Re: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv
Adam Langley <agl@google.com> Tue, 28 January 2014 01:52 UTC
Return-Path: <agl@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2383A1A03F9 for <tls@ietfa.amsl.com>; Mon, 27 Jan 2014 17:52:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.914
X-Spam-Level:
X-Spam-Status: No, score=-1.914 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UgTmL72dTxQh for <tls@ietfa.amsl.com>; Mon, 27 Jan 2014 17:52:45 -0800 (PST)
Received: from mail-oa0-x22f.google.com (mail-oa0-x22f.google.com [IPv6:2607:f8b0:4003:c02::22f]) by ietfa.amsl.com (Postfix) with ESMTP id C21D01A03F5 for <tls@ietf.org>; Mon, 27 Jan 2014 17:52:45 -0800 (PST)
Received: by mail-oa0-f47.google.com with SMTP id m1so7693226oag.34 for <tls@ietf.org>; Mon, 27 Jan 2014 17:52:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=+bnfYVZ1/VFtanq0t7271euPCXI7ZCPB4lK5a8sGddA=; b=GdhOcHUUEhJTPbt8vxscBKidG4NaNrSjQfPvwUctgBab3t1F/CleLbmSUY5EIa7/9K HnOvn+z14AAc1idJ8tlZ0+wjMAW09YFqtYm+vIT4odwEAACNdG77aP9qDxa2gt+rhkNh Q5jozfyDhrWCnf56X56yhhJOStSeJU8iAzuMCcJPap5QnSJ90Dm0ynhPet6nz+FUv0fQ X6WsQwpFZI15prxRqeXv4PKnsyxQ4Eqxc8RwsfQkbKjiHktZZAjkpFLiIfxt7JcUNC2m uufAcxBmK6sLCaNsS/KVP9PclxpKDh2t2+YI7mEzRCj44fJUQD9YOiFkGYr5484AsHFj ZnFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:content-transfer-encoding; bh=+bnfYVZ1/VFtanq0t7271euPCXI7ZCPB4lK5a8sGddA=; b=D1UFxFQbx9TCRQSpMAB6gqWloghy6dyX+HSaDvX3imIETEU0r+U/d71hem9nnmwZZ2 FppKkA6jn4PXhvYKzaZlL3gItAz9nAE0VdocZ9x6P4tsyGsmcxxWRFsFCm2/TMXPuOQe f8qyMYrQuJWkgZQBA+3zfUgXNbpbYSCS18T/L5UGut4wOamNEx0krq6Pute7fxlcgvdg qQ5MP7MVk6ssU20G7mh4YLEII3wMNAHAuAmVLJM4beDyK4M0kUDW7gWY6CcQFvO7a0rw YXUOGuclV2R+BcjUTaP1zSN9UGi1vlED5SN8+0l49eRAxnhF/zeDx8hGTtXMo3Bd2VDX o+dg==
X-Gm-Message-State: ALoCoQlQK7Hi5ZFwNofmvnf94QmV4OKk09mLe5ubkGM3qSMHtZcGFZKWVxwCQw9RWWhY7bSHOHRRhVchAF/e7tMKo+TO2aTN+E/hCIM+OQDzQ5XUD7h71tCNeqQDvdvCM6VWefB/+LpVi487GxxQDUII0ZvpzT63jfACrycNIHGlSCIEt08pWXJF//0oUTZmLi+9NYEpt5Oa
X-Received: by 10.182.196.3 with SMTP id ii3mr25761049obc.11.1390873963146; Mon, 27 Jan 2014 17:52:43 -0800 (PST)
MIME-Version: 1.0
Received: by 10.182.79.105 with HTTP; Mon, 27 Jan 2014 17:52:22 -0800 (PST)
In-Reply-To: <828b043cac0f4b62875d00f31d2f92e3@BL2PR03MB419.namprd03.prod.outlook.com>
References: <CADMpkcJ4viFwzU9u0uP41Niaopja8PZFowjOALVr3VA1vJ7Uow@mail.gmail.com> <20140128001737.D9D581ABC9@ld9781.wdf.sap.corp> <828b043cac0f4b62875d00f31d2f92e3@BL2PR03MB419.namprd03.prod.outlook.com>
From: Adam Langley <agl@google.com>
Date: Mon, 27 Jan 2014 20:52:22 -0500
Message-ID: <CAL9PXLxDWUMUq5rJXCHYaFRqX6rYfczN8gJaBRJa=pbkH4YWSA@mail.gmail.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jan 2014 01:52:47 -0000
On Mon, Jan 27, 2014 at 8:04 PM, Andrei Popov <Andrei.Popov@microsoft.com> wrote: > For my understanding: why is this proposal vitally dependent on the server sending inappropriate_fallback alert? If the server receives the SCSV, has a higher protocol version enabled than that in the ClientHello, and quietly aborts the handshake, isn't the downgrade attack thwarted? Yes, just closing the connection is good enough for security. The advantage of returning the fatal alert is that a) it stops the fallback process faster and b) the client can report the error that caused the original connection to fail, rather than that the final fallback hit connection closed. Cheers AGL
- [TLS] Call for acceptance of draft-moeller-tls-do… Eric Rescorla
- Re: [TLS] Call for acceptance of draft-moeller-tl… Ben Laurie
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Kurt Roeckx
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Rob Stradling
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Rob Stradling
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Michael D'Errico
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Thomson
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Ben Laurie
- Re: [TLS] Call for acceptance of draft-moeller-tl… Kurt Roeckx
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Daniel Kahn Gillmor
- Re: [TLS] Call for acceptance of draft-moeller-tl… Salz, Rich
- Re: [TLS] Call for acceptance of draft-moeller-tl… Geoffrey Keating
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yoav Nir
- Re: [TLS] Call for acceptance of draft-moeller-tl… Daniel Kahn Gillmor
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bill Frantz
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yoav Nir
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yngve N. Pettesen
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Michael D'Errico
- Re: [TLS] Call for acceptance of draft-moeller-tl… Michael D'Errico
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Andrei Popov
- Re: [TLS] Call for acceptance of draft-moeller-tl… Andrei Popov
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… t.petch
- Re: [TLS] Call for acceptance of draft-moeller-tl… Andrei Popov
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yoav Nir
- Re: [TLS] Call for acceptance of draft-moeller-tl… Andrei Popov
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Joseph Salowey (jsalowey)
- Re: [TLS] Call for acceptance of draft-moeller-tl… Russ Housley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Marsh Ray
- Re: [TLS] Call for acceptance of draft-moeller-tl… Eric Rescorla
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Möller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yngve N. Pettersen