IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00

Bodo Moeller <bmoeller@acm.org> Wed, 15 October 2014 12:02 UTC

Return-Path: <SRS0=qaHA=7G=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE2AE1A1B65 for <tls@ietfa.amsl.com>; Wed, 15 Oct 2014 05:02:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.938
X-Spam-Level:
X-Spam-Status: No, score=-0.938 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vktTmXASplzo for <tls@ietfa.amsl.com>; Wed, 15 Oct 2014 05:02:26 -0700 (PDT)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.131]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34D411A1B68 for <tls@ietf.org>; Wed, 15 Oct 2014 05:02:26 -0700 (PDT)
Received: from mail-yk0-f173.google.com (mail-yk0-f173.google.com [209.85.160.173]) by mrelayeu.kundenserver.de (node=mreue007) with ESMTP (Nemesis) id 0M6t73-1YQ2QK31C1-00wkeN; Wed, 15 Oct 2014 14:02:22 +0200
Received: by mail-yk0-f173.google.com with SMTP id 200so478748ykr.32 for <tls@ietf.org>; Wed, 15 Oct 2014 05:02:19 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.236.22.228 with SMTP id t64mr3355158yht.164.1413374539512; Wed, 15 Oct 2014 05:02:19 -0700 (PDT)
Received: by 10.170.194.15 with HTTP; Wed, 15 Oct 2014 05:02:19 -0700 (PDT)
In-Reply-To: <1413371037.15961.26.camel@dhcp-2-127.brq.redhat.com>
References: <2112FCAD-4820-49D9-9871-6501C83A554D@cisco.com> <543E2D81.1050700@redhat.com> <7F8CB03B-6882-41E7-9705-7126A8F2F44D@gmail.com> <1413371037.15961.26.camel@dhcp-2-127.brq.redhat.com>
Date: Wed, 15 Oct 2014 14:02:19 +0200
Message-ID: <CADMpkcJ85WXM5==n+bkYOi6D6Qus_n14XFeCp8mseQ=mFbc5_w@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="e89a8f642a985cc5dc050574e786"
X-Provags-ID: V02:K0:US4RBUtRK6vi+4pj5d7FygX/X2/J1gIWRCDn4BX1GI3 Hs4k+5HY5rflka+B0A8JRszxxjqf9k3unY+NYV2xQsyNl5e8KP VUjCtXdGDYub/6dyE9U/hpt9SjApUhFwquMYdqWBJBjJKi7PLb Sxq39KayTwID90dV8/j8p2hFrEaZOdnNFMB+00YeaTV5HXHQtq JSiSslb3U5jFkbqLU7F2LSiBrhAx1LLByen6SDa0AI2sRVvnqc x3mpcBcQ3foYrlMp57M06P/XU91aH6nrDEqBAlmn0N651Bzu87 bb6PtCZwqv8a0hkz4ZYf2nTi2XgUkPooj3jP87UdQ02GVuB3r/ 7oDXyaXRbMZuMUSw543a/1jGpjZPuznxOJAQT32phyFgnSAMYb 4/AT7dWcJuaDEec665i0VRR6dW2YKa5+V/MeIGA+7oI+O9Cpko 8HB/b
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/ObbjJ0ylhE-ecDholQKPYxNvxS0
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Oct 2014 12:02:28 -0000

Nikos Mavrogiannopoulos <nmav@redhat.com>:

In any case,
> I don't believe how adding support for this extension on every
> implementation (in order for the protection to matter) is easier than
> fixing the few broken servers that don't properly do version
> negotiation.


Getting *every* implementation updated certainly is not easier. The
difference is that you don't have to -- the SCSV can be used (and indeed
*has* successfully been used) to protect against potential attacks when
connecting to servers that have been updated, while still allowing clients
to have kludgey interoperability with broken servers if they'd rather have
(potentially lower-security) connections to those than no interoperability
at all. As you know, browser implementors have widely seen a need for this.

At the same time, I completely agree that the broken servers must be shut
down too; but it's not either-or.


I believe there is little point for this protocol
> extension, given that the work arounds for the applications that use
> non-standard version negotiation are very straightforward (disable SSL
> 3.0).


Note that the SCSV is not tied to a particular protocol version. Also, we
see the step of disabling SSL 3.0 taken as a concrete *response* (while
still allowing downgrades to any TLS versions that clients may be willing
to fall back to). The SCSV can be used to protect against downgrade attacks
in general, *preventively*.

So unless you disables all protocol versions below TLS 1.2 now, supporting
the SCSV has demonstrable advantages in protecting against potential
attacks.

Bodo

v2.23.0 | Report a Bug | By Email