IETF Logo Mail Archive

Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: Re: Working Group Last Call for draft-ietf-tls-downgrade-scsv-00)

Marsh Ray <maray@microsoft.com> Mon, 20 October 2014 23:28 UTC

Return-Path: <maray@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D10A1ACE1B for <tls@ietfa.amsl.com>; Mon, 20 Oct 2014 16:28:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wxhsT5zQOoO4 for <tls@ietfa.amsl.com>; Mon, 20 Oct 2014 16:28:26 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0785.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:785]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CEEDF1A88A6 for <tls@ietf.org>; Mon, 20 Oct 2014 16:28:25 -0700 (PDT)
Received: from BY2PR03MB554.namprd03.prod.outlook.com (10.141.141.156) by BY2PR03MB554.namprd03.prod.outlook.com (10.141.141.156) with Microsoft SMTP Server (TLS) id 15.0.1054.13; Mon, 20 Oct 2014 23:28:01 +0000
Received: from BY2PR03MB554.namprd03.prod.outlook.com ([10.141.141.156]) by BY2PR03MB554.namprd03.prod.outlook.com ([10.141.141.156]) with mapi id 15.00.1054.004; Mon, 20 Oct 2014 23:28:01 +0000
From: Marsh Ray <maray@microsoft.com>
To: Bodo Moeller <bmoeller@acm.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] The TLS_FALLBACK_SCSV time bomb (was: Re: Working Group Last Call for draft-ietf-tls-downgrade-scsv-00)
Thread-Index: AQHP6g/w1BhRgIoKW0S6M5mRt7fur5w0TqsAgABoBICAAAjbgIABAWmAgAB5PtGAA15CAIAABBWAgAAH56A=
Date: Mon, 20 Oct 2014 23:28:01 +0000
Message-ID: <53b46263e14c4148b779cb3e9c57d02c@BY2PR03MB554.namprd03.prod.outlook.com>
References: <2112FCAD-4820-49D9-9871-6501C83A554D@cisco.com> <543F9893.806@redhat.com> <543FA0A0.1030205@polarssl.org> <543FCAED.50502@redhat.com> <2A0EFB9C05D0164E98F19BB0AF3708C71D39ECECB4@USMBX1.msg.corp.akamai.com> <5440E005.6000607@redhat.com> <180027849.13041583.1413544466157.JavaMail.zimbra@redhat.com> <CADMpkcL2mntDd0dOruziqF0F=xURnqGgd_YkpF+ONzz8v-wQ9Q@mail.gmail.com> <1354095824.13104897.1413553221955.JavaMail.zimbra@redhat.com> <CADMpkcLRCsfQSr0=f97kXJw3RwHN5A79MYQ2j7XaxPxUy2MCLg@mail.gmail.com> <CABkgnnUBYtWUY-CZDDzFiDpMWYbca74o6kejh2Q3L+FHVaHoOA@mail.gmail.com> <d8ce6c7437404bcbbea3a17e5c0b1582@BL2PR03MB419.namprd03.prod.outlook.com> <CADMpkcK4wCkLMU_Ga2fX3CWxXyU+D1Qgg1s77ttVq6LTo50XxA@mail.gmail.com> <loom.20141018T210052-775@post.gmane.org> <cd39914207d247008c0d054e71206efc@BL2PR03MB419.namprd03.prod.outlook.com> <CADMpkc+cC6WGZ8J-=exsjBnPPtvm0gs5_VaaSzKmjqXZyJNmug@mail.gmail.com>
In-Reply-To: <CADMpkc+cC6WGZ8J-=exsjBnPPtvm0gs5_VaaSzKmjqXZyJNmug@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [2001:4898:80e8:ee31::3]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:BY2PR03MB554;
x-forefront-prvs: 03706074BC
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(6009001)(199003)(189002)(50986999)(76176999)(54356999)(93886004)(85306004)(86362001)(86612001)(46102003)(80022003)(64706001)(20776003)(16236675004)(95666004)(33646002)(230783001)(99396003)(76576001)(107886001)(74316001)(107046002)(106356001)(105586002)(120916001)(92566001)(99286002)(106116001)(108616004)(76482002)(15202345003)(40100003)(122556002)(2656002)(85852003)(101416001)(97736003)(21056001)(19625215002)(87936001)(4396001)(19609705001)(31966008)(2501002)(19300405004)(15975445006)(19580405001)(19580395003)(24736002)(3826002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB554; H:BY2PR03MB554.namprd03.prod.outlook.com; FPR:; MLV:ovrnspm; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Content-Type: multipart/alternative; boundary="_000_53b46263e14c4148b779cb3e9c57d02cBY2PR03MB554namprd03pro_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/OSCPejM5u3biD6fa8QSpx3MFSyo
Subject: Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: Re: Working Group Last Call for draft-ietf-tls-downgrade-scsv-00)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Oct 2014 23:28:28 -0000

From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Bodo Moeller
> You should be able to get away without the actual renegotiation_info
> extension if you don't support renegotiation.

The thing with the renegotiation attack is the client doesn’t know in advance that the server is renegotiating.

If clients don’t send RI, the server can’t protect them from renegotiation attacks.

If servers don’t parse and respond with renegotiation info, then clients can’t know that they are secure from renegotiation attacks.

We eventually need to get to a day where clients and servers can actively refuse to talk today’s TLS versions without RI. Yeah, it will take a long time.

Basically, clients and servers opting out of RI today because they feel “it doesn’t affect me” are tomorrow’s “auto downgrade to SSLv3 because who needs TLS 1.0”.


-          Marsh

v2.23.0 | Report a Bug | By Email