Re: [TLS] History of extensions

Nicolas Williams <Nicolas.Williams@sun.com> Sat, 14 November 2009 09:32 UTC

Return-Path: <Nicolas.Williams@sun.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 36E1B3A6930 for <tls@core3.amsl.com>; Sat, 14 Nov 2009 01:32:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.021
X-Spam-Level:
X-Spam-Status: No, score=-6.021 tagged_above=-999 required=5 tests=[AWL=0.025, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qdLsG2oS8IKr for <tls@core3.amsl.com>; Sat, 14 Nov 2009 01:32:40 -0800 (PST)
Received: from brmea-mail-2.sun.com (brmea-mail-2.Sun.COM [192.18.98.43]) by core3.amsl.com (Postfix) with ESMTP id 597673A681E for <tls@ietf.org>; Sat, 14 Nov 2009 01:32:40 -0800 (PST)
Received: from dm-central-01.central.sun.com ([129.147.62.4]) by brmea-mail-2.sun.com (8.13.6+Sun/8.12.9) with ESMTP id nAE9X9aq004930 for <tls@ietf.org>; Sat, 14 Nov 2009 09:33:09 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-01.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id nAE9PexU056888 for <tls@ietf.org>; Sat, 14 Nov 2009 02:25:40 -0700 (MST)
Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id nAE9E53l020134; Sat, 14 Nov 2009 03:14:05 -0600 (CST)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id nAE9E5lK020133; Sat, 14 Nov 2009 03:14:05 -0600 (CST)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f
Date: Sat, 14 Nov 2009 03:14:05 -0600
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Eric Rescorla <ekr@networkresonance.com>
Message-ID: <20091114091405.GK1105@Sun.COM>
References: <20091112181844.GE1105@Sun.COM> <200911122036.nACKa96m016227@fs4113.wdf.sap.corp> <20091112203847.GL1105@Sun.COM> <20091113082235.C55F469F381@kilo.networkresonance.com> <20091113164608.GT1105@Sun.COM> <20091113230816.753DB69F515@kilo.networkresonance.com> <20091114082813.GD1105@Sun.COM> <20091114090519.8154569F5C3@kilo.networkresonance.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20091114090519.8154569F5C3@kilo.networkresonance.com>
User-Agent: Mutt/1.5.7i
Cc: tls@ietf.org
Subject: Re: [TLS] History of extensions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Nov 2009 09:32:41 -0000

On Sat, Nov 14, 2009 at 11:05:18AM +0200, Eric Rescorla wrote:
> At Sat, 14 Nov 2009 02:28:13 -0600,
> Nicolas Williams wrote:
> > 
> > On Sat, Nov 14, 2009 at 01:08:16AM +0200, Eric Rescorla wrote:
> > > At Fri, 13 Nov 2009 10:46:09 -0600,
> > > Nicolas Williams wrote:
> > > > The post with message-ID <20091113005419.GQ1105@Sun.COM>, subject
> > > > "Comments on draft-rescorla-tls-renegotiate", sent at 18:54:19 -0600
> > > > yesterday most certainly described no Hello extensions, only a Finished
> > > > message verify_data computation change.
> > > 
> > > Yes, and it doesn't allow you to probe in a compatible way.
> > 
> > No, that's not correct.  On initial connection there's no need to do
> > anything special (sure, it's nice to know that your peer doesn't have
> > this vuln, but you don't have to).
> 
> Well, I don't know what "have to" means. Some clients may have
> the policy of not connecting to servers that aren't upgraded.
> The existing proposal allows that. Yours does not.

Indeed, though I'm not too concerned by that.  For me that is a
trade-off to make w.r.t. complications raised by using extensions in the
first place (bear with me, please).

IIUC the arguments about SSLv3, there's an installed base of SSLv3 and
TLS 1.0-with-bugs that is more likely to get patched to fix this and
only this than to get upgraded t TLS 1.1+ or to have all their bugs
patched.  I'm not sure that that's true.  IF it is true, then we have to
consider the possibility of designing the fix so that it's easier to
patch those.

In any case, I think it's more important to behave correctly than to
also signal that intend to -- the former is required, the latter is a
bonus.

Nico
--