Re: [TLS] Updated draft

[Martin Rex <mrex@sap.com>]

Marsh Ray wrote:
> 
> Robert Dugal wrote:
> > Oops, you're right. I misstated what I'd like the draft to allow. 
> > What I'd like is the option to always send the SCSV in the
> > ClientHello and on renegotiation requests send the SCSV + RI
> > extension in the ClientHello.
> 
> That certainly sounds like a reasonably minor change to make.

Full agreement.

> 
> I don't recall seeing anyone propose wording changes that would allow
> such behavior,

I can help you solve that problem:

   http://www.imc.org/ietf-tls/mail-archive/msg11082.html
   http://www.ietf.org/mail-archive/web/tls/current/msg05305.html


I know how you feel, I'm having analogus problem with my memory,
I can not remember anyone making a technical argument for this particular
MUST NOT here.  I already asked Pasi:

   http://www.ietf.org/mail-archive/web/tls/current/msg05401.html

but he doesn't seem to recall anything either.


> 
> Currently, the SCSV achieves its primary objective with a very simple
> definition. It has "exactly the same semantics as an empty
> 'renegotiation_info' extension".

That seems to be a fairly simple copy&paste error, and can easily
be fixed by simple wordsmithing.

It is fairly common that an initially beautiful wording turns
out to add unnecessary implementation complexity when the first
implementors get at the code.

That usually isn't a problem, since the IETF favours running code
over wording in the spec.  Implementors feedback is extremely
valuable.


> 
> Personally, I'd prefer that we don't propose (and re-propose) design
> features at this point.

We're discussing a simple implementation detail, it does not touch
the design of the underlying architecture.


> 
> If anyone sees a security flaw or attack against a correct
> implementation of draft-ietf-tls-renegotiation-02, please please speak up.

If anyone sees a security flaw or technical problem with dropping
this MUST NOT, then please speak up.


-Martin