Re: [TLS] An SCSV to stop TLS fallback.
Trevor Perrin <trevp@trevp.net> Tue, 26 November 2013 20:21 UTC
Return-Path: <trevp@trevp.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E4B61AE010 for <tls@ietfa.amsl.com>; Tue, 26 Nov 2013 12:21:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mElVN8HKaUl7 for <tls@ietfa.amsl.com>; Tue, 26 Nov 2013 12:21:11 -0800 (PST)
Received: from mail-wi0-f175.google.com (mail-wi0-f175.google.com [209.85.212.175]) by ietfa.amsl.com (Postfix) with ESMTP id 4B6C81ADF38 for <tls@ietf.org>; Tue, 26 Nov 2013 12:21:11 -0800 (PST)
Received: by mail-wi0-f175.google.com with SMTP id hi5so5779470wib.14 for <tls@ietf.org>; Tue, 26 Nov 2013 12:21:10 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=FmzDEaAgOsD+nxAOMtPMkWBhIubs8vxcZ8yVKVludio=; b=kSF3q/4QJNekmdbOXsKOYCsIJVGelp7+OEeGMgZ0dwcvMFs1k9a5f4qcMe5mO6O6C3 26rfgGEiM1MXIOWHmsAph7PTuk65RGB5P/foKdvEsDIRPJi9ig3U+mo9FA9OAmXaIYkz THuLdsQ8lUbnhxwHT9DLWd/thsfHAohMLBK5TMyljMJZDtQZCmATH61JTNZ/I2YOHa6i uEh1Q5YG6tjIUYkfMfY7bF4n8Fa67FZV6aorrgh+Eix+bM3t++PzzZv2gDSbGWsUrvHV maQvhIL6kvIiWePMY0XuiLZoRE66vyamTK2rVtjU4t+t0kuK4BT93jrRfSTMx760QRA3 aKgw==
X-Gm-Message-State: ALoCoQluIrgKxH5fLq/QHFxkMoaak/+V/k6ny4170Gajn4awWfRQuDN11IW7FcwQcQa0RLd4RXBs
MIME-Version: 1.0
X-Received: by 10.180.7.136 with SMTP id j8mr19597941wia.17.1385497270622; Tue, 26 Nov 2013 12:21:10 -0800 (PST)
Received: by 10.216.214.134 with HTTP; Tue, 26 Nov 2013 12:21:10 -0800 (PST)
X-Originating-IP: [199.83.223.81]
In-Reply-To: <CAL9PXLzB9GjY80S4WrO6J6QC8+S0Qff8sjw71Ssp_ZtL4Fi9Hw@mail.gmail.com>
References: <CAL9PXLzWPY5o2SeV=kUPWxznkw+3cmpbMpYifCebfqd48VW9UA@mail.gmail.com> <CAGZ8ZG2oBwx_Hb3mM59jWx9rZm4zcm4Sv6AdypK4WdciUtG8Bg@mail.gmail.com> <CAL9PXLzB9GjY80S4WrO6J6QC8+S0Qff8sjw71Ssp_ZtL4Fi9Hw@mail.gmail.com>
Date: Tue, 26 Nov 2013 12:21:10 -0800
Message-ID: <CAGZ8ZG10rsysnNijZGRZAsh4h06235xWnFwUKOBAStOEYjnYCQ@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: Adam Langley <agl@google.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] An SCSV to stop TLS fallback.
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Nov 2013 20:21:13 -0000
On Tue, Nov 26, 2013 at 9:38 AM, Adam Langley <agl@google.com> wrote: > On Mon, Nov 25, 2013 at 9:33 PM, Trevor Perrin <trevp@trevp.net> wrote: >> Are these MITM products using special root certs installed in the >> browser for MITM purposes? > > Yes. > >> If so, could the browser simply allow >> SSLv3 fallback only when connecting to a cert under such an installed >> root, while otherwise rejecting such a fallback? > > Yes, but I don't believe that would be viable on the Internet as a > whole. There are certainly many HTTPS servers on the Internet that > need fallback in order to function. We would like not to break them > while stopping them dragging everyone's security down. So we still > need some way to identify non-broken servers. Sure, makes sense. There was an earlier thread about TLS-intolerant middleboxes and the problem they pose for TLS enhancements which require TLS Extensions (like CT, TACK, and OCSP "must-staple") [1]. Are your observations actually good news for that case? If many of those intolerant middleboxes that were being observed are actually *MITM* boxes with installed MITM roots, presumably browsers could detect when they are connecting to such a MITM middlebox, and relax their requirements around (CT, TACK, OCSP "must-staple", etc.)? Trevor [1] http://www.ietf.org/mail-archive/web/tls/current/msg09450.html http://www.ietf.org/mail-archive/web/tls/current/msg09468.html
- Re: [TLS] An SCSV to stop TLS fallback. Adam Langley
- Re: [TLS] An SCSV to stop TLS fallback. Adam Langley
- [TLS] An SCSV to stop TLS fallback. Adam Langley
- Re: [TLS] An SCSV to stop TLS fallback. Watson Ladd
- Re: [TLS] An SCSV to stop TLS fallback. Adam Langley
- Re: [TLS] An SCSV to stop TLS fallback. Andy Wilson
- Re: [TLS] An SCSV to stop TLS fallback. Yngve N. Pettersen
- Re: [TLS] An SCSV to stop TLS fallback. Martin Rex
- Re: [TLS] An SCSV to stop TLS fallback. Trevor Perrin
- Re: [TLS] An SCSV to stop TLS fallback. Adam Langley
- Re: [TLS] An SCSV to stop TLS fallback. Adam Langley
- Re: [TLS] An SCSV to stop TLS fallback. Martin Rex
- Re: [TLS] An SCSV to stop TLS fallback. Trevor Perrin
- Re: [TLS] An SCSV to stop TLS fallback. Watson Ladd
- Re: [TLS] An SCSV to stop TLS fallback. Brian Smith
- Re: [TLS] An SCSV to stop TLS fallback. Bodo Moeller
- Re: [TLS] An SCSV to stop TLS fallback. Adam Langley
- Re: [TLS] An SCSV to stop TLS fallback. Adam Langley
- Re: [TLS] An SCSV to stop TLS fallback. Adam Langley
- Re: [TLS] An SCSV to stop TLS fallback. Bodo Moeller
- Re: [TLS] An SCSV to stop TLS fallback. Jack Lloyd
- Re: [TLS] An SCSV to stop TLS fallback. Manger, James H
- Re: [TLS] An SCSV to stop TLS fallback. Wan-Teh Chang
- Re: [TLS] An SCSV to stop TLS fallback. Bodo Moeller
- Re: [TLS] An SCSV to stop TLS fallback. Wan-Teh Chang
- Re: [TLS] An SCSV to stop TLS fallback. Manuel Pégourié-Gonnard
- Re: [TLS] An SCSV to stop TLS fallback. Adam Langley
- Re: [TLS] An SCSV to stop TLS fallback. Bodo Moeller
- Re: [TLS] An SCSV to stop TLS fallback. Marsh Ray
- Re: [TLS] An SCSV to stop TLS fallback. Douglas Stebila
- Re: [TLS] An SCSV to stop TLS fallback. Yngve N. Pettersen
- Re: [TLS] An SCSV to stop TLS fallback. Yngve N. Pettersen
- Re: [TLS] An SCSV to stop TLS fallback. James Cloos
- Re: [TLS] An SCSV to stop TLS fallback. Yngve N. Pettersen
- Re: [TLS] An SCSV to stop TLS fallback. Manuel Pégourié-Gonnard
- Re: [TLS] An SCSV to stop TLS fallback. Bodo Moeller
- Re: [TLS] An SCSV to stop TLS fallback. Marsh Ray
- Re: [TLS] An SCSV to stop TLS fallback. Bodo Moeller
- Re: [TLS] An SCSV to stop TLS fallback. Martin Rex
- Re: [TLS] An SCSV to stop TLS fallback. Adam Langley
- Re: [TLS] An SCSV to stop TLS fallback. Daniel Kahn Gillmor
- Re: [TLS] An SCSV to stop TLS fallback. Brian Smith
- Re: [TLS] An SCSV to stop TLS fallback. Ralf Skyper Kaiser
- Re: [TLS] An SCSV to stop TLS fallback. Martin Rex
- Re: [TLS] An SCSV to stop TLS fallback. Martin Rex
- Re: [TLS] An SCSV to stop TLS fallback. Watson Ladd
- Re: [TLS] An SCSV to stop TLS fallback. Martin Rex
- Re: [TLS] An SCSV to stop TLS fallback. Watson Ladd
- Re: [TLS] An SCSV to stop TLS fallback. Martin Rex
- Re: [TLS] An SCSV to stop TLS fallback. Yaron Sheffer
- Re: [TLS] An SCSV to stop TLS fallback. Ralf Skyper Kaiser
- Re: [TLS] An SCSV to stop TLS fallback. Yaron Sheffer
- Re: [TLS] An SCSV to stop TLS fallback. Ralf Skyper Kaiser
- Re: [TLS] An SCSV to stop TLS fallback. Manuel Pégourié-Gonnard
- Re: [TLS] An SCSV to stop TLS fallback. Ralf Skyper Kaiser
- Re: [TLS] An SCSV to stop TLS fallback. Bodo Moeller