Re: [TLS] An SCSV to stop TLS fallback.
Adam Langley <agl@google.com> Wed, 04 December 2013 19:20 UTC
Return-Path: <agl@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53D591AE2EA for <tls@ietfa.amsl.com>; Wed, 4 Dec 2013 11:20:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.08
X-Spam-Level:
X-Spam-Status: No, score=-1.08 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v92p_sZcb_xb for <tls@ietfa.amsl.com>; Wed, 4 Dec 2013 11:20:13 -0800 (PST)
Received: from mail-ve0-x233.google.com (mail-ve0-x233.google.com [IPv6:2607:f8b0:400c:c01::233]) by ietfa.amsl.com (Postfix) with ESMTP id 43D0B1AE2D7 for <tls@ietf.org>; Wed, 4 Dec 2013 11:20:13 -0800 (PST)
Received: by mail-ve0-f179.google.com with SMTP id jw12so12494663veb.38 for <tls@ietf.org>; Wed, 04 Dec 2013 11:20:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=lWx//b2piBZG0w3yGgYdvAr9a6YgvaXbDGRgMlVMlR4=; b=NZFYBct8wErYRf9ihuxq6UMNXDiUhyWTH0gTq+2FtAtW1X9qvfwFbGVFrhsDN0hsqb 7nqPZC0SxzyqUi+wmbN/qNUgqDE5RdW0X4cpYuq/A1h/SkGK4PgZkNd+O4tEEu57xvHN q8iNReZQ7/GF8DHNe6s2CDcOQGGsCyd+f8ESckLkOvKR/rrJa71Q3LtkZNy8hNxCe65U NerOiCX4V9aaqeMz+yyqf+rKwJOH9O1paT4ReFFYxbPauvLOFaq3R4gUEfWnQqoBDLJ/ QhJRCN36slsCVF6etAFGmu5Qj5bWsE9rVce8NNZGAiWcOT2j8S86EX/jlkPeYVgY50ul mnEg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:content-transfer-encoding; bh=lWx//b2piBZG0w3yGgYdvAr9a6YgvaXbDGRgMlVMlR4=; b=J2Ys8td+U8eRofaFYSSeDJ72TJnlYDrYB/7Lkfeczhr9p5oYgYpwzPmNylNlRQX5Q4 YYlL4XNGLJuT/CZhF9aWVFmKsBo4N/1AbRbUQiWvt4IsDTdfkVlbrfq4Sx4GRJmRlMpB 3rzG1BnkcY1ezfkJmI52RMB/yymx92HeJrvJYO5unCjv73UsVTRK0ncd7uPBATgvWCvR JP2tDtL8t7dQHY9cfVNIZNhQasqrHNE+PtBURI0Vj927FBsdckSuurBfML0HyfoiAgI0 wB+lBvwMjXKXHK/OuPZUPhd879+V7AQ17MB1Vf4XEE0xlQ53NcnsNPVk/GQNzKJZB372 m8Tg==
X-Gm-Message-State: ALoCoQl2gimeys7ER+qk+1Cu2Ek1F82ajp77lRsYZPhUaTpu6cS4D6jZNBn/Wdo1/JE8XH35lQmmGY4Ac4gbQcwpBrcWcgRQN9mFG41bm6MgjaPeBNG8eDx80cEzCznb0W4IxC4VHk+axbkWnyAYyM3BOPJkFdsO0oBxWvL5tPstuV3KnDrVc8a57djrj5fnvMr8jI2vwFZl
X-Received: by 10.52.64.140 with SMTP id o12mr1716074vds.40.1386184809890; Wed, 04 Dec 2013 11:20:09 -0800 (PST)
MIME-Version: 1.0
Received: by 10.52.100.40 with HTTP; Wed, 4 Dec 2013 11:19:49 -0800 (PST)
In-Reply-To: <529F7E9D.80302@elzevir.fr>
References: <CAL9PXLzWPY5o2SeV=kUPWxznkw+3cmpbMpYifCebfqd48VW9UA@mail.gmail.com> <CACsn0ckuupJaNKXGjP63LfZiDsV5FLOqfk902O9i1oheqtAAhA@mail.gmail.com> <CAL9PXLxueY_k0XWgTrqVxqXDgvCRhAW5UEa8YjU9_rnuZ6otTA@mail.gmail.com> <CAL2p+8TXJVmnb-v3xH6uzW+rpZ+v8J65TjO32__O3ZofQiwSig@mail.gmail.com> <CAL9PXLwKxF14CUNmN=-P6mhcr+xcGw0_Aaq7amdBXZKUsrKsKA@mail.gmail.com> <CADMpkcLRNmmoMOpJ9QVFPMEbpSyu39afipWUv4Du-assHoC1rw@mail.gmail.com> <CAL9PXLx0+bYn_KXKhvFz=D_jXfctdVihaXnj=SqB6EeEqRLOSg@mail.gmail.com> <CADMpkcKvXxHwj+Rj_j8qF84aEbWJiBiXnk9t1qfh7NychraZcQ@mail.gmail.com> <CALTJjxEDXsmdzY4+OH2AFcYfMW5zY=V4PzQK3hqB1WrqjRJB+g@mail.gmail.com> <CADMpkcJO8xZ41DDnofPinm2SMkhONW7w+cODGwnVpJtB5o8OqQ@mail.gmail.com> <CALTJjxGTmSPRNWfbRrpkFQb3nBwY63fUros+4fLsXjum=q3urA@mail.gmail.com> <529F7E9D.80302@elzevir.fr>
From: Adam Langley <agl@google.com>
Date: Wed, 04 Dec 2013 14:19:49 -0500
Message-ID: <CAL9PXLwVQ=GmZXGrh4+VEd-u1dhhvThKHfVf0qRShcR+LdExTQ@mail.gmail.com>
To: Manuel Pégourié-Gonnard <mpg@elzevir.fr>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] An SCSV to stop TLS fallback.
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Dec 2013 19:20:14 -0000
On Wed, Dec 4, 2013 at 2:12 PM, Manuel Pégourié-Gonnard <mpg@elzevir.fr> wrote: > Unless I'm mistaken, the problem TLS_FALLBACK_SCSV tries to adress is not > servers that don't implement version negotiation correctly, but MITM actively > doing a downgrade attack (and faulty middleboxes, which have the same effect). I think the chain of sadness goes like this: 1) Some servers don't implement version negotiation correctly, or have other bugs that happen to be solved by using SSLv3. 2) Therefore some clients implement fallback 3) Therefore attackers can trigger fallback even with correct servers. The MITM proxies that also had downgrade bugs caused issues with a Chrome experiment where we removed SSLv3 fallback for Google properties because it looked, to the client, like an attack. But, since it's a MITM proxy, it's an attack that the user has authorised. Cheers AGL
- Re: [TLS] An SCSV to stop TLS fallback. Adam Langley
- Re: [TLS] An SCSV to stop TLS fallback. Adam Langley
- [TLS] An SCSV to stop TLS fallback. Adam Langley
- Re: [TLS] An SCSV to stop TLS fallback. Watson Ladd
- Re: [TLS] An SCSV to stop TLS fallback. Adam Langley
- Re: [TLS] An SCSV to stop TLS fallback. Andy Wilson
- Re: [TLS] An SCSV to stop TLS fallback. Yngve N. Pettersen
- Re: [TLS] An SCSV to stop TLS fallback. Martin Rex
- Re: [TLS] An SCSV to stop TLS fallback. Trevor Perrin
- Re: [TLS] An SCSV to stop TLS fallback. Adam Langley
- Re: [TLS] An SCSV to stop TLS fallback. Adam Langley
- Re: [TLS] An SCSV to stop TLS fallback. Martin Rex
- Re: [TLS] An SCSV to stop TLS fallback. Trevor Perrin
- Re: [TLS] An SCSV to stop TLS fallback. Watson Ladd
- Re: [TLS] An SCSV to stop TLS fallback. Brian Smith
- Re: [TLS] An SCSV to stop TLS fallback. Bodo Moeller
- Re: [TLS] An SCSV to stop TLS fallback. Adam Langley
- Re: [TLS] An SCSV to stop TLS fallback. Adam Langley
- Re: [TLS] An SCSV to stop TLS fallback. Adam Langley
- Re: [TLS] An SCSV to stop TLS fallback. Bodo Moeller
- Re: [TLS] An SCSV to stop TLS fallback. Jack Lloyd
- Re: [TLS] An SCSV to stop TLS fallback. Manger, James H
- Re: [TLS] An SCSV to stop TLS fallback. Wan-Teh Chang
- Re: [TLS] An SCSV to stop TLS fallback. Bodo Moeller
- Re: [TLS] An SCSV to stop TLS fallback. Wan-Teh Chang
- Re: [TLS] An SCSV to stop TLS fallback. Manuel Pégourié-Gonnard
- Re: [TLS] An SCSV to stop TLS fallback. Adam Langley
- Re: [TLS] An SCSV to stop TLS fallback. Bodo Moeller
- Re: [TLS] An SCSV to stop TLS fallback. Marsh Ray
- Re: [TLS] An SCSV to stop TLS fallback. Douglas Stebila
- Re: [TLS] An SCSV to stop TLS fallback. Yngve N. Pettersen
- Re: [TLS] An SCSV to stop TLS fallback. Yngve N. Pettersen
- Re: [TLS] An SCSV to stop TLS fallback. James Cloos
- Re: [TLS] An SCSV to stop TLS fallback. Yngve N. Pettersen
- Re: [TLS] An SCSV to stop TLS fallback. Manuel Pégourié-Gonnard
- Re: [TLS] An SCSV to stop TLS fallback. Bodo Moeller
- Re: [TLS] An SCSV to stop TLS fallback. Marsh Ray
- Re: [TLS] An SCSV to stop TLS fallback. Bodo Moeller
- Re: [TLS] An SCSV to stop TLS fallback. Martin Rex
- Re: [TLS] An SCSV to stop TLS fallback. Adam Langley
- Re: [TLS] An SCSV to stop TLS fallback. Daniel Kahn Gillmor
- Re: [TLS] An SCSV to stop TLS fallback. Brian Smith
- Re: [TLS] An SCSV to stop TLS fallback. Ralf Skyper Kaiser
- Re: [TLS] An SCSV to stop TLS fallback. Martin Rex
- Re: [TLS] An SCSV to stop TLS fallback. Martin Rex
- Re: [TLS] An SCSV to stop TLS fallback. Watson Ladd
- Re: [TLS] An SCSV to stop TLS fallback. Martin Rex
- Re: [TLS] An SCSV to stop TLS fallback. Watson Ladd
- Re: [TLS] An SCSV to stop TLS fallback. Martin Rex
- Re: [TLS] An SCSV to stop TLS fallback. Yaron Sheffer
- Re: [TLS] An SCSV to stop TLS fallback. Ralf Skyper Kaiser
- Re: [TLS] An SCSV to stop TLS fallback. Yaron Sheffer
- Re: [TLS] An SCSV to stop TLS fallback. Ralf Skyper Kaiser
- Re: [TLS] An SCSV to stop TLS fallback. Manuel Pégourié-Gonnard
- Re: [TLS] An SCSV to stop TLS fallback. Ralf Skyper Kaiser
- Re: [TLS] An SCSV to stop TLS fallback. Bodo Moeller