IETF Logo Mail Archive

Re: [TLS] An SCSV to stop TLS fallback.

Ralf Skyper Kaiser <skyper@thc.org> Sat, 07 December 2013 17:01 UTC

Return-Path: <skyper@thc.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DACF1AE3BD for <tls@ietfa.amsl.com>; Sat, 7 Dec 2013 09:01:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.357
X-Spam-Level:
X-Spam-Status: No, score=-0.357 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MISSING_HEADERS=1.021, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WMhCPZ6vpkRO for <tls@ietfa.amsl.com>; Sat, 7 Dec 2013 09:01:44 -0800 (PST)
Received: from mail-ie0-x22f.google.com (mail-ie0-x22f.google.com [IPv6:2607:f8b0:4001:c03::22f]) by ietfa.amsl.com (Postfix) with ESMTP id C96B61AE05E for <tls@ietf.org>; Sat, 7 Dec 2013 09:01:44 -0800 (PST)
Received: by mail-ie0-f175.google.com with SMTP id x13so3518998ief.34 for <tls@ietf.org>; Sat, 07 Dec 2013 09:01:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thc.org; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=DRDXkn5dQQWk0NJEoUEtt+ERIyA6f5o8gvQ2EanJ2rc=; b=TngelgP2VVtvISkowfMO0NmRRKCKX2PMCHj4hMVRhd5YKMXeR3EnsoaD+oJym5+nhf Nt3MImH12wWsvNTSPBAEvvokJm6ceCvrmy15DJpsfNLO1H3ore7akyctwta9c3+w1hcm Xq7rloqna+2yaodvl3wGudaNg1nKWTRqsmEUc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:cc:content-type; bh=DRDXkn5dQQWk0NJEoUEtt+ERIyA6f5o8gvQ2EanJ2rc=; b=VFPrJTJe4e10WWXi53vptQ5Wg1ayOwSNGnbJ7qMqe8zxxCnYebp3F/Zho3eXfderEK LWGgKBpbbePvlzHnBQ0flNZzWxRU9eR9RclzY7p1b8aP7cuZZvgyyU2O/VU6lfQ4Gz6V FFSG9dLfisgahbnje3XIM/1iPq/JHjqOJ7Uoo20TM3K3DgNB5/PHC5Blg90aId+CIchn yORmBvkfNW76RTXq1T3A259BCV5b6kFgKQQF+oAgkoqLhbFmE5sfWojqu6MQkF6nskF8 SRka7yR3FfVxsKPtdoU+EO/B8BbqRZb9rtX3Nsg9fXmoIVahpAbpz1gYLRHiEONHqkH7 069Q==
X-Gm-Message-State: ALoCoQl9gHctU3ojJAanWM7R3QpcHfd9+iLQFwEu0LQrreKR+oZbrX6rYyM7248h77aYwbh+gWty
MIME-Version: 1.0
X-Received: by 10.50.23.103 with SMTP id l7mr8488625igf.3.1386435700605; Sat, 07 Dec 2013 09:01:40 -0800 (PST)
Received: by 10.64.9.41 with HTTP; Sat, 7 Dec 2013 09:01:40 -0800 (PST)
X-Originating-IP: [213.52.184.7]
In-Reply-To: <52A33FD0.7040708@elzevir.fr>
References: <CAL9PXLzWPY5o2SeV=kUPWxznkw+3cmpbMpYifCebfqd48VW9UA@mail.gmail.com> <CAFewVt42cSELgfiDa2M7OWwBcpEgcqNzHL4oAEjJ_3GJ8TEPrg@mail.gmail.com> <CA+BZK2rbjcx+sT9BU5sjKsuH81N+02xdLD3CmreaGzjRn-ibdA@mail.gmail.com> <52A2FB32.30004@gmail.com> <CA+BZK2qm75eqW9ZmvEozM_9R2xYJMmov8dyn4qz=ppJ84grrZw@mail.gmail.com> <52A33888.80307@gmail.com> <52A33FD0.7040708@elzevir.fr>
Date: Sat, 07 Dec 2013 17:01:40 +0000
Message-ID: <CA+BZK2odZeA4WpHJ8TsDb0fSb-juknVDrDPVfhxPw3eu_Rva9w@mail.gmail.com>
From: Ralf Skyper Kaiser <skyper@thc.org>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="089e0158aaba70825204ecf4b704"
Subject: Re: [TLS] An SCSV to stop TLS fallback.
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Dec 2013 17:01:46 -0000

Hi,

goo idea.

Another idea is to disable TLS-version pinning on the all servers until all
servers are upgraded to 1.3 and
 then enable TLS version pinning again.

Lets assume the client has TLS 1.2 pinned and the admin wants to upgrade to
TLS 1.3.

While pinning is disabled (short period of time) all clients who have
already pinned the TLS 1.2 will connect to TLS 1.3 put not pin TLS 1.3.
This way the clients can connect to other servers in the cluster that are
still running on TLS 1.2. Once all servers have been upgraded the admin can
turn on pinning again and on next connect the client will update the min.
allowed TLS version to 1.3 (or whatever the highest supported version by
the client is).

regards,

ralf


On Sat, Dec 7, 2013 at 3:33 PM, Manuel Pégourié-Gonnard <mpg@elzevir.fr>wrote:

> Hi,
>
> On 07/12/2013 16:02, Yaron Sheffer wrote:
> > No, AFAIU the problem does not exist for cert pinning, because there is
> > protocol involved. Specifically, the server sends out HTTP headers to
> > indicate the pinning and its lifetime. So (for example) you can start by
> > changing the certs on all cluster members and only afterwards enable
> > pinning on all of them.
> >
> Maybe I'm missing something obvious, but it seems to me the problem with
> version
> pinning could be solved by explicitly stating the minimum TLS version in
> the
> HTTP headers, then. That way, cluster admins could upgrade some servers to
> say
> 1.3 while keeping the pinning on 1.2, and then update the pinning to 1.3
> only
> when all the servers in the cluster are upgraded to 1.3.
>
> Manuel.
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email