Re: [TLS] consensus on backwards compatibility changes

Dave Garrett <davemgarrett@gmail.com> Sun, 25 January 2015 23:34 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 233371A0264 for <tls@ietfa.amsl.com>; Sun, 25 Jan 2015 15:34:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J3Zqj2WW6_BG for <tls@ietfa.amsl.com>; Sun, 25 Jan 2015 15:34:21 -0800 (PST)
Received: from mail-qg0-x231.google.com (mail-qg0-x231.google.com [IPv6:2607:f8b0:400d:c04::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 465981A023E for <tls@ietf.org>; Sun, 25 Jan 2015 15:34:21 -0800 (PST)
Received: by mail-qg0-f49.google.com with SMTP id i50so4806947qgf.8 for <tls@ietf.org>; Sun, 25 Jan 2015 15:34:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=QG8HMWcify1SRmdpTq0M5EowGEHqhxwZu85dX2w4oks=; b=0PFKe66yFyNR7YrEolSvXMdBm1LI2rxbhNSu7hsOdkeKa6G00BlaLXyWkJ2DEi2rMB vd27u66opMFPONFq8X52NeCjf5uZyTwqUtUn/Y9j4SyDFdRRzbEhUVY8dc+AvObN2gtV Kbhg43heg7NeEdJ+k8ohX9ounpJBx/xV4iPBS1l+CViynGLIrS9Mpl7jhsscFAjjQsTa NU5pBMbOt+bTxUyZsNq39gdOQcN0lzQF/vok/PAUvLPJ63NloBryxmeVLeUfyUpETvAF C65jmmseDptqqoGpBZ6w89KOLmLf3PHpUkSfz2WUAiJ66Mj5BOU7ACwSeykib3h/4dUQ sOdA==
X-Received: by 10.140.48.197 with SMTP id o63mr34624029qga.81.1422228860496; Sun, 25 Jan 2015 15:34:20 -0800 (PST)
Received: from dave-laptop.localnet ([96.245.56.59]) by mx.google.com with ESMTPSA id c3sm8335750qan.45.2015.01.25.15.34.19 (version=TLSv1 cipher=RC4-SHA bits=128/128); Sun, 25 Jan 2015 15:34:19 -0800 (PST)
From: Dave Garrett <davemgarrett@gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 25 Jan 2015 18:33:50 -0500
User-Agent: KMail/1.13.5 (Linux/2.6.32-70-generic-pae; KDE/4.4.5; i686; ; )
References: <201412300503.03923.davemgarrett@gmail.com> <CABcZeBPujH595MjfRDstnaDk5fmQVi4qi+-nUhu5zh3L4CxUgw@mail.gmail.com>
In-Reply-To: <CABcZeBPujH595MjfRDstnaDk5fmQVi4qi+-nUhu5zh3L4CxUgw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <201501251833.50963.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Ak37Zc3BNLBuhfXYNUToxAJUwvk>
Cc: "TLS@ietf.org \(tls@ietf.org\)" <tls@ietf.org>
Subject: Re: [TLS] consensus on backwards compatibility changes
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Jan 2015 23:34:23 -0000

On Sunday, January 25, 2015 02:36:14 pm Eric Rescorla wrote:
> Based on reading the mailing list, it seems to me that there is rough
> consensus on PR#105, but not (yet?) on PR#107.

I don't recall any objections to #107, but not much discussion either.

To sum it up here, in addition to some editorial changes:

1) Fixes initial ClientHello record layer version to { 3, 1 } (TLS 1.0) & mandates
all other record layer versions to match negotiated version.
(Brian's suggestion)

In SCSV discussion, evidence was given that this improves interop by 5.3%
for TLS 1.3 & an additional 1.5% for TLS 1.2:
http://www.ietf.org/mail-archive/web/tls/current/msg15141.html

2) Mention some other interop concerns along side existing notes.

3) Cite RC4 prohibition pending RFC.

4) "If an implementation negotiates usage of TLS 1.2, then negotiation of cipher
suites also supported by TLS 1.3 SHOULD be preferred, if available."
(only a SHOULD, and only if available; language up for negotiation if needed)

5) Explicitly prohibit EXPORT ciphers and any others <100 bits.
(100 bit line is arbitrary; could be 112 if preferred)


Dave