Re: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv
mrex@sap.com (Martin Rex) Mon, 27 January 2014 15:07 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E2781A0230 for <tls@ietfa.amsl.com>; Mon, 27 Jan 2014 07:07:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.552
X-Spam-Level:
X-Spam-Status: No, score=-6.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1YhK34c1SwGO for <tls@ietfa.amsl.com>; Mon, 27 Jan 2014 07:07:44 -0800 (PST)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.170]) by ietfa.amsl.com (Postfix) with ESMTP id 809021A0143 for <tls@ietf.org>; Mon, 27 Jan 2014 07:07:44 -0800 (PST)
Received: from mail05.wdf.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id s0RF7dsE010399 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 27 Jan 2014 16:07:39 +0100 (MET)
In-Reply-To: <CACsn0cmtf9y5YbOTFACEeJGTVMWnvGpOjot10wdqZwkkBPYb0A@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Date: Mon, 27 Jan 2014 16:07:39 +0100
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20140127150739.45B671ABC9@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jan 2014 15:07:47 -0000
Watson Ladd wrote: > > If a server is buggy it shouldn't pretend to offer TLS 1.2 support. > If you don't notice this bug, what are you doing when testing? > [...] > > Furthermore, I think we should have a name-and-shame lab if we are > going to be considering not addressing security issues because of > interop. > [...] > > If you don't want to do this, then you shouldn't offer your product > as supporting TLS. > [...] > > Why exactly wouldn't a serious implementor be doing this already? I don't know why vendors are not testing in any reasonable fashion before shipping, but I know that it is happening regularly. Microsoft goofed the RSA premaster secret version check for the renegotiation handshake in Windows 7 (the first version of SChannel that supports TLSv1.2): http://www.ietf.org/mail-archive/web/tls/current/msg08139.html The TLS WG knew very well that there were serious interop problems in the installed base about the RSA Premaster secret version check and that these interop problems lead to handshake failures. The TLS WG also knew that the security of TLS does not depend on RSA premaster secret client_version number, because it this additional version number appears only in static RSA key exchanges, it does not appear in DH and DHE key exchanges. Now in spite of knowing this, the TLS WG added s not-well-baked text to the TLSv1.2 specification recommending that servers be anal about the RSA premaster secret and abort the TLS handshake in a knee-jerk reaction: https://tools.ietf.org/html/rfc5246#page-59 and Microsoft's SChannel is (a) anal about the check and (b) got the check wrong for the renegotiation handshake in Windows 7 and is actively causing painful and unnecessary interop problems at zero benefit: http://www.ietf.org/mail-archive/web/tls/current/msg09417.html -Martin
- [TLS] Call for acceptance of draft-moeller-tls-do… Eric Rescorla
- Re: [TLS] Call for acceptance of draft-moeller-tl… Ben Laurie
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Kurt Roeckx
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Rob Stradling
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Rob Stradling
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Michael D'Errico
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Thomson
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Ben Laurie
- Re: [TLS] Call for acceptance of draft-moeller-tl… Kurt Roeckx
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Daniel Kahn Gillmor
- Re: [TLS] Call for acceptance of draft-moeller-tl… Salz, Rich
- Re: [TLS] Call for acceptance of draft-moeller-tl… Geoffrey Keating
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yoav Nir
- Re: [TLS] Call for acceptance of draft-moeller-tl… Daniel Kahn Gillmor
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bill Frantz
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yoav Nir
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yngve N. Pettesen
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Michael D'Errico
- Re: [TLS] Call for acceptance of draft-moeller-tl… Michael D'Errico
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Andrei Popov
- Re: [TLS] Call for acceptance of draft-moeller-tl… Andrei Popov
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… t.petch
- Re: [TLS] Call for acceptance of draft-moeller-tl… Andrei Popov
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yoav Nir
- Re: [TLS] Call for acceptance of draft-moeller-tl… Andrei Popov
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Joseph Salowey (jsalowey)
- Re: [TLS] Call for acceptance of draft-moeller-tl… Russ Housley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Marsh Ray
- Re: [TLS] Call for acceptance of draft-moeller-tl… Eric Rescorla
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Möller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yngve N. Pettersen