Re: [TLS] draft-ietf-tls-renegotation: next steps
Martin Rex <mrex@sap.com> Thu, 17 December 2009 03:39 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E9BC63A6AA8 for <tls@core3.amsl.com>; Wed, 16 Dec 2009 19:39:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.195
X-Spam-Level:
X-Spam-Status: No, score=-6.195 tagged_above=-999 required=5 tests=[AWL=0.054, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xYj6C+54-5+L for <tls@core3.amsl.com>; Wed, 16 Dec 2009 19:39:38 -0800 (PST)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.171]) by core3.amsl.com (Postfix) with ESMTP id CFE963A691E for <tls@ietf.org>; Wed, 16 Dec 2009 19:39:37 -0800 (PST)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id nBH3dMNJ029656 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 17 Dec 2009 04:39:22 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <200912170339.nBH3dLiI012743@fs4113.wdf.sap.corp>
To: david-sarah@jacaranda.org
Date: Thu, 17 Dec 2009 04:39:21 +0100
In-Reply-To: <4B29A324.9080907@jacaranda.org> from "David-Sarah Hopwood" at Dec 17, 9 03:19:00 am
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal05
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] draft-ietf-tls-renegotation: next steps
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Dec 2009 03:39:39 -0000
David-Sarah Hopwood wrote: > > Martin Rex wrote: > > First, we need to fix the Definition of the TLS_RENEGO_PROTECTION_REQUEST: > > > > This cipher suite value is the Client to Server signal that the client > > is updated and asks to apply the strict rules of secure renegotiation > > applied to the current handshake -- no excuses. > > > > If SCSV is received by a server on an initial handshake that does > > not contain a renegotiation_info TLS extension, then the server > > should apply the same semantics as if it had received an empty > > TLS extension RI in that ClientHello. > > > > Concerning the question what a client should send on a backwards > > interoperable renegotiation handshake: > > > > The rule is "if you can't be good, at least be good at it.". > > > > That means if the clients configuration permits old-style renegotiation, > > then he should NOT try fancy new tricks with that old server on the > > renegotiation handshake that he didn't do on the initial handshake. > > > > i.e. if the client had sent TLS extensions on the initial handshake, > > there is no problem with _sending_ TLS extension RI on the renegotiation > > handshake with the old server. > > > > However, if the client did _not_ use TLS extensions (but SCSV) on > > the initial handshake with an old server, then there are only > > to sensible options for the client on renegotiation: > > (a) abort when the client doesn't allow old-style renegotiation > > (b) send an extension-less ClientHello with [S]CSV on renegotiation. > > (b) is only secure if an upgraded server MUST abort if it receives an > SCSV without an extension on a renegotiating handshake. > I am *strongly* opposed to (b) without that requirement. That is what I tried to describe in the second sentence above of the mail that you quoted: "apply the strict rules of secure renegotiation to the current handshake -- no excuses". You're welcome to use more appropriate words to describe this. > > With that requirement, I'm still weakly opposed to your argument here. > Always sending the extension in a renegotiating ClientHello is much > simpler. That is one of the few useful conditionals, because it would be backwards-incompatible and unreasonable action to send an extension on a backwards-interop renegotiation scenario with an old(!) server if _NO_ extension was sent on the initial handshake. The spec should _not_ require implementers to offer this, and neither require apps to enable this, but _IF_ they offer it, then it just doesn't make sense to offer backwards interop renegotiation in an inconsistent fashion. -Martin
- [TLS] draft-ietf-tls-renegotation: next steps Pasi.Eronen
- Re: [TLS] draft-ietf-tls-renegotation: next steps Martin Rex
- Re: [TLS] draft-ietf-tls-renegotation: next steps Paul Hoffman
- Re: [TLS] draft-ietf-tls-renegotation: next steps Michael D'Errico
- Re: [TLS] draft-ietf-tls-renegotation: next steps Martin Rex
- Re: [TLS] draft-ietf-tls-renegotation: next steps Marsh Ray
- Re: [TLS] draft-ietf-tls-renegotation: next steps Eric Rescorla
- Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-rene… Kemp, David P.
- Re: [TLS] draft-ietf-tls-renegotation: next steps Marsh Ray
- Re: [TLS] draft-ietf-tls-renegotation: next steps Martin Rex
- Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-rene… Martin Rex
- Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-rene… Marsh Ray
- [TLS] Generic process issues (Re: Re: draft-ietf-… Nicolas Williams
- Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-rene… Martin Rex
- Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-rene… Martin Rex
- Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-rene… Marsh Ray
- Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-rene… Martin Rex
- Re: [TLS] draft-ietf-tls-renegotation: next steps David-Sarah Hopwood
- Re: [TLS] draft-ietf-tls-renegotation: next steps David-Sarah Hopwood
- Re: [TLS] draft-ietf-tls-renegotation: next steps Martin Rex
- Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-rene… Marsh Ray
- Re: [TLS] draft-ietf-tls-renegotation: next Pasi.Eronen
- Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-rene… Martin Rex
- Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-rene… Martin Rex
- Re: [TLS] draft-ietf-tls-renegotation: next Martin Rex
- Re: [TLS] draft-ietf-tls-renegotation: next Martin Rex
- Re: [TLS] draft-ietf-tls-renegotation: next Marsh Ray
- Re: [TLS] draft-ietf-tls-renegotation: next Kyle Hamilton
- Re: [TLS] draft-ietf-tls-renegotation: next Martin Rex
- Re: [TLS] draft-ietf-tls-renegotation: next Michael D'Errico
- Re: [TLS] draft-ietf-tls-renegotation: next David-Sarah Hopwood