IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00

Bodo Moeller <bmoeller@acm.org> Wed, 15 October 2014 16:52 UTC

Return-Path: <SRS0=qaHA=7G=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4991A1A1B96 for <tls@ietfa.amsl.com>; Wed, 15 Oct 2014 09:52:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.938
X-Spam-Level:
X-Spam-Status: No, score=-0.938 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GSfB4viOMnQI for <tls@ietfa.amsl.com>; Wed, 15 Oct 2014 09:52:21 -0700 (PDT)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.187]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51CE61A1B6D for <tls@ietf.org>; Wed, 15 Oct 2014 09:52:21 -0700 (PDT)
Received: from mail-yh0-f44.google.com (mail-yh0-f44.google.com [209.85.213.44]) by mrelayeu.kundenserver.de (node=mreue005) with ESMTP (Nemesis) id 0Mg2TZ-1Xqu7r2w69-00NPKF; Wed, 15 Oct 2014 18:52:19 +0200
Received: by mail-yh0-f44.google.com with SMTP id i57so782332yha.3 for <tls@ietf.org>; Wed, 15 Oct 2014 09:52:17 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.236.110.35 with SMTP id t23mr15720592yhg.126.1413391937437; Wed, 15 Oct 2014 09:52:17 -0700 (PDT)
Received: by 10.170.194.15 with HTTP; Wed, 15 Oct 2014 09:52:17 -0700 (PDT)
Received: by 10.170.194.15 with HTTP; Wed, 15 Oct 2014 09:52:17 -0700 (PDT)
In-Reply-To: <543E8F4F.5070902@redhat.com>
References: <2112FCAD-4820-49D9-9871-6501C83A554D@cisco.com> <543E2D81.1050700@redhat.com> <7F8CB03B-6882-41E7-9705-7126A8F2F44D@gmail.com> <CADMpkcJLrQEtiUGi9B7ZS5402cXTBvvThL9-YwUUhncaXQaVsA@mail.gmail.com> <543E8F4F.5070902@redhat.com>
Date: Wed, 15 Oct 2014 18:52:17 +0200
Message-ID: <CADMpkc+SKKDJgOBTyf6M7jNpvG81WMW8TuLaGNmXpp4vdhE+hw@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: Florian Weimer <fweimer@redhat.com>
Content-Type: multipart/alternative; boundary="001a1133358a5c0511050578f45f"
X-Provags-ID: V02:K0:uG79vEailCprp0pY4D7q/mmleUg03DOOJ0kD9hy1xLF cJptbt15cG/W8ypDj0jkluRZJ2Mu3xP/oLpxpMwZQBM4xqKUcy bSvEjomf8J8vEIGTz/Z+NuNK9bb+XyTYA6AmzdXRkntilc1HaS 8vjWn0fXTq3YhkxJL93iZVQvM2QvazhwzKsp3G1CtjgiWaOjY1 dIXRvLPkPkSsOt/DVxaeLDZh7VTQLMDDslDMJ90GgnfvMiEh3I 6HA0vwXRQ6Q5y7i49PQVBrKxoHWJsPonwygDr6ZFiacZxPop2I x/pnS/YpW89ab40aH1DTHyjnsCxJrLCvLwAwF9WSgO1bJIz+Gz VAHl4tpqat6bis9y5m/YoSJJujRiz4itLr891bA7Lbd5KIX4pN YNEwaRq0YFegmCJpcUsZ4x3YVWyI0sO5RUL1JT1tqNYZMqe0CY XspiM
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/TvKEnbDixr0jLGeJ82LxJQBEvV8
Cc: tls@ietf.org
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Oct 2014 16:52:24 -0000

"Florian Weimer" <fweimer@redhat.com>:
> On 10/15/2014 11:22 AM, Bodo Moeller wrote:

>> Note that if your server does not support formally obsolete protocol
>> versions, TLS_FALLBACK_SCSV support is a no-op.

> No, only if you support exactly a single TLS version.  Then the presence
of TLS_FALLBACK_SCSV support in the server code is indeed unobservable.

I was teasing. So far at least, every new protocol version has formally
obsoleted the previous version, so we've only ever had a single
non-deprecated TLS version.

Real life, necessarily, is a different matter; that's the real point I
wanted to make.

>> Otherwise, you're making real-world tradeoffs, and I think
>> TLS_FALLBACK_SCSV is a reasonable one to make (with minimal server-side
>> logic to achieve the objective), not "punishment".

> It's still punishes those who are responsible netizens and can update
their servers—simply because they have to apply an update.  Their client
base doesn't even directly benefit from that, it's just to enable their
clients to preserve their own brokeness, so that they can continue to
connect to broken servers that may or may not be out there.

This is right, but I don't consider it "punishment". (And in practice,
you'll have to apply occasional  implementation bugfix updates anyway, and
the protocol change may not pose any extra effort.)

> Meanwhile, those who operate TLS-version-intolerant servers have to
do—nothing.

If you insist on "punishment", the very least happening to them is an
increased rate of incoming connections, and increased latency for their
users. There are no technical means to force them to address that if they
don't care about their users, but in that case, what could you do?

Bodo

Bodo

v2.23.0 | Report a Bug | By Email