Re: [TLS] [OPS-DIR] ops review of draft-ietf-tls-sslv3-diediedie

joel jaeggli <joelja@bogus.com> Sun, 22 March 2015 12:30 UTC

Return-Path: <joelja@bogus.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E53C1A908E; Sun, 22 Mar 2015 05:30:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4T0CZ727gizx; Sun, 22 Mar 2015 05:30:45 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B862E1A908F; Sun, 22 Mar 2015 05:30:45 -0700 (PDT)
Received: from mb-aye.local (ip-64-134-6-222.public.wayport.net [64.134.6.222]) (authenticated bits=0) by nagasaki.bogus.com (8.14.9/8.14.9) with ESMTP id t2MCUfm8001322 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sun, 22 Mar 2015 12:30:42 GMT (envelope-from joelja@bogus.com)
To: "Fred Baker (fred)" <fred@cisco.com>, "ops-dir@ietf.org" <ops-dir@ietf.org>
references: <5287A99D-C512-498A-9F8C-3B7E38D7844B@cisco.com>
From: joel jaeggli <joelja@bogus.com>
message-id: <550EB5EB.2080609@bogus.com>
Date: Sun, 22 Mar 2015 07:30:35 -0500
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Thunderbird/37.0
mime-version: 1.0
in-reply-to: <5287A99D-C512-498A-9F8C-3B7E38D7844B@cisco.com>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="DIsibiwWufo32VcwfHxMm931Ts0soeBkf"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/WuxU4Ly0ZVGqor1zwWVktahqXCw>
Cc: "draft-ietf-tls-sslv3-diediedie.all@tools.ietf.org" <draft-ietf-tls-sslv3-diediedie.all@tools.ietf.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] [OPS-DIR] ops review of draft-ietf-tls-sslv3-diediedie
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Mar 2015 12:30:47 -0000

Thanks fred!

joel

On 3/22/15 1:29 AM, Fred Baker (fred) wrote:
> I have reviewed this document as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving the operational aspects of the IETF drafts. Comments that are not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments.
> 
> Summary:
> 
> The document, as set forth in its name, makes a specific recommendation regarding SSL v3 and by extension all of its versions: "die die die”. It gives specific reasons for that recommendation, in terms of manifest insecurity, attacks, and general unworthiness of trust.
> 
> It also answers a question I have had, which is why TLS didn't naturally replace SSL a long time ago. Specific parameters necessary to that negotiation had not been adequately specified. The document makes an assertion that I understand to be the long-standing consensus of the security community: that any version of TLS is more secure than any version of SSL, and as version numbers increase, TLS itself becomes more secure.
> 
> In short, it recommends that implementations that use SSL update to use TLS, and that operators of applications using SSL lean on their vendors or implementors to make the conversion or change to other software packages.
> 
> Operational impact:
> 
> By implication, administrators of applications need to determine whether their applications are using SSL, and if so upgrade them. The audit is probably most easily accomplished using a web page lookup or email exchange; the specifications for the application will say what they use, and if they have made the conversion, identify in what release they did so. It should then be straightforward for the administrator to determine what version they are running.
> 
> One implication that the document doesn’t bring out directly, but which follows from the discussion of the attacks, is that any key or certificate that has been exchanged using SSL may have been compromised via a man-in-the-middle attack, and is therefore suspect. Such certificates and keys should be replaced.
> 
> The upgrade process itself may be more painful; the administrator will need to qualify the updated software for his/her use case, and may need to correspond with the vendor or author. This is something administrators generally know how to do, however, so it should not be a blocking issue.
> 
> My assessment: The document is clearly written and well argued, and the issues are clearly laid out. It is therefore good to go.
> 
> 
> 
> _______________________________________________
> OPS-DIR mailing list
> OPS-DIR@ietf.org
> https://www.ietf.org/mailman/listinfo/ops-dir
>