Re: [TLS] One approach to rollback protection
Martin Rex <mrex@sap.com> Tue, 27 September 2011 00:45 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40F591F0CAB for <tls@ietfa.amsl.com>; Mon, 26 Sep 2011 17:45:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.055
X-Spam-Level:
X-Spam-Status: No, score=-10.055 tagged_above=-999 required=5 tests=[AWL=0.194, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DEqlQSBeF0Dm for <tls@ietfa.amsl.com>; Mon, 26 Sep 2011 17:45:20 -0700 (PDT)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by ietfa.amsl.com (Postfix) with ESMTP id 880481F0C86 for <tls@ietf.org>; Mon, 26 Sep 2011 17:45:20 -0700 (PDT)
Received: from mail.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id p8R0m4dv003290 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 27 Sep 2011 02:48:04 +0200 (MEST)
From: Martin Rex <mrex@sap.com>
Message-Id: <201109270048.p8R0m3pJ013743@fs4113.wdf.sap.corp>
To: ekr@rtfm.com
Date: Tue, 27 Sep 2011 02:48:03 +0200
In-Reply-To: <CABcZeBNvASxnr1uzkP38_T2A0foYVUnz6UQhK8kH1yO=b8qLOw@mail.gmail.com> from "Eric Rescorla" at Sep 26, 11 05:28:07 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] One approach to rollback protection
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2011 00:45:21 -0000
Eric Rescorla wrote: > > Hmm... What's the advantage of something this complicated/expressive, > especially given that there is no way to currently express > "I speak TLS 1.2 but not 1.0"? I know that with "current TLS version negotiation" it is not possible to convey the exact protocol version that a clients supports or may want to talk. The issue with the original scheme is, that in order to offer TLSv1.2, you MUST (de facto) implement *ALL* prior protocol versions. But that currently means that you have to take all existing specs, put them side-by-side and work out the diffs yourself, because successors specs don't show the PDUs and semantics of previous protocol versions side-by-side. > > My objective here isn't to replace the TLS version negotiation mechanism > but merely to remove the downgrade attack problem. If we get that right, > and there is WG interest in revamping the version system, we can do that at > some other time. I don't think that revising the TLS version negotiation yet another time is a sensible idea. If we do it at all, make it right this time. It is really much more important to do the interop testing before implementations of this are shipped, than making it the most simplistic change possible in order to obtain a protected negotiation. -Martin
- [TLS] One approach to rollback protection Eric Rescorla
- Re: [TLS] One approach to rollback protection Eric Rescorla
- Re: [TLS] One approach to rollback protection Nico Williams
- Re: [TLS] One approach to rollback protection Martin Rex
- Re: [TLS] One approach to rollback protection Eric Rescorla
- Re: [TLS] One approach to rollback protection Martin Rex
- Re: [TLS] One approach to rollback protection Eric Rescorla
- Re: [TLS] One approach to rollback protection Martin Rex
- Re: [TLS] One approach to rollback protection Adam Langley
- Re: [TLS] One approach to rollback protection Eric Rescorla
- Re: [TLS] One approach to rollback protection Eric Rescorla
- Re: [TLS] One approach to rollback protection Martin Rex
- Re: [TLS] One approach to rollback protection Martin Rex
- Re: [TLS] One approach to rollback protection Adam Langley
- Re: [TLS] One approach to rollback protection Marsh Ray
- Re: [TLS] One approach to rollback protection Juho Vähä-Herttua
- Re: [TLS] One approach to rollback protection Nikos Mavrogiannopoulos
- Re: [TLS] One approach to rollback protection Yoav Nir
- Re: [TLS] One approach to rollback protection Dan Winship
- Re: [TLS] One approach to rollback protection Nikos Mavrogiannopoulos
- Re: [TLS] One approach to rollback protection Badra
- Re: [TLS] One approach to rollback protection Matt McCutchen
- Re: [TLS] One approach to rollback protection Martin Rex
- Re: [TLS] One approach to rollback protection Yngve N. Pettersen
- Re: [TLS] One approach to rollback protection Martin Rex
- Re: [TLS] One approach to rollback protection Martin Rex
- Re: [TLS] One approach to rollback protection Nikos Mavrogiannopoulos
- Re: [TLS] One approach to rollback protection Martin Rex