Re: [TLS] Deprecating SSLv3

Yoav Nir <ynir.ietf@gmail.com> Mon, 24 November 2014 22:29 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 808E21A86E6 for <tls@ietfa.amsl.com>; Mon, 24 Nov 2014 14:29:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7vRHSyvPxZVU for <tls@ietfa.amsl.com>; Mon, 24 Nov 2014 14:29:45 -0800 (PST)
Received: from mail-wi0-x22f.google.com (mail-wi0-x22f.google.com [IPv6:2a00:1450:400c:c05::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 864FB1A7D80 for <tls@ietf.org>; Mon, 24 Nov 2014 14:29:45 -0800 (PST)
Received: by mail-wi0-f175.google.com with SMTP id l15so7268575wiw.14 for <tls@ietf.org>; Mon, 24 Nov 2014 14:29:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=LEz/pacdl9w1u3DA25uT6Dp7mZJYn0X7DWk7kdJaLe0=; b=THwyhFeEVGlrR3OJJk75FsxGpmyDp0cz0UE+og+EwMLiTlRv2Dxgv7wkLnP4k6xOqU 8MSUVbyzQh+222uds48K06JU6YgY7NR5AMLMuEhMwgEogLqm3UabfrW5BqgyVWrlJLeN Z0hauYTGoeSQqQPSNZF3Qaz05cFZr69XRJt373yulzkJ+2i6v4LSpn8+IRsZVoEN7ww1 yVoL6YCmmabkGJS5mV+qswxQ/ME1Jl2eP0z2KU+6MOL7DIHkUss9MhF3nfwK090+Fgcn XuzYCWwdaAv8FMM3kZpgeMwpQEGriBYxEHsvRGeT4BoDf/V4bRy0tq3Mr6L7UPK0rXpI Md7g==
X-Received: by 10.194.77.233 with SMTP id v9mr37714715wjw.24.1416868184303; Mon, 24 Nov 2014 14:29:44 -0800 (PST)
Received: from [192.168.1.104] (IGLD-84-228-139-23.inter.net.il. [84.228.139.23]) by mx.google.com with ESMTPSA id hs1sm13900082wib.1.2014.11.24.14.29.43 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 24 Nov 2014 14:29:43 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <20141124213052.GR3200@localhost>
Date: Tue, 25 Nov 2014 00:29:41 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <88D3820D-E509-40E0-AF12-E8B82A9708B3@gmail.com>
References: <1572947.5ky0fL2FGE@pintsize.usersys.redhat.com> <20141124182953.9C8251B004@ld9781.wdf.sap.corp> <CACsn0ck6t6DKbxcRga-TFQEj5ADe7zw3pKu9z33L2hS2B6LzyQ@mail.gmail.com> <20141124213052.GR3200@localhost>
To: Nico Williams <nico@cryptonector.com>
X-Mailer: Apple Mail (2.1993)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/JT8ak64-MM6YhFH7kG-GYD6R-i4
Cc: tls@ietf.org
Subject: Re: [TLS] Deprecating SSLv3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Nov 2014 22:29:47 -0000

> On Nov 24, 2014, at 11:30 PM, Nico Williams <nico@cryptonector.com> wrote:
> ]
> To be fair to Martin R., I suspect he's not objecting to this, so much
> as to the use of bearer tokens in the first place, 

I don’t know about Martin, but the thing that bothers me most about cookies is not that they’re bearer tokens or that they’re a lucrative target for attacks, but the fact that they can freely be used by attackers.

CRIME, BEAST, POODLE, they all depend on my browser going to http://www.attacker.com, and then a script loaded from that site running on the browser, sending requests to Facebook and google and the like with *my* cookies. For some reason these requests are treated as if they come from *me* rather than the attacker. They call it CSRF, but it’s not really forgery. It’s just the way the web is built.

If I had to choose between “new cookie” that is not a bearer token but is somehow bound to session or origin and a “new cookie” that is scoped so that only scripts loaded from *.google.com can use my google.com cookie while other scripts send unauthenticated requests, I’d choose the scoping.

Yoav