Re: [TLS] Downgrade protection, fallbacks, and server time

David Benjamin <> Thu, 02 June 2016 15:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BDFBB12D766 for <>; Thu, 2 Jun 2016 08:17:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.425
X-Spam-Status: No, score=-3.425 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id MrnhjtOwmAFJ for <>; Thu, 2 Jun 2016 08:17:17 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4001:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 80FDD12D765 for <>; Thu, 2 Jun 2016 08:17:07 -0700 (PDT)
Received: by with SMTP id k19so35553802ioi.3 for <>; Thu, 02 Jun 2016 08:17:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=P40dklr8M2mcjVrnBoT/1ySW8kKQbqS2UKOgPka5NvU=; b=hIbbsU8bieB+AjkpQD4RmLVKUuDPiA5sfijrgg+Vf6LCyscyUt7CY/ddx9GvBenAId Wf22cjWHFE9/Z0RYJCbdY7y8KkqFPRIbbDX3PWaJpfluerCpEaNeDd7hQ7VF20+70qBM YHZSUraU25HLd1gbJkbn5rIdct9CvHuUj65sY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=P40dklr8M2mcjVrnBoT/1ySW8kKQbqS2UKOgPka5NvU=; b=RXLMESRF3TQjWLkfLPSs5ijszgQ4+XDaX9vkzyCgZoqm3YpZ8pMNL8WMEvlcBneLmT zNT+DEy5jDogHy9Jn9ZuSKMiN1+qAxl9Pild6BB8eHgPqwlFxAG86RgqrOiw7xRJjyxa 3mU/HAN87wGzfFwmXJFfRZ0EyxyNFhy/w4dkb7Mrki75c2n0Z5g5O29NvJaWryMCBdMD wL5+RqzNQVAg1Um3R6npZxmkz6OaSXswecmII+6a8Vi6CwAXq8C9KahkKYSGOD07oDAI 3XeT2Cph3HF5pK7XHRvpRRGF1L2cI5SzsLKJx6Mmirgx2+XVpp1sQd4tgmmb6802CsDo Hw3w==
X-Gm-Message-State: ALyK8tIsKxNF6W5wNnsWeLzx/zgaIKfpXcQlJpdef2AoKiGSkeDwHqIJ3MhS6sMncM7xX54LJeZRKylwkK207iFk
X-Received: by with SMTP id j10mr4263180ioi.97.1464880626441; Thu, 02 Jun 2016 08:17:06 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <> <>
In-Reply-To: <>
From: David Benjamin <>
Date: Thu, 02 Jun 2016 15:16:56 +0000
Message-ID: <>
Content-Type: multipart/alternative; boundary=001a113f9b6a610b3605344d1965
Archived-At: <>
Subject: Re: [TLS] Downgrade protection, fallbacks, and server time
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 02 Jun 2016 15:17:19 -0000

On Thu, Jun 2, 2016 at 10:59 AM Viktor Dukhovni <>;

> > On Jun 2, 2016, at 10:49 AM, David Benjamin <>;
> wrote:
> >
> > I'm not sure I follow. The specification certainly spells out how
> version negotiation is supposed to work. That hasn't stopped servers from
> getting it wrong. Fundamentally this is the sort of thing where bugs don't
> get noticed until we make a new TLS version, and we don't do that often
> enough to keep rust from gathering.
> A better way to keep rust from gathering is to not instutionalize fallback,
> force the broken sites to deal with the issue.  While 2% is noticeable, you
> can probably drive 1.3 version intolerance out of the ecosystem relatively
> quickly if Chrome implements fallback for a limited time (say 6 months
> after
> TLS 1.3 RFC is done) and with a diminishing probability (60% first month,
> 10%
> less each month thereafter), season to taste.

I've mused on something like that (I was the main driver behind
painstakingly removing the existing version fallback in Chrome), but I
don't think non-determinism is a good idea. Site owners need to be able to
reproduce the failures their users see.

But, yes, I will of course be monitoring the true metrics (my probing a
list of sites is only an approximation) and seeing what can be done here,
as I did previously.