IETF Logo Mail Archive

Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis

Stephen Checkoway <s@pahtak.org> Thu, 27 November 2014 22:41 UTC

Return-Path: <s@pahtak.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73A0F1A0130 for <tls@ietfa.amsl.com>; Thu, 27 Nov 2014 14:41:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oQFs2H26Xo7y for <tls@ietfa.amsl.com>; Thu, 27 Nov 2014 14:41:18 -0800 (PST)
Received: from mail-qg0-f47.google.com (mail-qg0-f47.google.com [209.85.192.47]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D606F1A00D8 for <tls@ietf.org>; Thu, 27 Nov 2014 14:41:17 -0800 (PST)
Received: by mail-qg0-f47.google.com with SMTP id z60so4047341qgd.6 for <tls@ietf.org>; Thu, 27 Nov 2014 14:41:17 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=5bgRm9B2w333OmgJOTlcuZXeN/+TkDUml4b8kkbains=; b=I2HjMk4lCbL8sTajwanj6fkw0I04NLw/+JoJEAfZrbtfb7AVzdJwFNJRp4lZNbNCP1 TVHdRYvW3xGqWrASgarJiN4z1aWAConEQJlzAl9oIvF6m6RLNpFaKauLKh21JaQLBBmN CiGitg7hoZA3CugTRYkiawi6gWy5+ZAiScpFuUXpGi2zMhStHW+7KlBIcaSBBIvPSjLI FT5K/HuGKGzM63qm0F6vFeQoeZj9Ee38j6fFv2oReqQy9i/SGpwu0AAG0XFgoohAMuvd 6b52Bh+d4uvHXgccVrOhIv2R/LwtRqh3FIZwaR2V06y9eHga2MCSfRnnXArzXXWNXkmX s+/g==
X-Gm-Message-State: ALoCoQl+Edma7W4bJO9ubJiBfi+72q/tuCabZLW2snZw9bGYjbu0rQSIGKsMhxX2fqUGpkn8im9+
X-Received: by 10.140.51.99 with SMTP id t90mr56714316qga.72.1417128077056; Thu, 27 Nov 2014 14:41:17 -0800 (PST)
Received: from zbox.pahtak.org ([68.48.196.126]) by mx.google.com with ESMTPSA id k4sm7733816qaf.0.2014.11.27.14.41.15 for <multiple recipients> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 27 Nov 2014 14:41:16 -0800 (PST)
Received: from [10.0.1.8] (ip-210-102.oberlin.net [208.66.210.102]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by zbox.pahtak.org (Postfix) with ESMTPSA id 46104AC2896; Thu, 27 Nov 2014 17:41:14 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Stephen Checkoway <s@pahtak.org>
In-Reply-To: <20141127220248.533AD1B01C@ld9781.wdf.sap.corp>
Date: Thu, 27 Nov 2014 17:41:12 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <83A4C4CC-55ED-4877-8E48-B79AB257BE2E@pahtak.org>
References: <20141127220248.533AD1B01C@ld9781.wdf.sap.corp>
To: mrex@sap.com
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/CY8jzA7miaC0TSLmZ95A7b12oXk
Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Nov 2014 22:41:19 -0000

On Nov 27, 2014, at 5:02 PM, Martin Rex <mrex@sap.com> wrote:
> 
> This is actually perfectly reasonable behaviour of OpenSSL and a lot
> of other TLS implementations.

I agree it seems reasonable. It's good to know there wasn't something subtle I was missing.

>> Is my reading correct that this is disallowed by the draft?
>> If so, can you explain why that's the case?
> 
> 
> I assume that this might be cause by a serious and stupid defect in
> the TLSv1.0 and TLSv1.1 specifications that is obviously unreasonable and
> backwards-incompatible to SSLv3, and was only fixed in TLSv1.2 (rfc5246).
> 
> So any *new* document should advise implementors to remove any such
> erroneous and counterproductive "same algorithm checks" that might
> accidentally got implemented by an unexperienced implementor who didn't
> realize that this must be a defect in the spec and is backwards-incompatible
> to SSLv3.

It makes sense that a new document shouldn't mandate unnecessarily restrictive behavior.

SSLv3 compatibility isn't high on my list of concerns though. I know you disagree, but we should stop using SSLv3 for all of the reasons specified in draft-thomson-sslv3-diediedie.

-- 
Stephen Checkoway

v2.23.0 | Report a Bug | By Email