IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00

Brian Smith <brian@briansmith.org> Mon, 20 October 2014 17:33 UTC

Return-Path: <brian@briansmith.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8B791A87A1 for <tls@ietfa.amsl.com>; Mon, 20 Oct 2014 10:33:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8qr4BkXe0lSw for <tls@ietfa.amsl.com>; Mon, 20 Oct 2014 10:32:56 -0700 (PDT)
Received: from mail-ob0-f180.google.com (mail-ob0-f180.google.com [209.85.214.180]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E8151A02BE for <tls@ietf.org>; Mon, 20 Oct 2014 10:32:56 -0700 (PDT)
Received: by mail-ob0-f180.google.com with SMTP id va2so4209010obc.39 for <tls@ietf.org>; Mon, 20 Oct 2014 10:32:55 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=gJDIOKghzemomLmcmOM5/7nhENVuqUEO67jpJpaLS7o=; b=hrGtP/qPs3XjkoYQm847Bn5L1YdTmRSvz1ZB0QQsC7xWSpaCpRP7a5rvue7bbE+78O DieAfK0aQ/9DWdATZVpuLmJYlEVwp2AHtJY7RgBirwyjfLS39GmyTLRyMZOKZ8fkKepu GPsmTfPqmnO6ll7BaMu5Sy8kQzuk3iClg6MGUk8w4QqRvfFHlrkoivsyoValjxDoASIm fTdtaJKcC4B68Ge7V9uKjrbVuCQGeYdX3fJGKL7EGz5WvZr6ybQDNRXVGNUsF/A2UK7H syHhGcqHbjp9Ru+kwKfi1foc7p8tjgtm9DGSKzhzlkCuOZVlF8KTcSQkBjx4Z8MSFVYF RZsg==
X-Gm-Message-State: ALoCoQmFuUGI2Z0MtNjNCvpTYcOMiyr0bQSIMk1VfE5bsBgq/Yhozp4lDygCHH70IgxUgt/moNAw
MIME-Version: 1.0
X-Received: by 10.202.81.68 with SMTP id f65mr2966439oib.73.1413826375803; Mon, 20 Oct 2014 10:32:55 -0700 (PDT)
Received: by 10.76.93.9 with HTTP; Mon, 20 Oct 2014 10:32:55 -0700 (PDT)
In-Reply-To: <CADMpkcJkiGX3oyV6tmHgZoc1skPJOfoakxE37Tyspn3qvSSCMQ@mail.gmail.com>
References: <2112FCAD-4820-49D9-9871-6501C83A554D@cisco.com> <54450068.5020101@polarssl.org> <CADMpkcJkiGX3oyV6tmHgZoc1skPJOfoakxE37Tyspn3qvSSCMQ@mail.gmail.com>
Date: Mon, 20 Oct 2014 10:32:55 -0700
Message-ID: <CAFewVt5pptVSctVkqubTB=2WvFivNr+i2ivoRuw59Umay3aYiw@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
To: Bodo Moeller <bmoeller@acm.org>
Content-Type: multipart/alternative; boundary="001a113d7818e78de10505de1a1c"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/PIJkC0yFCzP6fmnBMmBLGMNzomU
Cc: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>, Manuel Pégourié-Gonnard <mpg@polarssl.org>, "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Oct 2014 17:33:01 -0000

On Mon, Oct 20, 2014 at 5:51 AM, Bodo Moeller <bmoeller@acm.org> wrote:

> Manuel Pégourié-Gonnard <mpg@polarssl.org>:
>
>> On 26/09/2014 06:00, Joseph Salowey (jsalowey) wrote:
>>
>
>
>> > This is an announcement for the working group last call for
>> > draft-ietf-tls-downgrade-scsv-00.  Please review the document and send
>> your
>> > comments to the list by Friday, October 17, 2014.
>>
>
>
>> Just to mention that I just implemented this. As expected (since it's one
>> of the
>> design goals of the draft), it was very easy.
>>
>> The only problem I ran into was an interop issue with OpenSSL, which
>> apparently
>> does not like it if the SCSV appears before the actual ciphersuites in the
>> ciphersuite list. If the intention of the draft was that the SCSV MUST be
>> placed
>> after the actual ciphersuites, it would be good to state so using
>> normative
>> language, rather than the current one which doesn't look normative:
>
>
> This is not meant to be normative -- it's a bug in OpenSSL's server-side
> code. [If ClientHello.cipher_suites includes TLS_FALLBACK_SCSV, all
> following cipher suites are ignored by the server. This will be fixed in
> the next release.]
>

For compatibility reasons, clients should put the renegotiation info and
TLS_FALLBACK_SCSV at the end of the cipher suite list, to avoid this bug
and similar bugs in other server software. This should be added to the
draft too.

Cheers,
Brian

v2.23.0 | Report a Bug | By Email