Re: [TLS] Cipher suite values to indicate TLS capability
Adam Langley <agl@google.com> Fri, 08 June 2012 15:18 UTC
Return-Path: <agl@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C4C221F894E for <tls@ietfa.amsl.com>; Fri, 8 Jun 2012 08:18:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.977
X-Spam-Level:
X-Spam-Status: No, score=-102.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YkYAwgT5yWMr for <tls@ietfa.amsl.com>; Fri, 8 Jun 2012 08:18:09 -0700 (PDT)
Received: from mail-gh0-f172.google.com (mail-gh0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id B63A721F8955 for <tls@ietf.org>; Fri, 8 Jun 2012 08:18:09 -0700 (PDT)
Received: by ghbg16 with SMTP id g16so1552580ghb.31 for <tls@ietf.org>; Fri, 08 Jun 2012 08:18:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-system-of-record; bh=+b7VcuOhmrjACHHg1Q4c0viIIHGWkcmi8bMRAooi9KY=; b=PA8kuEndEVixTwc5OK1rvLiiy3b2IvEOj/Pe5J/v+/GRXyz36TLhRwZPjQXarlX+PQ /TavtfS2YdOhkDayckwAxhYZrk9ztlXxMK3GpWjGBsta+E8cHgHo4yCEKpAr4qoZaZf4 Qb+pA+j/65mcXe9bIFwUiZfCM0jP5ugwNWi3DvtmnUKoEwrH2fbOjAN6Otr1M/mFicIs MimUPRmICiqfVtjZrnlfR1kr2eoFiFEePhlW/KIEY1QJ5ZHrK2QRgZlAkCbQbjNfcABH 38u3eY9eh6kFF/XcpIX4+ZEoIgJmIlEpnvQdPzcZ9ktoxQfnO8QdseicZxIRtitU4yit MI/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-system-of-record:x-gm-message-state; bh=+b7VcuOhmrjACHHg1Q4c0viIIHGWkcmi8bMRAooi9KY=; b=gRrRpMgJbxSxkM7FJe+jsHYeF5lOUrerBtTZqR967O0EpB7c+la12YovJPbcJKJdmp 8v9zpM4dAmI3SYXRd0+g9Te41G4oTHhr9DvgZ6xez6UUQ6wa0KnkC3hv0hTc/u3U2tPN rIce92j0e63JvY2VBjAEQqfVsW3LnoXqSimU2m63oxkZVlUfPGQE929NXZUpi6YojqVF +J7b9tYHkXOvgNFu/TxP2UCWpA4RSqhqeKJfseyTJwGYy7lsmDe19u24eagXjUIPRs3N 0PgouZ6/XQFwJIyOMRYFs8vr9420Qx0dOqtyrJe7CjmZ1Yct4hVrKrATcemhr9HEs1po oc8w==
Received: by 10.50.179.101 with SMTP id df5mr3071221igc.22.1339168689019; Fri, 08 Jun 2012 08:18:09 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.50.179.101 with SMTP id df5mr3071211igc.22.1339168688876; Fri, 08 Jun 2012 08:18:08 -0700 (PDT)
Received: by 10.231.5.201 with HTTP; Fri, 8 Jun 2012 08:18:08 -0700 (PDT)
In-Reply-To: <4FD1AB25.7070101@gnutls.org>
References: <CAL9PXLwdQctUub5oPx0tepsfveDo0bNKGBUaUBBFeq4u4D0BbA@mail.gmail.com> <CADKevbAnT7AVn_cN+7WcBLfK8G4vkKns3GqQP1QQQ__96SD_6A@mail.gmail.com> <002AA72F-D47E-4C7C-930C-D78A0E48D059@checkpoint.com> <CADKevbBxUGwRtLs=u-pmOHtQ9HP4ERvxpvKJE4BOecLrm8it2g@mail.gmail.com> <CA+cU71nuGwgTc-dHkM_RrVUFZnOOoGkLeq-A2cQoYaobJFQ1zw@mail.gmail.com> <4FD1AB25.7070101@gnutls.org>
Date: Fri, 08 Jun 2012 11:18:08 -0400
Message-ID: <CAL9PXLynKsz+3x9BGOKgN1HdULGFckB3Z1wkRXSzca-C_yzoZA@mail.gmail.com>
From: Adam Langley <agl@google.com>
To: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Content-Type: text/plain; charset="UTF-8"
X-System-Of-Record: true
X-Gm-Message-State: ALoCoQkPex/K1dpljIS5uzMCwhzHO/WfM1KakUKaZeoPCd5cA8LWANLj6IkUcOMaNISPtb7T3seGMXB8htewC/jEOEkLHuHWHIlWHix813LYwBSPOrbJbgNco5hBZdJdFsYb1IdK1Uxi
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Cipher suite values to indicate TLS capability
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jun 2012 15:18:10 -0000
On Fri, Jun 8, 2012 at 3:35 AM, Nikos Mavrogiannopoulos <nmav@gnutls.org> wrote: > If you want to only prevent against the attacker that wants to rollback > the session to SSL 3.0, then all you need to do is to perform the proper > TLS protocol negotiation, which protects against that. If it doesn't > work warn the user. Yes, the aim is to prevent an attacker performing a downgrade attack to SSLv3. Warning the user assumes that the user can understand what we're trying to tell them which is not true here. > What happens if we have a buggy server that incorrectly implements the > fallback detection mechanism? We define another one? The SCSV for the renegotiation indication extension was deployed without any serious issues, which is strong evidence that we can viably deploy other SCSV values. > If the problem is incorrect implementations, then just fix the incorrect > implementations. If you cannot, then do not interoperate with them. If > all major browsers do that, the owners would fix it. It's not clear, from a global point of view, that the benefits of avoiding SSLv3 downgrades exceed the cost of updating all these servers. By definition these servers are unmaintained and probably very expensive to update. They're also quite numerous. Certainly, from a moral point of view, we should not be baring the costs of these server's bugs. By abandoning these buggy devices on the network, vendors (which presumably turned a profit by doing so) are imposing externalities on the world. It's basically a form of pollution. I understand and share an anger towards these practices but, none the less, we find ourselves with these barrels of toxic waste lying around and have to deal with it. It's the cost of an open network and I'd still choose it over a closed network. Cheers AGL
- Re: [TLS] Cipher suite values to indicate TLS cap… Geoffrey Keating
- [TLS] Cipher suite values to indicate TLS capabil… Adam Langley
- Re: [TLS] Cipher suite values to indicate TLS cap… Adam Langley
- Re: [TLS] Cipher suite values to indicate TLS cap… Geoffrey Keating
- Re: [TLS] Cipher suite values to indicate TLS cap… Adam Langley
- Re: [TLS] Cipher suite values to indicate TLS cap… Adam Langley
- Re: [TLS] Cipher suite values to indicate TLS cap… Geoffrey Keating
- Re: [TLS] Cipher suite values to indicate TLS cap… Adam Langley
- Re: [TLS] Cipher suite values to indicate TLS cap… Chris Richardson
- Re: [TLS] Cipher suite values to indicate TLS cap… Wan-Teh Chang
- Re: [TLS] Cipher suite values to indicate TLS cap… Yoav Nir
- Re: [TLS] Cipher suite values to indicate TLS cap… Yoav Nir
- Re: [TLS] Cipher suite values to indicate TLS cap… Nikos Mavrogiannopoulos
- Re: [TLS] Cipher suite values to indicate TLS cap… Geoffrey Keating
- Re: [TLS] Cipher suite values to indicate TLS cap… Chris Richardson
- Re: [TLS] Cipher suite values to indicate TLS cap… Tom Ritter
- Re: [TLS] Cipher suite values to indicate TLS cap… Nikos Mavrogiannopoulos
- Re: [TLS] Cipher suite values to indicate TLS cap… Adam Langley
- Re: [TLS] Cipher suite values to indicate TLS cap… Nikos Mavrogiannopoulos
- Re: [TLS] Cipher suite values to indicate TLS cap… Adam Langley
- Re: [TLS] Cipher suite values to indicate TLS cap… Martin Rex