Re: [TLS] Deployment ... Re: This working group has failed
mrex@sap.com (Martin Rex) Mon, 18 November 2013 19:25 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E6A41ADFB9 for <tls@ietfa.amsl.com>; Mon, 18 Nov 2013 11:25:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.652
X-Spam-Level:
X-Spam-Status: No, score=-4.652 tagged_above=-999 required=5 tests=[HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VTLKPcNQl-J3 for <tls@ietfa.amsl.com>; Mon, 18 Nov 2013 11:25:46 -0800 (PST)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.170]) by ietfa.amsl.com (Postfix) with ESMTP id 316191AE0BC for <tls@ietf.org>; Mon, 18 Nov 2013 11:25:46 -0800 (PST)
Received: from mail06.wdf.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id rAIJPWEM015597 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 18 Nov 2013 20:25:32 +0100 (MET)
In-Reply-To: <06a3c2e5ba2b451a80cd05b18e8f4f72@BL2PR03MB194.namprd03.prod.outlook.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>
Date: Mon, 18 Nov 2013 20:25:32 +0100
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20131118192532.9CE531AAB0@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Cc: "tls@ietf.org list" <tls@ietf.org>
Subject: Re: [TLS] Deployment ... Re: This working group has failed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Nov 2013 19:25:48 -0000
Andrei Popov wrote: > > Yes, the percentage if servers that can't handle TLS1.2 or gracefully > negotiate a lower protocol version is diminishing, but very slowly. Unfortunately, I've seen a new (government mandated) Web Service usage scenario deployed in 2013 where the hardware SSL/TLS accellerater that is being used is TLS version intolerant to TLSv1.1 and TLSv1.2. We really need to get rid of the dependency on ClientHello.client_version being { 0x03, 0x03 } to use protocol features that can be implemented with fairly little effort in TLSv1.0, thereby obviating the need for reconnect fallbacks in clients -- a "feature" that most programmatic TLS clients do not have, and that is susceptible to downgrade. > > From my perspective, enabling TLS1.2 by default is necessitated > primarily by security and performance considerations (e.g. a chance > to negotiate AES_GCM instead of RC4). The interoperability problems from sending ClientHello.client_version { 0x03,0x03 } are to serious and significant to ignore, and the kludges (reconnect fallbacks) are to cumbersome for most apps. The _correct_ approach would be to publish how to use GenericAEADCipher record layer PDU and AES-GCM / AES-CCM with **ANY** version of TLS and remove the braindead "must not send this ciphersuite with client_version less that TLSv1.2" from the AES-CCM and AES-GCM documents. rfc5746 deployed with significantly less interop problems than both TLSv1.1 (rfc4346) and TLSv1.2 (rfc5246). > > However, for web browsers, enabling TLS1.2 by default means one more > step in the sequence of (insecure) reconnect attempts with lower > protocol versions. Rather than bulding such kludges into Browsers, the implementers should have come to the TLS WG help working on changes to TLS that will make all desired TLS features work in a more backwards compatible fashion than through kicking "client_version" / "protocol_version" fields. -Martin
- [TLS] This working group has failed Watson Ladd
- [TLS] Deployment ... Re: This working group has f… Hannes Tschofenig
- Re: [TLS] Deployment ... Re: This working group h… Taylor Hornby
- Re: [TLS] This working group has failed SM
- Re: [TLS] This working group has failed Ralph Holz
- Re: [TLS] Deployment ... Re: This working group h… Hannes Tschofenig
- Re: [TLS] Deployment ... Re: This working group h… Yoav Nir
- Re: [TLS] Deployment ... Re: This working group h… Hannes Tschofenig
- Re: [TLS] This working group has failed Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Mark Nottingham
- Re: [TLS] Deployment ... Re: This working group h… Kyle Hamilton
- Re: [TLS] Deployment ... Re: This working group h… Juho Vähä-Herttua
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Andrei Popov
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Geoffrey Keating
- Re: [TLS] Deployment ... Re: This working group h… Michael Staubermann
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Joshua Davies
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Andy Lutomirski
- Re: [TLS] Deployment ... Re: This working group h… Kirils Solovjovs
- Re: [TLS] Deployment ... Re: This working group h… Andy Wilson
- Re: [TLS] Deployment ... Re: This working group h… Marsh Ray
- Re: [TLS] Deployment ... Re: This working group h… Ralf Skyper Kaiser
- Re: [TLS] Deployment ... Re: This working group h… Ben Laurie
- [TLS] TLS protocol version intolerance [Was: Re: … Ivan Ristić
- Re: [TLS] Deployment ... Re: This working group h… Zooko Wilcox-OHearn
- Re: [TLS] TLS protocol version intolerance [Was: … Michael Sweet
- Re: [TLS] TLS protocol version intolerance [Was: … Eric Rescorla
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Andy Lutomirski
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- [TLS] multiple clients in one process (was: Re: D… Patrick Pelletier
- Re: [TLS] multiple clients in one process (was: R… Andy Lutomirski
- Re: [TLS] multiple clients in one process (was: R… Daniel Kahn Gillmor
- Re: [TLS] multiple clients in one process (was: R… Nico Williams
- Re: [TLS] multiple clients in one process (was: R… Nikos Mavrogiannopoulos
- Re: [TLS] multiple clients in one process (was: R… Andy Lutomirski