IETF Logo Mail Archive

Re: [TLS] TLSrenego - possibilities, suggestion for SSLv3

Martin Rex <mrex@sap.com> Wed, 11 November 2009 20:14 UTC

Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1E3993A6830 for <tls@core3.amsl.com>; Wed, 11 Nov 2009 12:14:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.154
X-Spam-Level:
X-Spam-Status: No, score=-6.154 tagged_above=-999 required=5 tests=[AWL=0.095, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pUii+VscM-+9 for <tls@core3.amsl.com>; Wed, 11 Nov 2009 12:14:42 -0800 (PST)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.171]) by core3.amsl.com (Postfix) with ESMTP id A8A233A6806 for <tls@ietf.org>; Wed, 11 Nov 2009 12:14:41 -0800 (PST)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id nABKF7k6025238 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 Nov 2009 21:15:07 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <200911112015.nABKF68b018491@fs4113.wdf.sap.corp>
To: marsh@extendedsubset.com
Date: Wed, 11 Nov 2009 21:15:06 +0100
In-Reply-To: <4AFB154A.9030106@extendedsubset.com> from "Marsh Ray" at Nov 11, 9 01:49:30 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal05
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] TLSrenego - possibilities, suggestion for SSLv3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Nov 2009 20:14:43 -0000

Marsh Ray wrote:
> 
> Yair Elharrar wrote:
> > Martin Rex wrote:
> > 
> > It would probably be better if the entire 32-bit gmt_unix_time was
> > set to one of two predefined magic values:
> 
> Do you know that nothing cares about the actual time encoded?
> 
> Why burn 32 bits of entropy to represent one bit?

Yair's suggestion is actually 3 states (~1.5 bits)
   initial, renegotiation, unknown

but other than that, it also seems like waste to me to re-purpose
the _entire_ 32-bits.

> 
> > one indicating an initial
> > connection ('INIT'), the other indicating a renegotiation ('RNEG'). A
> > client receiving 'RNEG' on an initial handshake would know the
> > session is under attack. A client receiving 'INIT' on an initial
> > handshake would know the session is safe. Any other value would
> > indicate the server is running an insecure implementation.
> 
> The problem still exists between sessions (2,3) (3,4) and so on.

New clients should not renegotiate with servers that lack the
secure renegotiation extension.  There is no problem with clients
participating an initial handshake with these, provided that they
can distinguish initial from renegotiation handshakes performed
by the server.


-Martin

v2.23.0 | Report a Bug | By Email