Re: [TLS] Next steps for draft-ietf-tls-renegotiation
Martin Rex <mrex@sap.com> Mon, 30 November 2009 18:47 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9BC6A3A6944 for <tls@core3.amsl.com>; Mon, 30 Nov 2009 10:47:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.188
X-Spam-Level:
X-Spam-Status: No, score=-6.188 tagged_above=-999 required=5 tests=[AWL=0.061, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vym5Io-s75IN for <tls@core3.amsl.com>; Mon, 30 Nov 2009 10:47:49 -0800 (PST)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.171]) by core3.amsl.com (Postfix) with ESMTP id 804053A684C for <tls@ietf.org>; Mon, 30 Nov 2009 10:47:49 -0800 (PST)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id nAUIlepd017396 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 30 Nov 2009 19:47:40 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <200911301847.nAUIldG5010270@fs4113.wdf.sap.corp>
To: Nicolas.Williams@sun.com
Date: Mon, 30 Nov 2009 19:47:39 +0100
In-Reply-To: <20091130170745.GH773@Sun.COM> from "Nicolas Williams" at Nov 30, 9 11:07:45 am
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal05
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] Next steps for draft-ietf-tls-renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Nov 2009 18:47:50 -0000
Nicolas Williams wrote: > > On Fri, Nov 27, 2009 at 11:26:34PM +0100, Pasi.Eronen@nokia.com wrote: > > <wearing Area Director hat> > > > > I have asked the secretariat to start IETF Last Call for > > draft-rescorla-tls-renegotiation-01. > > > > I've gone through the list archives for the past month, and it seems a > > large majority of the WG members support the overall approach in this > > draft (with a small, but very vocal, minority preferring a totally > > extension-less approach to signalling). > > I don't think that's a fair nor complete characterization of the current > differences of opinion. A more complete and correct characterization > might be: > > - The RI proposal has a fail-unsafe requirement that peers check the > contents of the extensions sent. > > NOTE: A fix for this wouldn't require an extension-less signalling > solution. > > [IMO: This is serious objection that goes beyond protocol design > aesthetics or ease of retrofitting for SSLv3. I think we can > live without a fix for this problem, but I'd much rather have a > fail-safe solution.] What makes me feel somewhat uncomfortable is the situation when the client is doing an initial handshake and the server is doing a renegotiation handshake: The client will send an emtpy extension. The server should abort. But if the server is a little sloppy, and sends back an empty extension in ServerHello (matching the empty extension received in ClientHello), then the handshake will succeed. In that case, the renegotiation vulnerability will be still present, but this will not be obvious in the regular interop-testing and the client has no way to detect that the server is goofing his job. The problem is, that it is so extremely easy for the server to goof his job. If we add the verify_data to the renegotiation and something small but different to the initial handshakes between updated server and updated client, then it will be extremely difficult to get it wrong and still interoperate -- it will be _much_ easier to interoperate hand have it correct. -Martin
- [TLS] Next steps for draft-ietf-tls-renegotiation Pasi.Eronen
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Bodo Moeller
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… David-Sarah Hopwood
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Michael D'Errico
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Pasi.Eronen
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Steve Dispensa
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Pasi.Eronen
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Eric Rescorla
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… David-Sarah Hopwood
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Eric Rescorla
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Michael D'Errico
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Yoav Nir
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Ben Laurie
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Pasi.Eronen
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Pasi.Eronen
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Eric Rescorla
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Eric Rescorla
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Eric Rescorla
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Eric Rescorla
- [TLS] draft-renego "even after previous handshake… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Yoav Nir
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Pasi.Eronen