Re: [TLS] Updated draft

Michael D'Errico <> Fri, 18 December 2009 19:24 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A215C3A6890 for <>; Fri, 18 Dec 2009 11:24:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.532
X-Spam-Status: No, score=-3.532 tagged_above=-999 required=5 tests=[AWL=1.067, BAYES_00=-2.599, GB_I_INVITATION=-2]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 2DUuna1Vi-cI for <>; Fri, 18 Dec 2009 11:24:16 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 2E6833A6ABF for <>; Fri, 18 Dec 2009 11:24:16 -0800 (PST)
Received: from (unknown []) by (Postfix) with ESMTP id E64EAA8588 for <>; Fri, 18 Dec 2009 14:24:00 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=4zgqQCJiltlR PKui7YVWrPQDNAc=; b=IHwojz6wQxacoI6g/d4vHgd4oa0pwzgKtHkNdV8SVuBk qrFeYNGWpJQ2CDMHgOiWbvYUu+tE96Wxx56/MHgX4S9lfOctc+9/q82z1jJnQ6k0 wQ5VPDcgyOGIVhMGFwWvBed2aiERJ6WA9CAh5awMFV5ruInEMcVg9mgRZ2+F5e4=
DomainKey-Signature: a=rsa-sha1; c=nofws;; h=message-id:date :from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=NIwlXN P0X6T2Bx7VnYRP4ghO+l1lhlRiSK5gzQ41S4EpHjhLnewuCdVRHzOJVMAakPq5W+ Y4ozrR2RFku35jPdGNNAISzhlI4Kh2VYXiv5JV0l4pfSiuerOz/zTvs8ATl6MtpP rNS+I9xvaEwpjd5B1E0x2Q6SBqpDJeamukg0Y=
Received: from (unknown []) by (Postfix) with ESMTP id E2468A8587 for <>; Fri, 18 Dec 2009 14:24:00 -0500 (EST)
Received: from administrators-macbook-pro.local (unknown []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 5DEE3A8586 for <>; Fri, 18 Dec 2009 14:24:00 -0500 (EST)
Message-ID: <>
Date: Fri, 18 Dec 2009 11:25:49 -0800
From: Michael D'Errico <>
User-Agent: Thunderbird (Macintosh/20090812)
MIME-Version: 1.0
To: TLS Mailing List <>
References: <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: E5518922-EC0A-11DE-9F3D-B34DBBB5EC2E-38729857!
Subject: Re: [TLS] Updated draft
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 18 Dec 2009 19:24:18 -0000

A limousine pulls up in front of a busy nightclub in LA.  A well-dressed
couple emerge and approach the entrance.  The bouncer greets them with a
smile and says, "you two arrived in a Swanky Comfortable Stretch Vehicle;
you must be very important, so please go right on in."

Later, a beat-up Buick with one headlight out pulls up in front of the
club.  After tipping the valet, the driver approaches the entrance to the
bar.  The bouncer puffs his chest and stops the man from entering.  "Where
do you think you're going?" he asks.  The man pulls something out of his
pocket and shows it to the bouncer.  "Oh, you have an invitation to the
party; you must be Really Important, my apologies."

Soon another limousine arrives and a Hollywood starlet gets out.  When she
reaches the bouncer, she hands him her invitation to the party.  "Here you
are, darling -- my invitation."  "I'm sorry, but I can't let you in,"
replies the bouncer, "you are apparently Really Important, but you arrived
in a Swanky Comfortable Stretch Vehicle, so I can't let you in."  "Of all
the.... I demand to speak to your manager, what is your name?"  "My name
is Xor, madam.  May I suggest you ditch the limo and come back in a less-
fancy car?  We'll reconnect then, and I'll let you in."


Marsh Ray wrote:
> Robert Dugal wrote:
>> Oops, you're right. I misstated what I'd like the draft to allow. 
>> What I'd like is the option to always send the SCSV in the
>> ClientHello and on renegotiation requests send the SCSV + RI
>> extension in the ClientHello.
> That certainly sounds like a reasonably minor change to make...but it isn't.
> I don't recall seeing anyone propose wording changes that would allow
> such behavior, except in the context of the other proposals which are
> fundamentally different in that they modify the inputs to the PRF. It's
> possible that some concrete wording was suggested and is in one of the
> 1340 emails in my TLS folder.
> Currently, the SCSV achieves its primary objective with a very simple
> definition. It has "exactly the same semantics as an empty
> 'renegotiation_info' extension".
> IMHO, proponents of other semantics for SCSV should be able to produce
> an equally straightforward description of what they are, or show
> something truly magical to justify complicating the description. Saving
> an 'if' statement somewhere, partially fixing a multiply-broken
> scenario, or avoiding extensions handling in some non-general case don't
> sound like they justify the extra complexity.
> Personally, I'd prefer that we don't propose (and re-propose) design
> features at this point. We have to ship a fix for this open security
> vulnerability, and I think the current design is squarely in the "good
> enough" department. I.e. it fixes the problem and doesn't make anything
> else significantly worse.
> If anyone sees a security flaw or attack against a correct
> implementation of draft-ietf-tls-renegotiation-02, please please speak up.
> - Marsh