IETF Logo Mail Archive

Re: [TLS] Last Call: draft-ietf-tls-renegotiation - deployment in legacy environments

David-Sarah Hopwood <david-sarah@jacaranda.org> Sat, 05 December 2009 22:13 UTC

Return-Path: <djhopwood@googlemail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 604553A6960 for <tls@core3.amsl.com>; Sat, 5 Dec 2009 14:13:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.589
X-Spam-Level:
X-Spam-Status: No, score=-2.589 tagged_above=-999 required=5 tests=[AWL=0.010, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2KevJwh+XC2z for <tls@core3.amsl.com>; Sat, 5 Dec 2009 14:13:43 -0800 (PST)
Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.24]) by core3.amsl.com (Postfix) with ESMTP id D393B3A695E for <tls@ietf.org>; Sat, 5 Dec 2009 14:13:42 -0800 (PST)
Received: by ey-out-2122.google.com with SMTP id 9so153615eyd.51 for <tls@ietf.org>; Sat, 05 Dec 2009 14:13:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :x-enigmail-version:content-type; bh=Eh+KdHdtsl1sesKjdcnVlxpzfl/DSQsUu2cprGngreU=; b=ls6lHKK04x63xCaTk+ebU+bCxFtjudh+q6fkWFnxWeVKvNJBG0imS4f60MvPbXWLJw po8lzS6VuqM2f5GxZeVoNR3n4M7zjF1z9r2JRJv8dch5VMBcest0sPwLAmGf0405Z6CK 3H4SxbQqb7XpfBmc4Wlh/3GPRpUJ8WpkQUuR4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:content-type; b=SWFYhc8SLU2xefLOHsI+IV+rgNoyoyzwbTT1r20BWWZ8FxiLvc66OZomGOMSJfz6B7 hXTySxeYWLNz7uNv8sXzV+so8VBBRWs3Dib4oIWjBo2VBwVXFuTP/srFQzRbomOoLhKN XgeqZGH/yd2NrONNlxxSkcjAjdTyb/R5sYjgs=
Received: by 10.213.97.22 with SMTP id j22mr4835257ebn.53.1260051208586; Sat, 05 Dec 2009 14:13:28 -0800 (PST)
Received: from ?192.168.0.2? (5adcc5d2.bb.sky.com [90.220.197.210]) by mx.google.com with ESMTPS id 13sm2596388ewy.13.2009.12.05.14.13.27 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 05 Dec 2009 14:13:27 -0800 (PST)
Sender: David-Sarah Hopwood <djhopwood@googlemail.com>
Message-ID: <4B1ADB0B.1050005@jacaranda.org>
Date: Sat, 05 Dec 2009 22:13:31 +0000
From: David-Sarah Hopwood <david-sarah@jacaranda.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.3) Gecko/20070326 Thunderbird/2.0.0.0 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: tls@ietf.org
References: <OF90FC2E3C.7572E1B8-ON4A257682.00757720-4A257682.0076A598@au1.ibm.com>
In-Reply-To: <OF90FC2E3C.7572E1B8-ON4A257682.00757720-4A257682.0076A598@au1.ibm.com>
X-Enigmail-Version: 0.96.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------enigA7CC138DDCA75591B9991D98"
Subject: Re: [TLS] Last Call: draft-ietf-tls-renegotiation - deployment in legacy environments
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Dec 2009 22:13:45 -0000

Michael Gray wrote:
> Note : Clients that use either of the signaling methods MUST be prepared to
> accept a Server response containing the  "renegotiation_info" extension
> transmitted in a ServerHello message with the SSLv3 protocol version {
> 0x03, 0x00 } and MUST continue with protected renegotiations at this
> protocol level.

This is fine, although obvious.

> Additionally, I believe that adding extensions in the initial ClientHello
> could result in adverse customer events in some very small number of
> environments that are extensions intolerant [1].  The following additional
> note in Section 5 would be useful in providing guidance in mitigating this
> concern:
> 
> Note :  In cases where a ClientHello protocol behavior change from not
> sending extensions to sending extensions is a risk where legacy Servers may
> exist that are extension intolerant then the Client MAY mitigate this risk
> by sending the TLS cipher suite "TLS_RENEGO_PROTECTION_REQUEST" and SHOULD
> NOT send the "renegotiation_info" extension unless the Client is sending
> other extensions.

Strongly opposed. There is no justification for a SHOULD NOT-level statement
insisting that clients work around bugs in nonconformant servers. (Read the
RFC 2119 definition of SHOULD NOT; it clearly doesn't apply.)

Besides, it is incorrect to not send the RI extension in cases where it
would have contained verify_data.

-- 
David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com

v2.23.0 | Report a Bug | By Email