IETF Logo Mail Archive

Re: [TLS] PR for anti-downgrade mechanism

Martin Thomson <martin.thomson@gmail.com> Fri, 16 October 2015 20:04 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65D551B33A4 for <tls@ietfa.amsl.com>; Fri, 16 Oct 2015 13:04:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DHwkWx84RkhX for <tls@ietfa.amsl.com>; Fri, 16 Oct 2015 13:04:24 -0700 (PDT)
Received: from mail-yk0-x232.google.com (mail-yk0-x232.google.com [IPv6:2607:f8b0:4002:c07::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 378B01B33A5 for <tls@ietf.org>; Fri, 16 Oct 2015 13:04:24 -0700 (PDT)
Received: by ykfy204 with SMTP id y204so95259796ykf.1 for <tls@ietf.org>; Fri, 16 Oct 2015 13:04:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=JyR094bCLG3m+Ge5XO+KUymXjThwe3lLuw9/J3AciiQ=; b=mjQTghYHNbUBaCEBo88+Mzp7LX+dbBd6wCOfH3aRHMJrosRQpxMNdCsipqC47uwrLI A6bPIfL9maJ5IEp/y95T6YuOm2iLfIK/Xii/O0p+DJsSabrLEQC5ITw4hV34THi/M9Qp YIw9MekexHMFfqMDX0+8xEalJc9YczGyFhYymskSdtLF1DFZQEMd5cOmmm7ZJF2XF4nS wF3ED15OdSyCP7U6iJUa3NQXeehG58QB/+383VuaVPe7FlKlh3x5blRvaC4QKNPk2SNK sLBEkD/RcyS2XYbGrLALP/Ths61whgCvsgdnlrHDvOUu4RTbnAuCLEOR/nAuo6cAQ/kT 2kHA==
MIME-Version: 1.0
X-Received: by 10.13.196.196 with SMTP id g187mr13046375ywd.98.1445025863555; Fri, 16 Oct 2015 13:04:23 -0700 (PDT)
Received: by 10.13.230.78 with HTTP; Fri, 16 Oct 2015 13:04:23 -0700 (PDT)
In-Reply-To: <CAFewVt484VFa+bUPc41BXVhoYqx1qJdWR4z7c_xjx=Ff_6QZQw@mail.gmail.com>
References: <CABcZeBOB9mnQ8bLOCSysnx9LMv0hxrPCA21jTnxAMb3Yom_Aow@mail.gmail.com> <CAFewVt6yin3NhkcLuJfXVy7RKuyPY+7+P4h1fKAyVtAZdpjBfQ@mail.gmail.com> <D22E3AD8-19A1-4CAF-987B-349CE6961284@gmail.com> <CAFewVt484VFa+bUPc41BXVhoYqx1qJdWR4z7c_xjx=Ff_6QZQw@mail.gmail.com>
Date: Fri, 16 Oct 2015 13:04:23 -0700
Message-ID: <CABkgnnVEUuWEEpqjRWm9=D7OkDuxvJj7pmX=8RMCU6T_qah5mw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Brian Smith <brian@briansmith.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/8yHYbshv8FIgaurN0cQByg70Dig>
Cc: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] PR for anti-downgrade mechanism
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Oct 2015 20:04:25 -0000

On 16 October 2015 at 12:22, Brian Smith <brian@briansmith.org> wrote:
> Why only protect TLS 1.3 from such a downgrade? I think it is worthwhile to
> protect TLS 1.2 from the downgrade too, in a similar way. Or, is there
> something specific about TLS 1.3 that makes the downgrade worse?

Given that we can't expect TLS 1.2 servers to implement the hack, I'm
not sure that this is of great utility, but if we can bake a version
number in there, I'm not opposed to the notion.

v2.23.0 | Report a Bug | By Email