IETF Logo Mail Archive

Re: [TLS] drop obsolete SSL 2 backwards compatibility from TLS 1.3 draft

Dave Garrett <davemgarrett@gmail.com> Sun, 28 December 2014 00:06 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2D521ACD45 for <tls@ietfa.amsl.com>; Sat, 27 Dec 2014 16:06:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OhgT992CRXJX for <tls@ietfa.amsl.com>; Sat, 27 Dec 2014 16:06:04 -0800 (PST)
Received: from mail-qg0-x229.google.com (mail-qg0-x229.google.com [IPv6:2607:f8b0:400d:c04::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C25541ACD32 for <tls@ietf.org>; Sat, 27 Dec 2014 16:06:03 -0800 (PST)
Received: by mail-qg0-f41.google.com with SMTP id e89so6529516qgf.28 for <tls@ietf.org>; Sat, 27 Dec 2014 16:06:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=Q6VAshypFBxYabzJBgSF0Dj8wamDlsNZvl9QEErP7cE=; b=B5NS47xN2w52R42+P7MDbBvqYcF+92T/MImYBh3bqRmEnoVGBUo6M2Do/1CuBgunz0 L8pklS+sliStarJqMVzfrYfDaBeLJwARpGutQwtUyct7gT34iBxw5OzzFMvxmNsYdiZL 2uxg8IlmXEx0fvnRDKHE47HNii1XkQ86W8Yll7UORTpm223qcJyNYq1BNrUIesLvlXPj 7iEGFfM0qN0d5DtnsHtuWdQ1DzcJ60w/LmmV7N4p27ck0jASSXnLZ3vnx51qqS7vpg5W TLBDUkFF9krUDLGx5dJjsQGoS4J+8Q5CEcHx1NxjcY+qUUAplKw6ka+pLbPpvddLvqyR YLhg==
X-Received: by 10.224.25.139 with SMTP id z11mr44640634qab.17.1419725162998; Sat, 27 Dec 2014 16:06:02 -0800 (PST)
Received: from dave-laptop.localnet (pool-72-78-212-218.phlapa.fios.verizon.net. [72.78.212.218]) by mx.google.com with ESMTPSA id y10sm29523854qad.23.2014.12.27.16.06.02 (version=TLSv1 cipher=RC4-SHA bits=128/128); Sat, 27 Dec 2014 16:06:02 -0800 (PST)
From: Dave Garrett <davemgarrett@gmail.com>
To: Brian Smith <brian@briansmith.org>
Date: Sat, 27 Dec 2014 19:06:00 -0500
User-Agent: KMail/1.13.5 (Linux/2.6.32-66-generic-pae; KDE/4.4.5; i686; ; )
References: <201412221945.35644.davemgarrett@gmail.com> <38DB9255-0F1B-40BC-A36B-D0241BE65E40@gmail.com> <CAFewVt6mZfOzZWSTMBGSPkUZEF377mv7NLss1rQxdGJD0hQ8ww@mail.gmail.com>
In-Reply-To: <CAFewVt6mZfOzZWSTMBGSPkUZEF377mv7NLss1rQxdGJD0hQ8ww@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <201412271906.00820.davemgarrett@gmail.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/NTw1CZddN5esinTHb2YMS_oR-bA
X-Mailman-Approved-At: Mon, 29 Dec 2014 09:10:39 -0800
Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] drop obsolete SSL 2 backwards compatibility from TLS 1.3 draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Dec 2014 00:06:06 -0000

On Saturday, December 27, 2014 06:37:08 pm Brian Smith wrote:
> if the server is allowed to support TLS 1.0, then it should seems
> reasonable for it to negotiate TLS 1.0 with a client that sent an
> SSL2-compatible TLS 1.0 ClientHello.

TLS 1.0 is perfectly capable of negotiating using the proper hello. The fact 
that some clients are EOL and might not do connect in a way that will work 
forever is not something worth worrying about. I don't think it's unreasonable 
to expect that 20 years later the "new" hello format should be mandatory.

Let's stop and think about this for a moment. We're discussing a message format 
from a two decade old protocol, generally considered to be woefully insecure and 
unfit for any use. It has been listed in the "backwards compatibility" section 
since SSL3 in 1996. The following has been in there for 19 years:

"Warning: The ability to send version 2.0 client hello messages will
be phased out with all due haste. Implementers should make every
effort to move forward as quickly as possible."

SSL2 messages should not be tolerated at this point if we want TLS 1.3 to be 
considered a specification for a modern security protocol implementation.

> However, I think it is fine to
> say that the server MUST NOT implement support for the SSL2 protocol.
> And, it is fine to say that all TLS clients MUST NOT use
> SSL2-compatible ClientHellos, since they wouldn't be able to add
> extensions if they did.

That is already agreed upon via RFC 6176.

https://tools.ietf.org/html/rfc6176


Dave

v2.23.0 | Report a Bug | By Email