Re: [TLS] Fixing TLS

Ilari Liusvaara <ilariliusvaara@welho.com> Tue, 12 January 2016 18:23 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13BD71A1A96 for <tls@ietfa.amsl.com>; Tue, 12 Jan 2016 10:23:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K4jkVV0DDnPA for <tls@ietfa.amsl.com>; Tue, 12 Jan 2016 10:23:09 -0800 (PST)
Received: from welho-filter2.welho.com (welho-filter2.welho.com [83.102.41.24]) by ietfa.amsl.com (Postfix) with ESMTP id 2C6641A1A6D for <tls@ietf.org>; Tue, 12 Jan 2016 10:23:08 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter2.welho.com (Postfix) with ESMTP id DF7FE5D6; Tue, 12 Jan 2016 20:23:06 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter2.welho.com [::ffff:83.102.41.24]) (amavisd-new, port 10024) with ESMTP id KD6rO9Ua94Ej; Tue, 12 Jan 2016 20:23:06 +0200 (EET)
Received: from LK-Perkele-V2 (87-92-35-116.bb.dnainternet.fi [87.92.35.116]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 9606B287; Tue, 12 Jan 2016 20:23:06 +0200 (EET)
Date: Tue, 12 Jan 2016 20:23:03 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Eric Rescorla <ekr@rtfm.com>
Message-ID: <20160112182303.GA16894@LK-Perkele-V2.elisa-laajakaista.fi>
References: <9A043F3CF02CD34C8E74AC1594475C73F4BC6849@uxcn10-5.UoA.auckland.ac.nz> <20160112171706.GA16749@LK-Perkele-V2.elisa-laajakaista.fi> <CABcZeBNKdWzWH78KVshPAt0J1Sj3sWEi-UQX0=nCpLNWnCkxUg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CABcZeBNKdWzWH78KVshPAt0J1Sj3sWEi-UQX0=nCpLNWnCkxUg@mail.gmail.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: ilariliusvaara@welho.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/TcnfpgwqI0_4vMmXeW1wT7k1_xk>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Fixing TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jan 2016 18:23:11 -0000

On Tue, Jan 12, 2016 at 09:41:26AM -0800, Eric Rescorla wrote:
> On Tue, Jan 12, 2016 at 9:17 AM, Ilari Liusvaara <ilariliusvaara@welho.com>;
> wrote:
> >
> > DHE has serious problems. While the present TLS 1.3 way of doing DHE
> > isn't totally horrible, advertise DHE and you can get downnegotiation to
> > TLS 1.2 DHE, and now you are screwed.
> >
> 
> Nit: this shouldn't be possible with the anti-downgrade mechanism that was
> introduced
> in draft-11 because the server's signature will cover the random value. If
> you area
> aware of an issue here, I would appreciate more information.

Won't help here, since the server just doesn't support TLS 1.3. The
issue isn't that TLS 1.2 was negotiated, it is that the client is now
faced with old-style DHE.



-Ilari