Re: [TLS] Proposed text for removing renegotiation
Andrei Popov <Andrei.Popov@microsoft.com> Wed, 11 June 2014 19:41 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 596FF1B289D for <tls@ietfa.amsl.com>; Wed, 11 Jun 2014 12:41:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M3k0tnjDbKHY for <tls@ietfa.amsl.com>; Wed, 11 Jun 2014 12:41:55 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0235.outbound.protection.outlook.com [207.46.163.235]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CD8F1B289B for <tls@ietf.org>; Wed, 11 Jun 2014 12:41:55 -0700 (PDT)
Received: from BL2PR03MB419.namprd03.prod.outlook.com (10.141.92.18) by BL2PR03MB420.namprd03.prod.outlook.com (10.141.92.25) with Microsoft SMTP Server (TLS) id 15.0.959.24; Wed, 11 Jun 2014 19:41:54 +0000
Received: from BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) by BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) with mapi id 15.00.0954.000; Wed, 11 Jun 2014 19:41:54 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Nikos Mavrogiannopoulos <nmav@redhat.com>, "Salz, Rich" <rsalz@akamai.com>
Thread-Topic: [TLS] Proposed text for removing renegotiation
Thread-Index: AQHPefQqRTsIIFK8gk6N5dkaAVUiXZtVJ/UAgAEX8YCADnobgIABFBgAgAALywCAApynAIAAs6aAgADrcICAAG31AIAAE8UAgAHOO2A=
Date: Wed, 11 Jun 2014 19:41:53 +0000
Message-ID: <ad8857ed5fc34593b6e9aac75fcb2fd4@BL2PR03MB419.namprd03.prod.outlook.com>
References: <CAFewVt65X1V6=A_HP_pcg=6nXNVFLxQmSsPB2rq1KvmGPRz+og@mail.gmail.com> <20140606223045.3B5AF1AD46@ld9781.wdf.sap.corp> <CACsn0cmcc6kXvOuqkZaDj7+QPdpY9qqQ58bs3s-JBGXdNJSZyw@mail.gmail.com> <CABcZeBPe45BM-uXd7DEBD_BBn=jhk8KkYB=facp+NMb2e4nBiw@mail.gmail.com> <1402299260.2427.2.camel@dhcp-2-127.brq.redhat.com> <CABkgnnX5+fXNDy1o7Pu60rp8vSx7XfKbt337e_q=+3fb8fXHJw@mail.gmail.com> <1402388399.2369.5.camel@dhcp-2-127.brq.redhat.com> <2A0EFB9C05D0164E98F19BB0AF3708C7130F43560C@USMBX1.msg.corp.akamai.com> <1402416258.11505.7.camel@dhcp-2-127.brq.redhat.com>
In-Reply-To: <1402416258.11505.7.camel@dhcp-2-127.brq.redhat.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:ed31::2]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:
x-forefront-prvs: 0239D46DB6
x-forefront-antispam-report: SFV:NSPM; SFS:(6009001)(428001)(377454003)(24454002)(199002)(189002)(377424004)(51704005)(13464003)(77096999)(79102001)(50986999)(54356999)(77982001)(76176999)(86612001)(76576001)(46102001)(87936001)(33646001)(2656002)(86362001)(21056001)(4396001)(92566001)(74316001)(81342001)(80022001)(15975445006)(83072002)(19580395003)(81542001)(19580405001)(83322001)(101416001)(99396002)(99286001)(31966008)(20776003)(76482001)(74502001)(74662001)(85852003)(64706001)(93886003)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:BL2PR03MB420; H:BL2PR03MB419.namprd03.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/UEWNMr1k16kDjcAw83jseQGa5K4
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Proposed text for removing renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jun 2014 19:41:57 -0000
In any case, the triple handshake vulnerability has to be fixed, at least in TLS1.2 and below. The same fix would likely apply to TLS1.3, so IMHO triple handshake does not necessitate the removal of renegotiation from TLS1.3. Cheers, Andrei -----Original Message----- From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Nikos Mavrogiannopoulos Sent: Tuesday, June 10, 2014 9:04 AM To: Salz, Rich Cc: tls@ietf.org Subject: Re: [TLS] Proposed text for removing renegotiation On Tue, 2014-06-10 at 10:53 -0400, Salz, Rich wrote: > > Could you please cite these security issues. In the 17 years of the protocol I have only seen one. > > Which one are you omitting -- Marsh's or triple-handshake? The triple handshake identified many issues in TLS but no issue in the renegotiation. Renegotiation cannot solve the protocol's vulnerability the triple handshake exploits. Nevertheless, you can see the importance of renegotiation in the triple handshake attack by checking the preconditions for the attack. The authors on their website clarify on the vulnerabilities they identified and quoting them for renegotiation: "During renegotiation, both the server and client certificates can change. This is allowed by TLS (and supported in its main implementations) but no definitive guidance is given to applications on how to deal with such changes". Mentioning the lack of application level guidance (for applications that need and make use of it) as a reason to drop renegotiation, is a bit far fetched. regards, Nikos _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Andy Lutomirski
- Re: [TLS] Proposed text for removing renegotiation Martin Rex
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Yoav Nir
- Re: [TLS] Proposed text for removing renegotiation Yoav Nir
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Daniel Kahn Gillmor
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Andy Lutomirski
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Geoffrey Keating
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Hubert Kario
- Re: [TLS] Proposed text for removing renegotiation Brian Sniffen
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Hubert Kario
- Re: [TLS] Proposed text for removing renegotiation James Cloos
- Re: [TLS] Proposed text for removing renegotiation Hubert Kario
- Re: [TLS] Proposed text for removing renegotiation James Cloos
- Re: [TLS] Proposed text for removing renegotiation Martin Rex
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Andrei Popov
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Kemp, David P.
- Re: [TLS] Proposed text for removing renegotiation Andrei Popov
- Re: [TLS] Proposed text for removing renegotiation Andrei Popov
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Andrei Popov
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Kemp, David P.
- Re: [TLS] Proposed text for removing renegotiation David Holmes
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Paul Hoffman
- Re: [TLS] Proposed text for removing renegotiation Yoav Nir
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation David Holmes
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation David Holmes
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Steve Checkoway
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Daniel Kahn Gillmor
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Kemp, David P.
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation henry.story@bblfish.net
- Re: [TLS] Proposed text for removing renegotiation henry.story@bblfish.net