IETF Logo Mail Archive

[TLS] assert TLSext in renego-ServerHello instead of disable renego

Martin Rex <mrex@sap.com> Mon, 09 November 2009 20:35 UTC

Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2A80B3A6831 for <tls@core3.amsl.com>; Mon, 9 Nov 2009 12:35:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.149
X-Spam-Level:
X-Spam-Status: No, score=-6.149 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N4jxhfeZf+8P for <tls@core3.amsl.com>; Mon, 9 Nov 2009 12:35:32 -0800 (PST)
Received: from smtpde03.sap-ag.de (smtpde03.sap-ag.de [155.56.68.140]) by core3.amsl.com (Postfix) with ESMTP id 2C60D3A680F for <tls@ietf.org>; Mon, 9 Nov 2009 12:35:32 -0800 (PST)
Received: from mail.sap.corp by smtpde03.sap-ag.de (26) with ESMTP id nA9KZvIR014232 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <tls@ietf.org>; Mon, 9 Nov 2009 21:35:57 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <200911092035.nA9KZviE026489@fs4113.wdf.sap.corp>
To: tls@ietf.org
Date: Mon, 09 Nov 2009 21:35:57 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal08
X-SAP: out
Subject: [TLS] assert TLSext in renego-ServerHello instead of disable renego
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Nov 2009 20:35:33 -0000

Maybe a patched Server (one with support for secure renegotiation)
should ALWAYS assert this extension in a renegotiation TLS handshake
_with_ the verify_data of both server.finished and client.finished
in the ServerHello -- including when the client didn't send the
extension (maybe because the client didn't dare confusing an SSLv3 server).

If we recommend the Server to no longer perform insecure renegotiation,
we could instead recommend that the server unconditionally asserts the
ServerHello extension for the renegotiation handshake.  


This would even allow clients to agree to a secure renegotiation,
which did not dare proposing it (because of an interoperability
constraint with some legacy SSLv3 servers that choke on TLS extensions).

Those clients that propose the secure renegotiation may need a
fallback to a vanilla SSLv3 ClientHello.  Such a fallback would have
to be made at the apps level and is a significant change.  Allowing
server to assert this particular TLS extension in the ServerHello
of a _renegotiation_handhshake_ without having received it in the
ClientHello would obviate the need for the client to add a
TLS extension to the ClientHello, and therefore may obviate the
necessity of a re-connect fallback.


-Martin

v2.23.0 | Report a Bug | By Email