Re: [TLS] Metadiscussion on changes in draft-ietf-tls-renegotiation
Martin Rex <mrex@sap.com> Thu, 28 January 2010 14:37 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 76A253A67AC; Thu, 28 Jan 2010 06:37:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.249
X-Spam-Level:
X-Spam-Status: No, score=-10.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JzVEo1xaedOE; Thu, 28 Jan 2010 06:37:10 -0800 (PST)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.171]) by core3.amsl.com (Postfix) with ESMTP id D38D63A68E3; Thu, 28 Jan 2010 06:37:09 -0800 (PST)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id o0SEbPfj003515 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 28 Jan 2010 15:37:26 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <201001281437.o0SEbOG9014103@fs4113.wdf.sap.corp>
To: Pasi.Eronen@nokia.com
Date: Thu, 28 Jan 2010 15:37:24 +0100
In-Reply-To: <808FD6E27AD4884E94820BC333B2DB7758411DE69C@NOK-EUMSG-01.mgdnok.nokia.com> from "Pasi.Eronen@nokia.com" at Jan 28, 10 11:22:54 am
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal06
X-SAP: out
Cc: ietf@ietf.org, tls@ietf.org
Subject: Re: [TLS] Metadiscussion on changes in draft-ietf-tls-renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2010 14:37:11 -0000
Pasi.Eronen@nokia.com wrote: > > Martin Rex wrote: > > > I have never seen an IETF AD fight so passionately for the > > addition of rfc-2119-violating and unreasonable imperatives into > > a document such as Pasi is doing it now. > > "Now"? "Addition"? > > I would like to remind you that version -01 of the document also > very clearly prohibited sending the SCSV in secure renegotiation > ClientHello, and also used upper-case RFC 2119 keywords in that text. It could be that we are refering to different versions of -01, the one on tools.ietf.org doesn't have a MUST NOT send, and in particular, it does not have a MUST abort when received. If you think that there an implied MUST NOT in there -- I can see explicit MUSTs to the contrary in -01 and more so in -02! What to send on renegotiations has been returned to the WG as a discussion item, and that is also reflected by a pair of [TODO:] items in the document. -01 also has the following: 5. Requirements for Sending and Receiving TLS clients which support this draft MUST generate either the "renegotiation_info" extension or the TLS_RENEGO_PROTECTION_REQUEST cipher suite with every ClientHello. which is _NOT_ limited to *initial* ClientHellos. and -02 goes even further: 5. Requirements for Sending and Receiving TLS clients which support this specification MUST generate either the "renegotiation_info" extension or the TLS_RENEGO_PROTECTION_REQUEST SCSV with every ClientHello, including ClientHellos where session resumption is being offered. TLS servers MUST support both the "renegotiation_info" extension and the TLS_RENEGO_PROTECTION_REQUEST SCSV. TLS servers which support this specification MUST generate the "renegotiation_info" extension in the ServerHello in response to any client which offers either "renegotiation_info" or TLS_RENEGO_PROTECTION_REQUEST in the ClientHello. These are all of the MUST & MUST NOTs in -01 on tools.ietf.org: Upon receipt of the "renegotiation_info" extension, both client and server implementations which support the extension MUST verify that it contains the correct contents as specified above. If the contents are incorrect, then it MUST generate a fatal "handshake_failure" alert and terminate the connection. Servers MUST treat receipt of TLS_RENEGO_PROTECTION_REQUEST exactly as if the client had sent an empty "renegotiation_info" extension and respond with their own "renegotiation_info" extension. TLS implementations MUST continue to comply with 7.4.1.4 for all other extensions. Servers MUST NOT select this cipher suite in any handshake, as it does not correspond to any valid set of algorithms. Clients which do support renegotiation MUST implement Section 3 as well. TLS servers which support this draft MUST generate the "renegotiation_info" extension in the ServerHello in response to any client which offers either "renegotiation_info" or TLS_RENEGO_PROTECTION_REQUEST in the ClientHello. Existing implementations which do not support this extension are widely deployed and in general must interoperate with newer implementations which do support it. If clients wish to ensure that such attacks are impossible, they MUST terminate the connection immediately upon failure to receive the extension without completing the handshake. If servers wish to ensure that such attacks are impossible they MUST NOT allow clients who do not offer the "renegotiation_info" extension to renegotiate with them By default, TLS implementations conforming to this document MUST verify that once the peer has been identified and authenticated within the TLS handshake, the identity does not change on subsequent renegotiations. For certificate based cipher suites, this means bitwise equality of the end-entity certificate. If the other end attempts to authenticate with a different identity, the renegotiation MUST fail. If the server_name extension is used, it MUST NOT change when doing renegotiation. -Martin
- Re: [TLS] Confirming consensus about one Martin Rex
- Re: [TLS] Chatter on consensus Martin Rex
- [TLS] Confirming consensus about one draft-ietf-t… Pasi.Eronen
- Re: [TLS] Confirming consensus about one draft-ie… Robert Dugal
- Re: [TLS] Confirming consensus about one draft-ie… Dr Stephen Henson
- Re: [TLS] Confirming consensus about one draft-ie… Kemp, David P.
- Re: [TLS] Confirming consensus about one draft-ie… Paul Hoffman
- Re: [TLS] Confirming consensus about one draft-ie… Michael D'Errico
- Re: [TLS] Confirming consensus about one draft-ie… Rex, Martin
- Re: [TLS] Confirming consensus about one draft-ie… Joseph Salowey (jsalowey)
- Re: [TLS] Confirming consensus about one draft-ie… Martin Rex
- [TLS] Metadiscussion on changes in draft-ietf-tls… Paul Hoffman
- Re: [TLS] Confirming consensus about one draft-ie… Marsh Ray
- Re: [TLS] Metadiscussion on changes in draft-ietf… Martin Rex
- Re: [TLS] Confirming consensus about one draft-ie… Hovav Shacham
- Re: [TLS] Confirming consensus about one Martin Rex
- Re: [TLS] Confirming consensus about one Kemp, David P.
- Re: [TLS] Confirming consensus about one draft-ie… Nikos Mavrogiannopoulos
- Re: [TLS] Confirming consensus about one Yoav Nir
- Re: [TLS] Confirming consensus about one draft-ie… Yngve Nysaeter Pettersen
- [TLS] Chatter on consensus Kemp, David P.
- Re: [TLS] Chatter on consensus Martin Rex
- Re: [TLS] Confirming consensus about one Martin Rex
- Re: [TLS] Confirming consensus about one Nelson B Bolyard
- Re: [TLS] Confirming consensus about one Martin Rex
- Re: [TLS] Metadiscussion on changes in draft-ietf… Bob Braden
- Re: [TLS] Confirming consensus about one Michael D'Errico
- Re: [TLS] Chatter on consensus Kemp, David P.
- Re: [TLS] Confirming consensus about one Marsh Ray
- Re: [TLS] Confirming consensus about one draft-ie… Robert Relyea
- Re: [TLS] Metadiscussion on changes in draft-ietf… Martin Rex
- Re: [TLS] Metadiscussion on changes in draft-ietf… Paul Hoffman
- [TLS] interoperability and security guarantees [w… Daniel Kahn Gillmor
- Re: [TLS] Chatter on consensus Kemp, David P.
- Re: [TLS] Chatter on consensus Michael D'Errico
- Re: [TLS] Chatter on consensus Martin Rex
- Re: [TLS] Confirming consensus about one Yoav Nir
- Re: [TLS] Metadiscussion on changes in draft-ietf… Pasi.Eronen
- Re: [TLS] Metadiscussion on changes in draft-ietf… Martin Rex
- Re: [TLS] Chatter on consensus Kemp, David P.
- Re: [TLS] Confirming consensus about one Martin Rex
- Re: [TLS] Confirming consensus about one Martin Rex
- Re: [TLS] Chatter on consensus Nikos Mavrogiannopoulos
- Re: [TLS] Metadiscussion on changes in draft-ietf… Pasi.Eronen
- Re: [TLS] Metadiscussion on changes in draft-ietf… Martin Rex
- Re: [TLS] Confirming consensus about one draft-ie… Paul Hoffman
- Re: [TLS] Confirming consensus about one draft-ie… Martin Rex
- Re: [TLS] Chatter on consensus Martin Rex
- Re: [TLS] Confirming consensus about one draft-ie… Bill Frantz
- Re: [TLS] Confirming consensus about one draft-ie… tom.petch
- Re: [TLS] Confirming consensus about one draft-ie… Joseph Salowey (jsalowey)