IETF Logo Mail Archive

Re: [TLS] supported_versions question

Brian Smith <brian@briansmith.org> Mon, 31 October 2016 20:16 UTC

Return-Path: <brian@briansmith.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A91B129AEF for <tls@ietfa.amsl.com>; Mon, 31 Oct 2016 13:16:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=briansmith-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2raFy9uAiy6p for <tls@ietfa.amsl.com>; Mon, 31 Oct 2016 13:16:33 -0700 (PDT)
Received: from mail-yw0-x235.google.com (mail-yw0-x235.google.com [IPv6:2607:f8b0:4002:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6EC5129AF4 for <tls@ietf.org>; Mon, 31 Oct 2016 13:16:32 -0700 (PDT)
Received: by mail-yw0-x235.google.com with SMTP id l124so15450307ywb.3 for <tls@ietf.org>; Mon, 31 Oct 2016 13:16:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=briansmith-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=RGaLkhYrVCuiqkADPOVQKZPKfxH1VXO2/DpJlcFVEog=; b=QVpgliW5fFuLhRUylPe1EOUTHKyoKu6cVdkLvuGdVLjOUU5WkctM0VK5jCY3ToQRzk qyff02LCmxubbnWE9hPtTCLMzE1gWeRnJ1QbXy9mX1ETNUczat2dtSs6rUiNhf3kuj1C VGrakZgcBr4mq6dg7qFJe0qfSP1nD+H5AQjHZNHE0TaLx7a4MK1jW5NQ8/Ud2yP3WCw6 aQn3NY5cxSeBQw41AFyJEz6txyXm4doaHsVMT2YWpKw61VAesue4bohN6RrV+9ywixlu XqZzhhxSgrfgX2yS1xFbUHarsGcHPgrvhZ9Ik1pDv3gtYyTZ/Uc5mLsue1fAew2fut19 jATQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=RGaLkhYrVCuiqkADPOVQKZPKfxH1VXO2/DpJlcFVEog=; b=GSEEs0JGRDqTFQVZkoyvlgR1WKaaaAjEJQsdoeFzPu/3ZsJSRzH+7llq7eBVxjVhi0 XgXc0O0r1QSylrWrY8zp9PXoFinjjjp/aG9Utq02tuhQ+WfWD9yNTHU7Jm1gqlG+BMSB XR9RD9VQrqTcvI+jdWGh+uD+So6Afm5w3IcT9tx5edWnDoci3TfKVaGNGJx9W4kh5gHD iPLPMmHHmCXq8VQSTPKjD4Ui2W5RkU1wk1kr8hE9JcUXOg9fACgWjje5ukRyXSyPJUHq yhR++AAQ7ia6nAaF/Q8uZuxTITma8WL/NLwuKSGaP1OyIaXBPGkCG8JuEBRirVL5LtWK I1TQ==
X-Gm-Message-State: ABUngvfE/X2VpqH0vambUtg0meyMiGZkILDclnsr1DHGRuurUDNAqMlA2E9ll8Fl80eqD986gpykrd+ErkWOpw==
X-Received: by 10.36.118.203 with SMTP id z194mr9440036itb.87.1477944991906; Mon, 31 Oct 2016 13:16:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.36.85.83 with HTTP; Mon, 31 Oct 2016 13:16:31 -0700 (PDT)
In-Reply-To: <CAF8qwaCe89epMMzCA0BNfXWss9FWpDze8ScydufdoTNTNqmW1g@mail.gmail.com>
References: <CAMoSCWaVJy9f6NFy1Msc1_VSDxRFM2pruhecWb+22N4ct-t0+g@mail.gmail.com> <20161031185724.GA23357@LK-Perkele-V2.elisa-laajakaista.fi> <CAF8qwaCe89epMMzCA0BNfXWss9FWpDze8ScydufdoTNTNqmW1g@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
Date: Mon, 31 Oct 2016 10:16:31 -1000
Message-ID: <CAFewVt4MnVMvn=hxJqhy9xPCBizGaL7e_A=PqzK5cQTnPaBSRw@mail.gmail.com>
To: David Benjamin <davidben@google.com>
Content-Type: multipart/alternative; boundary="001a114410f63d99b805402ee252"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Pvsgiry8nyVEdcBSpO51C8DDrBw>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] supported_versions question
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2016 20:16:34 -0000

David Benjamin <davidben@google.com> wrote:

> Ilari Liusvaara <ilariliusvaara@welho.com> wrote:
>
>> The case where legacy_version < TLS1.2 IIRC isn't specified, but
>> ignoring legacy_version is reasonable in this case too.
>>
>
I imagine that there will be three common implementations for the case
where legacy_version < 1.2 and supported_versions is present:

1. The server ignores supported_versions. (Note that all TLS 1.0 and TLS
1.1 implementations will do this.)
2. The server ignores legacy_version and only looks at supported_versions.
3. The server drops the connection (maybe with an alert) because clients
shouldn't be doing that in the first place.


> We could say the versions extension only applies to 1.2 and up. I.e. don't
> bother advertising 1.1 and 1.0 as a client and servers ignore 1.1 and 1.0
> when they see them in the version list. That keeps the protocol deployable
> on the Internet as it exists, avoids having to evaluate [two] versioning
> schemes (if you see the extension, you don't bother reading legacy_version
> at all), while avoiding the weird behavior where, given this ClientHello:
>
>    legacy_version: TLS 1.2
>    supported_versions: {TLS 1.1}
>
> TLS 1.3 says to negotiate TLS 1.1 and TLS 1.2 says to negotiate TLS 1.2.
>

David's suggestion here is reasonable and good. It definitely would be
surprising and unwanted to allow supported_versions to negotiate anything
less than TLS 1.2, especially when legacy_version is TLS 1.2.

Cheers,
Brian
-- 
https://briansmith.org/

v2.30.2 | Report a Bug | By Email | System Status