IETF Logo Mail Archive

Re: [TLS] The TLS_FALLBACK_SCSV time bomb

Andrei Popov <Andrei.Popov@microsoft.com> Sat, 25 October 2014 22:05 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 414641A6EE4 for <tls@ietfa.amsl.com>; Sat, 25 Oct 2014 15:05:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pWrt3-YWu5U6 for <tls@ietfa.amsl.com>; Sat, 25 Oct 2014 15:05:18 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0126.outbound.protection.outlook.com [65.55.169.126]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 232421A1B2B for <tls@ietf.org>; Sat, 25 Oct 2014 15:05:17 -0700 (PDT)
Received: from BY2PR03MB427.namprd03.prod.outlook.com (10.141.141.146) by BY2PR03MB427.namprd03.prod.outlook.com (10.141.141.146) with Microsoft SMTP Server (TLS) id 15.1.6.9; Sat, 25 Oct 2014 22:05:15 +0000
Received: from BY2PR03MB427.namprd03.prod.outlook.com ([10.141.141.146]) by BY2PR03MB427.namprd03.prod.outlook.com ([10.141.141.146]) with mapi id 15.01.0006.000; Sat, 25 Oct 2014 22:05:15 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Florian Weimer <fw@deneb.enyo.de>
Thread-Topic: [TLS] The TLS_FALLBACK_SCSV time bomb
Thread-Index: AQHP8HZg9sDRYWQ6PES8iSXaCbS05JxBXHgQ
Date: Sat, 25 Oct 2014 22:05:14 +0000
Message-ID: <b47b8bfc8cc548debba4e7430e297dd6@BY2PR03MB427.namprd03.prod.outlook.com>
References: <2112FCAD-4820-49D9-9871-6501C83A554D@cisco.com> <543F9893.806@redhat.com> <543FA0A0.1030205@polarssl.org> <543FCAED.50502@redhat.com> <2A0EFB9C05D0164E98F19BB0AF3708C71D39ECECB4@USMBX1.msg.corp.akamai.com> <5440E005.6000607@redhat.com> <180027849.13041583.1413544466157.JavaMail.zimbra@redhat.com> <CADMpkcL2mntDd0dOruziqF0F=xURnqGgd_YkpF+ONzz8v-wQ9Q@mail.gmail.com> <1354095824.13104897.1413553221955.JavaMail.zimbra@redhat.com> <CADMpkcLRCsfQSr0=f97kXJw3RwHN5A79MYQ2j7XaxPxUy2MCLg@mail.gmail.com> <CABkgnnUBYtWUY-CZDDzFiDpMWYbca74o6kejh2Q3L+FHVaHoOA@mail.gmail.com> <d8ce6c7437404bcbbea3a17e5c0b1582@BL2PR03MB419.namprd03.prod.outlook.com> <CADMpkcK4wCkLMU_Ga2fX3CWxXyU+D1Qgg1s77ttVq6LTo50XxA@mail.gmail.com> <loom.20141018T210052-775@post.gmane.org> <cd39914207d247008c0d054e71206efc@BL2PR03MB419.namprd03.prod.outlook.com> <CADMpkc+cC6WGZ8J-=exsjBnPPtvm0gs5_VaaSzKmjqXZyJNmug@mail.gmail.com> <ad51b80ad13342f4989448f21ede2538@BL2PR03MB419.namprd03.prod.outlook.com> <87egtw84bc.fsf@mid.deneb.enyo.de>
In-Reply-To: <87egtw84bc.fsf@mid.deneb.enyo.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [50.46.236.51]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:BY2PR03MB427;
x-exchange-antispam-report-test: UriScan:;
x-forefront-prvs: 0375972289
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(189002)(199003)(377454003)(13464003)(74316001)(50986999)(54356999)(85306004)(106116001)(106356001)(19580395003)(19580405001)(93886004)(108616004)(76576001)(31966008)(122556002)(101416001)(40100003)(64706001)(76176999)(20776003)(86612001)(86362001)(76482002)(92566001)(99396003)(21056001)(120916001)(66066001)(4396001)(85852003)(2656002)(33646002)(87936001)(99286002)(107046002)(110136001)(95666004)(105586002)(97736003)(80022003)(46102003)(24736002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB427; H:BY2PR03MB427.namprd03.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/SotvKDPRgXdktdFatgSXSptEawc
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] The TLS_FALLBACK_SCSV time bomb
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Oct 2014 22:05:22 -0000

Yes, there is some truth in what you say. Downgrade-SCSV is a hack, but it will be hard/impossible to convince browser vendors to stop doing fallbacks. Perhaps that's because browsers compete on interoperability and connectivity, not security?

-----Original Message-----
From: Florian Weimer [mailto:fw@deneb.enyo.de] 
Sent: Saturday, October 25, 2014 10:09 AM
To: Andrei Popov
Cc: Bodo Moeller; tls@ietf.org
Subject: Re: [TLS] The TLS_FALLBACK_SCSV time bomb

* Andrei Popov:

> Yes, and you should be able to get away without Downgrade-SCSV if you 
> do not do fallbacks (which are not even part of the TLS protocol).

But you still have to patch servers to protect broken clients from their foolishness.  It doesn't matter that you don't do downgrades on the server side.  That's one reason why I think TLS_FALLBACK_SCSV is an embarrassment—it sanctifies the sinners, instead of forcing them to clean up their act.

v2.40.4 | Report a Bug | By Email | System Status