Re: [TLS] Deprecating SSLv3
Henrick Hellström <henrick@streamsec.se> Tue, 25 November 2014 09:01 UTC
Return-Path: <henrick@streamsec.se>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEFDD1A006E for <tls@ietfa.amsl.com>; Tue, 25 Nov 2014 01:01:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.649
X-Spam-Level:
X-Spam-Status: No, score=0.649 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9puEhpHV0WeA for <tls@ietfa.amsl.com>; Tue, 25 Nov 2014 01:01:53 -0800 (PST)
Received: from vsp2.ballou.se (vsp2.ballou.se [91.189.40.83]) by ietfa.amsl.com (Postfix) with SMTP id 6FD941A006F for <tls@ietf.org>; Tue, 25 Nov 2014 01:01:49 -0800 (PST)
Received: from nmail1.ballou.se (unknown [10.0.0.116]) by vsp2.ballou.se (Halon Mail Gateway) with ESMTP for <tls@ietf.org>; Tue, 25 Nov 2014 10:01:05 +0100 (CET)
Received: from [192.168.0.195] (c-21cfe555.06-134-73746f39.cust.bredbandsbolaget.se [85.229.207.33]) (Authenticated sender: henrick@streamsec.se) by nmail1.ballou.se (Postfix) with ESMTPSA id 109B31DE8D for <tls@ietf.org>; Tue, 25 Nov 2014 10:01:05 +0100 (CET)
Message-ID: <54744542.1070705@streamsec.se>
Date: Tue, 25 Nov 2014 10:00:50 +0100
From: Henrick Hellström <henrick@streamsec.se>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: tls@ietf.org
References: <1572947.5ky0fL2FGE@pintsize.usersys.redhat.com> <20141124182953.9C8251B004@ld9781.wdf.sap.corp> <CACsn0ck6t6DKbxcRga-TFQEj5ADe7zw3pKu9z33L2hS2B6LzyQ@mail.gmail.com> <20141124213052.GR3200@localhost> <88D3820D-E509-40E0-AF12-E8B82A9708B3@gmail.com> <20141124224504.GS3200@localhost>
In-Reply-To: <20141124224504.GS3200@localhost>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/V_JjexT1q7RMvK-6ocj3EzEWWhQ
Subject: Re: [TLS] Deprecating SSLv3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: henrick@streamsec.se
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Nov 2014 09:01:56 -0000
On 2014-11-24 23:45, Nico Williams wrote: >> CRIME, BEAST, POODLE, they all depend on my browser going to >> http://www.attacker.com, and then a script loaded from that site >> running on the browser, sending requests to Facebook and google and >> the like with *my* cookies. For some reason these requests are treated >> as if they come from *me* rather than the attacker. They call it CSRF, >> but it’s not really forgery. It’s just the way the web is built. > > Oh sure, and I agree fully, we could totally have a bash-the-web- > security-model thread :) but we can't really do anything about it from > TLS WG. The TLS WG might define a formal threat model that can be backed up by both, on one hand, the cryptographic protocol design, and, on the other hand, the security analysis section of the main RFCs that outline correct usage in layman's terms. Obviously there SHOULD be a straight logical connection between the cryptographic design, the formal threat model and the security analysis sections. Otherwise TLS is broken. Conversely, if TLS WG does this and browsers violate the implementation instructions in the security analysis section, the browsers are broken. In such a scenario some browser manufacturers and website publishers would probably fix the errors at the expense of some interoperability issues and some functionality loss, while others would ignore the issues. The point is, that it is hard to justify that the TLS WG should output standards that are not based on a coherent security analysis, just because sites like Facebook, Google, EBay, PayPal etc, have a vested interest in letting third party web publishers distribute fourth party javascript that logs in to their servers with the credentials of the client users, and claim this is "secure" just because it is done over HTTPS and not in direct conflict with the explicit recommendations of the TLS WG.
- [TLS] Deprecating SSLv3 Martin Thomson
- Re: [TLS] Deprecating SSLv3 Matt Caswell
- Re: [TLS] Deprecating SSLv3 Martin Thomson
- Re: [TLS] Deprecating SSLv3 Manuel Pégourié-Gonnard
- Re: [TLS] Deprecating SSLv3 Martin Thomson
- Re: [TLS] Deprecating SSLv3 Stephen Checkoway
- Re: [TLS] Deprecating SSLv3 Nikos Mavrogiannopoulos
- Re: [TLS] Deprecating SSLv3 Alfredo Pironti
- Re: [TLS] Deprecating SSLv3 Nikos Mavrogiannopoulos
- Re: [TLS] Deprecating SSLv3 Ronald del Rosario
- Re: [TLS] Deprecating SSLv3 Alfredo Pironti
- Re: [TLS] Deprecating SSLv3 Martin Thomson
- Re: [TLS] Deprecating SSLv3 Nikos Mavrogiannopoulos
- Re: [TLS] Deprecating SSLv3 Kurt Roeckx
- Re: [TLS] Deprecating SSLv3 Salz, Rich
- Re: [TLS] Deprecating SSLv3 Nikos Mavrogiannopoulos
- Re: [TLS] Deprecating SSLv3 Hubert Kario
- Re: [TLS] Deprecating SSLv3 Martin Rex
- Re: [TLS] Deprecating SSLv3 Hubert Kario
- Re: [TLS] Deprecating SSLv3 Martin Rex
- Re: [TLS] Deprecating SSLv3 Martin Rex
- Re: [TLS] Deprecating SSLv3 Kurt Roeckx
- Re: [TLS] Deprecating SSLv3 Hubert Kario
- Re: [TLS] Deprecating SSLv3 Hubert Kario
- Re: [TLS] Deprecating SSLv3 Manuel Pégourié-Gonnard
- Re: [TLS] Deprecating SSLv3 Watson Ladd
- Re: [TLS] Deprecating SSLv3 Nico Williams
- Re: [TLS] Deprecating SSLv3 Yoav Nir
- Re: [TLS] Deprecating SSLv3 Bill Frantz
- Re: [TLS] Deprecating SSLv3 Nico Williams
- Re: [TLS] Deprecating SSLv3 Henrick Hellström
- Re: [TLS] Deprecating SSLv3 Yuhong Bao
- Re: [TLS] Deprecating SSLv3 Hubert Kario
- Re: [TLS] Deprecating SSLv3 Martin Rex