IETF Logo Mail Archive

Re: [TLS] PR for anti-downgrade mechanism

Martin Thomson <martin.thomson@gmail.com> Fri, 16 October 2015 22:12 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA3A31B3454 for <tls@ietfa.amsl.com>; Fri, 16 Oct 2015 15:12:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Em9zd4DXSSJa for <tls@ietfa.amsl.com>; Fri, 16 Oct 2015 15:12:20 -0700 (PDT)
Received: from mail-yk0-x22c.google.com (mail-yk0-x22c.google.com [IPv6:2607:f8b0:4002:c07::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD3571B3452 for <tls@ietf.org>; Fri, 16 Oct 2015 15:12:19 -0700 (PDT)
Received: by yknn9 with SMTP id n9so46995531ykn.0 for <tls@ietf.org>; Fri, 16 Oct 2015 15:12:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=HB6OeOyzN8OhVbRZ9ZYYEo+lsJLNqJ09uyA8CyDVp0U=; b=O3htyF2g8LJtF4OB3rZHeV1EfDlIrTSteV8ukaQeNrGBLMi/8wSP9MIKQY2wF8x8Eu l14a8wFS+zKdqL5d5Xb/HikkF9V99h2yLx0jNoK7CML7wCMm9UOehiujipMIuIgYWQ6D QRuNU3ezxbuqGPGYJPSGJJQtOz+AsmVqTFN3k+/M59DwwZKNLCaf70bxZhQFRPF+f8fW mroDdG5h6JGJIwvrfOARbZ6ppflXra3O4eZY2WfHAIMW9soRWJy3dp6iZi4sS9AjVuFn QUNxcoPNPF1OVM0L6rtXKXii/rti0Za8Vli1QcKQzaeTIdmhdfphuLjj+cKRM3kJ/NX/ yxzw==
MIME-Version: 1.0
X-Received: by 10.129.80.5 with SMTP id e5mr4429476ywb.105.1445033539086; Fri, 16 Oct 2015 15:12:19 -0700 (PDT)
Received: by 10.13.230.78 with HTTP; Fri, 16 Oct 2015 15:12:18 -0700 (PDT)
In-Reply-To: <CAFewVt6kPzMfjKb5deATw4funEa_=Z9G5U-6_QeX1f34abS55g@mail.gmail.com>
References: <CABcZeBOB9mnQ8bLOCSysnx9LMv0hxrPCA21jTnxAMb3Yom_Aow@mail.gmail.com> <CAFewVt6yin3NhkcLuJfXVy7RKuyPY+7+P4h1fKAyVtAZdpjBfQ@mail.gmail.com> <D22E3AD8-19A1-4CAF-987B-349CE6961284@gmail.com> <CAFewVt484VFa+bUPc41BXVhoYqx1qJdWR4z7c_xjx=Ff_6QZQw@mail.gmail.com> <CABkgnnVEUuWEEpqjRWm9=D7OkDuxvJj7pmX=8RMCU6T_qah5mw@mail.gmail.com> <CAFewVt6kPzMfjKb5deATw4funEa_=Z9G5U-6_QeX1f34abS55g@mail.gmail.com>
Date: Fri, 16 Oct 2015 15:12:18 -0700
Message-ID: <CABkgnnW1V6SbbFfjKekCTmWNK6gP1uH2rH4POSkwmycQwtPkoA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Brian Smith <brian@briansmith.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/LdJCeLALcyEG8WevXIawr4nSApU>
Cc: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] PR for anti-downgrade mechanism
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Oct 2015 22:12:23 -0000

On 16 October 2015 at 13:39, Brian Smith <brian@briansmith.org> wrote:
> That would be especially true for an implementation that does False Start
> for TLS 1.2.

I don't see how false start plays into this.  We could have clients
reject false start if they see this sentinel value.  But don't we want
to just treat this as an attack and abort instead?

v2.23.0 | Report a Bug | By Email