>; Tue, 28 Jan 2014 12:19:54 -0800 (PST)
Received: from mail-oa0-x22a.google.com (mail-oa0-x22a.google.com [IPv6:2607:f8b0:4003:c02::22a]) by ietfa.amsl.com (Postfix) with ESMTP id ACA991A028B for <tls@ietf.org>; Tue, 28 Jan 2014 12:19:54 -0800 (PST)
Received: by mail-oa0-f42.google.com with SMTP id i7so1008412oag.15 for <tls@ietf.org>; Tue, 28 Jan 2014 12:19:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=+gW1XaDXBDKCIcfB0M7OVGJo/5OAtU/YxCWH4WQWfA0=; b=dCqQAVGfNjKNepw/T5kwN1UVJPdpXXvu/AiQh6vwlghBYgz8ya/8BXYwzHYY8eLzh0 ur8MpXd/TmmZORFXcmwxoVo8J2fEfX74V01RTlS24X6sBZ91GCHttmTUQs/jHZA9QHFV pjf43n7nL3ie9f5ahr9KwlVOVJT4gAM2HyZQsqWtSVvhpAOwq60td/2CdeAVOLxFIISV fDGdLT4XMVyiLfBRtacV3aqwTXNNYcgE5yCUQpv6Jq5PDSZWb7Oqxc+tPasBWk8ja3tf JpccRWjHnbg7ZOaS11yf+TWNlgDNNllHuZOiH3HuJCwKjR4VLt9GdJI1oOfjNcfhps2P Yz5A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=+gW1XaDXBDKCIcfB0M7OVGJo/5OAtU/YxCWH4WQWfA0=; b=CEgatYXzKebMocVoiCiVe/q+cCTDzWo0+o04WQ9u+jIqslnDYx5Eq4xcnOk1x135Qq EJ22LYSXGIyayyeniKq0JXH3CcgB62cUmvsvHxX2t27I292Bh7rodJA6Gx0jneTmrXCl cyOgkNYmfs8m6047410Um4go1Cw65c+W8MODM7jhK39McdTB00zsUBnXzf1IuOXCOp6C KsPQf/ERggTSynG+sFXjyeDgf2efJmfN80eBtSAdWb55HvmtqHX3oN2vpkWtTtjrizyr /M4Dk4GUX++7XklAN919mTNSeKszjp/KzJRSkHYnDMNuWBRWHYyCj4HD7yKk2RQeBFpN 3ZKQ==
X-Gm-Message-State: ALoCoQlYVH5TciP6QnI58QTdRp2+eQiXthJz7sR8AgszyBpBFdciUt0H8VWi4PPeK/lA8n763YGTpnO3up3bIt30TdQu8kzqJx2VKPuj9qYmazv9mMnVPWutYHgEBYRr8BhWUctfFMRiea/rHLSran9tHfCxaWJ0nJ7sdE2niO0GSGay7dDgmQUbZ+F6TqwpoGJHMrkcjruP
X-Received: by 10.60.119.70 with SMTP id ks6mr2576146oeb.45.1390940391847; Tue, 28 Jan 2014 12:19:51 -0800 (PST)
MIME-Version: 1.0
Received: by 10.182.79.105 with HTTP; Tue, 28 Jan 2014 12:19:31 -0800 (PST)
In-Reply-To: <062f690386314652b30aa8247ec18c0c@BL2PR03MB419.namprd03.prod.outlook.com>
References: <CADMpkcJ4viFwzU9u0uP41Niaopja8PZFowjOALVr3VA1vJ7Uow@mail.gmail.com> <20140128001737.D9D581ABC9@ld9781.wdf.sap.corp> <828b043cac0f4b62875d00f31d2f92e3@BL2PR03MB419.namprd03.prod.outlook.com> <CAL9PXLxDWUMUq5rJXCHYaFRqX6rYfczN8gJaBRJa=pbkH4YWSA@mail.gmail.com> <a840133f75d0426898462ccef739861f@BL2PR03MB419.namprd03.prod.outlook.com> <ED6ED7E4-3E0C-41B9-A8B3-16C676BCAFAD@checkpoint.com> <062f690386314652b30aa8247ec18c0c@BL2PR03MB419.namprd03.prod.outlook.com>
From: Adam Langley <agl@google.com>
Date: Tue, 28 Jan 2014 15:19:31 -0500
Message-ID: <CAL9PXLyJPi-jJpAR_Zmx84CkhE9ga6jPbr4X8d2xqv5aUwegRw@mail.gmail.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>
Content-Type: text/plain; charset="UTF-8"
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jan 2014 20:19:57 -0000

On Tue, Jan 28, 2014 at 3:12 PM, Andrei Popov
<Andrei.Popov@microsoft.com> wrote:
> Correct, but I'm more concerned about this scenario: suppose a client implements a three-stage fallback: TLS1.2-with-extensions ---> TLS1.0-with-extensions ---> SSLv3.
> Suppose TLS1.2-with-extensions got a RST from a TLS1.2-supporting server because there is an interoperability problem, or a middle box problem, or a configuration problem, etc.
> The client is now trying TLS1.0-with-extensions + SCSV. Without the SCSV, the handshake may have succeeded, but with SCSV the TLS connection will fail.

We have pretty good evidence that SCSVs are ok from putting them in
SSLv3 for renego, no?

I suppose it's possible that there exist some TLSv1 servers that
handle the renego extension, but couldn't handle the SCSV, but we have
deployed new ciphersuites in the past without issue, no? (Except for
the servers that only look at the lower 8-bits, but we believe that we
can order the ciphersuites to avoid those problems.)


Cheers

AGL

v2.23.0 | Report a Bug | By Email