IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00

Bodo Moeller <bmoeller@acm.org> Thu, 16 October 2014 16:07 UTC

Return-Path: <SRS0=Aa5u=7H=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21FB31A3BA5 for <tls@ietfa.amsl.com>; Thu, 16 Oct 2014 09:07:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.938
X-Spam-Level:
X-Spam-Status: No, score=-0.938 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EPcFUWyhdYpa for <tls@ietfa.amsl.com>; Thu, 16 Oct 2014 09:07:11 -0700 (PDT)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.13]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9589F1A1C05 for <tls@ietf.org>; Thu, 16 Oct 2014 09:07:10 -0700 (PDT)
Received: from mail-yh0-f44.google.com (mail-yh0-f44.google.com [209.85.213.44]) by mrelayeu.kundenserver.de (node=mreue105) with ESMTP (Nemesis) id 0Ls9Wx-1YIQ3n0zjL-013sqP; Thu, 16 Oct 2014 18:07:08 +0200
Received: by mail-yh0-f44.google.com with SMTP id i57so2115620yha.31 for <tls@ietf.org>; Thu, 16 Oct 2014 09:07:04 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.236.191.230 with SMTP id g66mr1879263yhn.27.1413475624121; Thu, 16 Oct 2014 09:07:04 -0700 (PDT)
Received: by 10.170.194.15 with HTTP; Thu, 16 Oct 2014 09:07:04 -0700 (PDT)
In-Reply-To: <543FDC48.1060908@redhat.com>
References: <2112FCAD-4820-49D9-9871-6501C83A554D@cisco.com> <CABkgnnUxeouqDNhYFGDC2xqUaT8r7zFvAT5U1OUGJwHwCOuOwA@mail.gmail.com> <543FDC48.1060908@redhat.com>
Date: Thu, 16 Oct 2014 18:07:04 +0200
Message-ID: <CADMpkcKXabRnVA4zsUVSKfohwhEsud7-UbDzPTu4GhC9-D_QEA@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="20cf305b1082797c2a05058c70d4"
X-Provags-ID: V02:K0:e1P7ECdGgwXbzuPkWvzeIF4DZoDi6LcLmHuhdW/osL6 i8ODXhIpYMEy+xuLKQyrkXYQpGUuZn2WLfWSTSxVkEVEZvDyF+ lpEIsdltU/MOIV48+Wv2btFg+e6J/INX23iTfkaZGBBNvqisD8 xJcxB8hapMP4vMWl4d9qlSJ7rx2GrhmMfKGobczBkfSck8i6Vo E8OLC5JRXmVrNvvdSe2H9lSdeSK46BRc3k55XKOmmU30g+Bpyc EREVE04m5RDfyv8r8kIVpg6okiDbZAxB4DG++Go48Ns7QOuNpk +DpoHutIEDU6nh872SNR1VZ7RgLwPpQ6ZxM/ZcHTawst7HzV6w 26tjihFVPeBto21rAQkue2vV8AIDjHr34z0Me4JV/fq1s0qRfd uK+9qS7NF65XzMyuAvxECpbpQr169teXi4BZveFuW2oKkdm9xw oPrvS
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/H4k-d9QC_W6UI3SVedMCVhRhq7I
Cc: Florian Weimer <fweimer@redhat.com>
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Oct 2014 16:07:12 -0000

Florian Weimer <fweimer@redhat.com>:

One interoperability issue I encountered is that I initially sent a
> protocol version in the inappropriate_fallback alert that the OpenSSL
> client could not process because the protocol version had not been
> negotiated at this stage.  (This issue was also present in the code for the
> renegotiation SCSV.)  This is an ambiguity in the original TLS
> specification, I think, but perhaps the draft should say that you SHOULD
> send back the version used by the client.


Thanks for the comment. Is this different from other fatal alerts that the
server might be sending in direct response to the ClientHello -- such as
handshake_failure, or even protocol_version?

Maybe it wouldn't hurt to explicitly say that if the client's version is
supported by the server but rejected due to the SCSV, that's the version to
use for the alert. But then record-layer version numbers are already a
muddy issue as is; I wouldn't want to specify side aspects of behavior that
may be incompatible, or utterly confusing if read in conjunction, with the
guidance on record-layer version numbers provided by the TLS specifications.

Bodo

v2.23.0 | Report a Bug | By Email