IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00

Andrei Popov <Andrei.Popov@microsoft.com> Fri, 26 September 2014 17:44 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DAE451A90F6 for <tls@ietfa.amsl.com>; Fri, 26 Sep 2014 10:44:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LruHceRfXK6N for <tls@ietfa.amsl.com>; Fri, 26 Sep 2014 10:44:55 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0135.outbound.protection.outlook.com [207.46.100.135]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39F5E1A90F5 for <tls@ietf.org>; Fri, 26 Sep 2014 10:44:54 -0700 (PDT)
Received: from BL2PR03MB419.namprd03.prod.outlook.com (10.141.92.18) by BL2PR03MB420.namprd03.prod.outlook.com (10.141.92.25) with Microsoft SMTP Server (TLS) id 15.0.1039.15; Fri, 26 Sep 2014 17:44:52 +0000
Received: from BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) by BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) with mapi id 15.00.1034.003; Fri, 26 Sep 2014 17:44:52 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: Working Group Last Call for draft-ietf-tls-downgrade-scsv-00
Thread-Index: AQHP2T5a8EAtsaADg0ykrefiCf9Yj5wTq6Mw
Date: Fri, 26 Sep 2014 17:44:51 +0000
Message-ID: <e2ae0847d4ef49c48fe972adead9bbcc@BL2PR03MB419.namprd03.prod.outlook.com>
References: <2112FCAD-4820-49D9-9871-6501C83A554D@cisco.com>
In-Reply-To: <2112FCAD-4820-49D9-9871-6501C83A554D@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [2001:4898:80e8:ed31::2]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:BL2PR03MB420;
x-forefront-prvs: 03468CBA43
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(13464003)(189002)(377454003)(164054003)(199003)(90102001)(81542003)(87936001)(4396001)(19580405001)(108616004)(107886001)(230783001)(46102003)(97736003)(107046002)(81342003)(74502003)(79102003)(74662003)(19580395003)(83072002)(86362001)(106356001)(106116001)(85852003)(99396003)(101416001)(10300001)(21056001)(31966008)(15975445006)(20776003)(76176999)(64706001)(33646002)(120916001)(50986999)(99286002)(2656002)(85306004)(54356999)(77982003)(92566001)(76576001)(86612001)(74316001)(80022003)(105586002)(76482002)(83322001)(95666004)(24736002)(3826002)(491001); DIR:OUT; SFP:1102; SCL:1; SRVR:BL2PR03MB420; H:BL2PR03MB419.namprd03.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/H5toempuu7uIqg9u0Hf8E9tx5e0
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Sep 2014 17:44:58 -0000

This I-D currently forces clients to do sequential fallbacks, without skipping versions: TLS1.3->TLS1.2->TLS1.1->TLS1.0 will work, but e.g. TLS1.3->TLS1.2->TLS1.0 won't. Clients may want to skip protocol versions in the fallback sequence to reduce latency. Clients may also need to disable arbitrary protocol versions for security reasons.

I see two ways to fix this in the draft:
1. Use a TLS extension instead of an SCSV. In the extension, the client could indicate the previously attempted protocol version. The problem with this is that SSL3 ClientHellos are not supposed to have extensions, but we'd like to secure fallbacks to SSL3.
2. Use one SCSV value per TLS & SSL protocol version. The client includes the SCSV indicating the previously attempted protocol version. The drawback here is that this creates multiple SCSVs:).

If this problem is not solved, then clients will have no choice but to avoid sending the SCSV when skipping protocol versions, e.g.: TLS1.3(no SCSV)->TLS1.2(with SCSV)->TLS1.0(no SCSV). Which (at least partially) defeats the purpose of the I-D.

Cheers,

Andrei

-----Original Message-----
From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Joseph Salowey (jsalowey)
Sent: Thursday, September 25, 2014 9:00 PM
To: <tls@ietf.org>
Subject: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00

This is an announcement for the working group last call for draft-ietf-tls-downgrade-scsv-00.  Please review the document and send your comments to the list by Friday, October 17, 2014.  

Thanks,
J&S
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email