IETF Logo Mail Archive

Re: [TLS] Comments on TLS identity protection

Eric Rescorla <ekr@networkresonance.com> Wed, 20 December 2006 00:46 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwpbF-00089U-16; Tue, 19 Dec 2006 19:46:25 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwpbD-00089F-OQ for tls@ietf.org; Tue, 19 Dec 2006 19:46:23 -0500
Received: from raman.networkresonance.com ([198.144.196.3]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GwpbC-0001Io-DY for tls@ietf.org; Tue, 19 Dec 2006 19:46:23 -0500
Received: by raman.networkresonance.com (Postfix, from userid 1001) id 5D46C1E8C5D; Tue, 19 Dec 2006 16:46:21 -0800 (PST)
To: Peter Williams <home_pw@msn.com>
Subject: Re: [TLS] Comments on TLS identity protection
References: <BAY103-W5869507984F7F64B2DE4292CF0@phx.gbl>
From: Eric Rescorla <ekr@networkresonance.com>
Date: Tue, 19 Dec 2006 16:46:21 -0800
In-Reply-To: <BAY103-W5869507984F7F64B2DE4292CF0@phx.gbl> (Peter Williams's message of "Tue, 19 Dec 2006 16:34:12 -0800")
Message-ID: <86mz5jo0ma.fsf@raman.networkresonance.com>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cab78e1e39c4b328567edb48482b6a69
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: EKR <ekr@networkresonance.com>
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Peter Williams <home_pw@msn.com> writes:
> Id say the nth handshake can select to send "no server cert" whenever its 
> cooperating to complete an anonymous-ciphersuite-targeted handshake.
> So, assume there are only two ciphers suite values in the HSM : RSA, RSA-ANON. 

There is no such thing as RSA anon in SSLv3 or TLS. 


> Now, I'm delighted to be corrected on this, in theory or  actual practice in 
> commodity internet products. TLS's 1.0 "minor" changes to  SSLv3 are still 
> new to me. I never bothered to read the TLS 1.0 
> document carefully enough before, thus failing to recognize the notions 
> of anon-ciphersuites, export-controlled key agreement , and its new fatal 
> exception modes.

Huh? Nearly all of this stuff was in SSLv3--I don't know what "new
fatal exception modes" are but fatal exceptions were totall in
SLv3.

> Im going to read TLS 1.1 much more carefully tomorrow. Ill try
> to backtrack any new control policy developments through TLS1.0
> and back to SSL3. Im half hoping IETF already dumped RSA_EXPORT
> as arcane, or at least increased the key length after 6 years!

TLS 1.1 forbids negotiating the RSA_EXPORT cipher suites. See
A.5 of RFC 4346:

   When SSLv3 and TLS 1.0 were designed, the United States restricted
   the export of cryptographic software containing certain strong
   encryption algorithms.  A series of cipher suites were designed to
   operate at reduced key lengths in order to comply with those
   regulations.  Due to advances in computer performance, these
   algorithms are now unacceptably weak, and export restrictions have
   since been loosened.  TLS 1.1 implementations MUST NOT negotiate
   these cipher suites in TLS 1.1 mode.  However, for backward
   compatibility they may be offered in the ClientHello for use with TLS

   <page break>

   1.0 or SSLv3-only servers.  TLS 1.1 clients MUST check that the
   server did not choose one of these cipher suites during the
   handshake.  These ciphersuites are listed below for informational
   purposes and to reserve the numbers.

-Ekr

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email