IETF Logo Mail Archive

Re: [TLS] COMMENT: draft-ietf-tls-renegotiation

Nelson Bolyard <nelson@bolyard.me> Tue, 15 December 2009 23:16 UTC

Return-Path: <nelson@bolyard.me>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 76EAD3A67A1 for <tls@core3.amsl.com>; Tue, 15 Dec 2009 15:16:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GqOvawOne9z4 for <tls@core3.amsl.com>; Tue, 15 Dec 2009 15:16:34 -0800 (PST)
Received: from smtpauth17.prod.mesa1.secureserver.net (smtpauth17.prod.mesa1.secureserver.net [64.202.165.29]) by core3.amsl.com (Postfix) with SMTP id 31C563A6405 for <tls@ietf.org>; Tue, 15 Dec 2009 15:16:33 -0800 (PST)
Received: (qmail 11707 invoked from network); 15 Dec 2009 23:16:15 -0000
Received: from unknown (192.18.120.70) by smtpauth17.prod.mesa1.secureserver.net (64.202.165.29) with ESMTP; 15 Dec 2009 23:16:15 -0000
Message-ID: <4B2818BF.507@bolyard.me>
Date: Tue, 15 Dec 2009 15:16:15 -0800
From: Nelson Bolyard <nelson@bolyard.me>
Organization: Network Security Services
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a5pre) Gecko/20070527 SeaMonkey/1.5a
MIME-Version: 1.0
To: Peter Saint-Andre <stpeter@stpeter.im>
References: <20091214191959.427A53A6A27@core3.amsl.com> <4B269153.9070701@tau.ac.il> <4B27B9DF.1020300@extendedsubset.com> <4B27C647.2060008@stpeter.im>
In-Reply-To: <4B27C647.2060008@stpeter.im>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: Ran Canetti <canetti@tau.ac.il>, iesg@ietf.org, tls@ietf.org
Subject: Re: [TLS] COMMENT: draft-ietf-tls-renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Dec 2009 23:16:35 -0000

Peter Saint-Andre wrote:
> On 12/15/09 9:31 AM, Marsh Ray wrote:

>> Why should we keep renegotiation?
>>
>> Because any spec which "drops" it is just going to be ignored, with the
>> side effect of the industry dropping the IETF rather than the IETF
>> dropping renegotiation.
> 
> Given that the TLS WG list is full of discussion about remaining
> backward-compatible with SSLv3, it's not clear if the industry is paying
> attention to the IETF anyway.

There is a small number of individuals in this list who are generating a
very high volume of traffic arguing that it is necessary to preserve
backward compatibility with servers that are not only SSL 3.0 but a subset
thereof that is intolerant of any hello extensions and of client hellos
that bear any higher version than 3.0, being unable to successfully
negotiate an SSL 3.0 handshake in the presence of either.

If one judges purely by the volume of traffic in the list, one might conclude
that the industry as a whole is behind that position.  But I believe that
conclusion would not be supported by an actual poll of vendors of SSL 3.x
(including TLS 1.x) server products.  I think we are merely hearing from a
very vociferous minority who hopes to defeat the current draft by filibuster.

>> Removing support for (i.e., not fixing) a fundamental and widely-used
>> protocol feature like renegotiation is not an option.
> 
> I think the question Russ raised is: just how fundamental is TLS
> renegotiation? And the answer so far seems to be: some deployments seem
> to use it, but it might not be fundamental.

I believe it is very heavily used in business-to-business https transactions
including so-called intranet transactions, where parts of a web site require
different authentication than the rest.

Several alternatives have been proposed to achieve those same ends without
renegotiation, such as using separate logical servers on separate ports
each with its own authentication requirements that are enforced on the
initial handshake, rather than during renegotiation.  These proposals all
present numerous challenges, any of which is orders of magnitude greater
for the many shops that would need to implement them than merely deploying
a "safe" version of renegotiation.  Numerous server vendors have expressed
that they believe their customers would rather live with the vulnerability
than be faced with completely refactoring all their https web sites, and/or
multiplying the number of deployed reverse proxies.

v2.23.0 | Report a Bug | By Email