Re: [TLS] 2nd WGLC: draft-ietf-tls-downgrade-scsv

Brian Smith <> Wed, 03 December 2014 23:37 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id CBA7F1A1B93 for <>; Wed, 3 Dec 2014 15:37:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.979
X-Spam-Status: No, score=-1.979 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id akhZVcaWPyxY for <>; Wed, 3 Dec 2014 15:37:08 -0800 (PST)
Received: from ( []) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 38B221A1B80 for <>; Wed, 3 Dec 2014 15:37:08 -0800 (PST)
Received: by with SMTP id wp4so1927150obc.25 for <>; Wed, 03 Dec 2014 15:37:07 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=OshwyMc3G91hOnfXz9FQenPAR6Kfj1xa5MTNKXu+kOs=; b=b5v3IBq3iZlpIXeXmIkssPNMSSwCaLfIgrn3qvPFl3qAO0J0CZg16OIRIkPzdGH8xM 0GTh6rN+7yMy76uXSfYfoiGrLMBIpcKMsqvasXjv0XvXEkmLS8XjVv1ogBVhWUwAGBal lbllu6yhoE7FBfGuQG1SutFZXInJlQrftaqekipgC5HcR2C7M4JRneGo788kUaZ9zhmr DpcVsJTO3JLhyfVx2NVffF7KSUgCRzfHde1jmD/EgGZ5ZZhRlJ1zBmVipqUt6aHG7tkY PRpbWXWUtIMuTEnszMKV4blCxBMV/SBxzPluTXojGYHIlS5EhfacHbhDcmG5P/uGu6Qa PF2Q==
X-Gm-Message-State: ALoCoQm/KVDgm+OgDnc6GgFhToRiACPLZ077WMeXNNt3cRfDKQOhB+g8i2FnzMLzUw4vmHrjTtnU
MIME-Version: 1.0
X-Received: by with SMTP id w3mr4911059oes.6.1417649827766; Wed, 03 Dec 2014 15:37:07 -0800 (PST)
Received: by with HTTP; Wed, 3 Dec 2014 15:37:07 -0800 (PST)
In-Reply-To: <>
References: <>
Date: Wed, 03 Dec 2014 15:37:07 -0800
Message-ID: <>
From: Brian Smith <>
To: Sean Turner <>
Content-Type: text/plain; charset="UTF-8"
Cc: " (" <>
Subject: Re: [TLS] 2nd WGLC: draft-ietf-tls-downgrade-scsv
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 03 Dec 2014 23:37:11 -0000

On Tue, Nov 25, 2014 at 8:46 PM, Sean Turner <> wrote:
> This message initiates the 2nd WGLC for draft-ietf-tls-downgrade-scsv-02.   Please review the document and send your comments to the list by Friday, December 12, 2014.

The current draft [1] says "(Since the cipher suite list in the
ClientHello is ordered by preference, with the client's favorite
choice first, signaling cipher suite values will generally appear
after all cipher suites that the client actually intends to

The text in the draft should be changed to read something like
"Clients SHOULD put the TLS_FALLBACK_SCSV after all cipher suites that
the client actually intends to negotiate."

Recently, it has been shown that it is problematic to put the
TLS_FALLBACK_SCSV cipher suite ahead of any real cipher suites in the
ClientHello, because doing so causes unintended handshake failures.

I don't know whether it matters whether the TLS_FALLBACK_SCSV appears
before or after the secure renegotiation SCSV (when the secure
renegotiation SCSV appears after all the cipher suites that the client
actually intends to negotiate).

Nit: The current draft says "Code Components extracted from this
document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions [...]." The "Section 4" in
that statement is a hyperlink to section 4 of the draft, but that is
clearly not what was intended.