IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00

Brian Smith <brian@briansmith.org> Sat, 25 October 2014 20:52 UTC

Return-Path: <brian@briansmith.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD13C1A6EEC for <tls@ietfa.amsl.com>; Sat, 25 Oct 2014 13:52:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pmYScDNvGHcs for <tls@ietfa.amsl.com>; Sat, 25 Oct 2014 13:52:13 -0700 (PDT)
Received: from mail-ob0-f173.google.com (mail-ob0-f173.google.com [209.85.214.173]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63DF01A1BF9 for <tls@ietf.org>; Sat, 25 Oct 2014 13:52:13 -0700 (PDT)
Received: by mail-ob0-f173.google.com with SMTP id wp4so1795668obc.4 for <tls@ietf.org>; Sat, 25 Oct 2014 13:52:12 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=gQZG4iiVafdRsdkIpGvc+/+jNn6gGibOO4MI2VWII5M=; b=d091nTGSNFg3ScT6rIvoqf0P7C5qlGdScsV4GF08tM+1Ow3+pRMYt8+rf3/Don3Krv BnbySjnfm36n4Av4DW2tuzs/opT/S+jvHu8CsT97hCHnsqPCWF6d8Ch4YgVDp91TGUQX cDpbmeXUe/RTVB8AqLxLmhopILfgp+gZu2PCSGiYJuPSe8ZopinGUrfy+966s8dWpIIf NzahsjJfEspuC3KKCCcXmuMm7CUel1T5/4LVwTn7HnR1SDwHqXdy9C2XSMPcf75xgeFK L8OxsUdIcz0zyTvuiDTyx7uS36BdQjCCl6t8I8CPbFOjDfHdy6KVONlpaGsjNBDCBFHa 1lJg==
X-Gm-Message-State: ALoCoQlfbOmxY07tj8UneB6ts8qirgfHwxc6ZURoppQJ9mZ0mDqGnT+u5Rmt8KwAKF/c9c/r3hsD
MIME-Version: 1.0
X-Received: by 10.202.205.147 with SMTP id d141mr3206389oig.67.1414270332804; Sat, 25 Oct 2014 13:52:12 -0700 (PDT)
Received: by 10.76.105.113 with HTTP; Sat, 25 Oct 2014 13:52:12 -0700 (PDT)
In-Reply-To: <544BFCED.9080904@brainhub.org>
References: <2112FCAD-4820-49D9-9871-6501C83A554D@cisco.com> <5449E969.9000800@brainhub.org> <CADMpkc+cLJNMYZb4OqukM7qT1aPsqEmCF0JxOyuLYe=78BEcgQ@mail.gmail.com> <544AB4B4.2010305@brainhub.org> <CADMpkc+cku0G6SKs7ZX6oHidiP2X8x8KfB9+E7mjYcNDXrPw9w@mail.gmail.com> <544B5764.9020006@brainhub.org> <CABkgnnVcNgC0SXFkfLYJHyxWe0uxDDShfgPgH=JmmTv0KVQhpg@mail.gmail.com> <544B5D82.2080900@brainhub.org> <CADMpkcLzXV0P8uyoL7F=o3fMUkaJwWZUF7+fBoGYaBri1DgDcg@mail.gmail.com> <544BFCED.9080904@brainhub.org>
Date: Sat, 25 Oct 2014 13:52:12 -0700
Message-ID: <CAFewVt4=uBP-J0WJyppph_BzbdEsTHw63BF9XrrHNfqUwapvSg@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
To: Andrey Jivsov <crypto@brainhub.org>
Content-Type: multipart/alternative; boundary="001a11352f46cdb7230506457806"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/8KZ31RLiRPOWQZ_W2kx3GYsp81g
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Oct 2014 20:52:14 -0000

On Sat, Oct 25, 2014 at 12:41 PM, Andrey Jivsov <crypto@brainhub.org> wrote:
>
> what you are saying is that the set of ciphers that can be negotiated with
> TLS1.2 must be a superset of the ciphers that can be negotiated with TLS1.1
> in any server configuration, and so on to SSL 3.0
>

No. The set of ciphers that can be negotiated with TLS 1.2 must overlap
with the set of ciphers that clients offer in their TLS 1.2 handshake.


> I am not sure that this will always be possible. Let's say I must offer
> RC4-MD5 for legacy products that only support SSL 3.0.
>
> I think it would be more secure to offer
>
>   TLS1.2: X, Y
>   TLS1.1: X
>   TLS1.0: X
>   SSL3.0: X, RC4-MD5


That seems OK to me. You just need to make sure that X is offered by all
the clients you want to support that support TLS_FALLBACK_SCSV and that
don't support TLS 1.2, and that at least one of {X, Y}  is supported by by
all TLS-1.2-capable clients that support TLS_FALLBACK_SCSV. (Approximately.)

Cheers,
Brian

v2.23.0 | Report a Bug | By Email