IETF Logo Mail Archive

Re: [TLS] Should we require implementations to send alerts?

Dave Garrett <davemgarrett@gmail.com> Thu, 17 September 2015 21:47 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 505861A877C for <tls@ietfa.amsl.com>; Thu, 17 Sep 2015 14:47:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KvU8aHfV0lTo for <tls@ietfa.amsl.com>; Thu, 17 Sep 2015 14:47:53 -0700 (PDT)
Received: from mail-qg0-x235.google.com (mail-qg0-x235.google.com [IPv6:2607:f8b0:400d:c04::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4A3F1A701C for <tls@ietf.org>; Thu, 17 Sep 2015 14:47:52 -0700 (PDT)
Received: by qgt47 with SMTP id 47so24704237qgt.2 for <tls@ietf.org>; Thu, 17 Sep 2015 14:47:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=QxnM5tQSmEjo7zju1eVpiTBMaXPrktdOkPZMlG5UXns=; b=e9wZDOZy6f1FYLGGNWGjUi4p8ABtwJLNMTMzgCP27JMSgF2Us+fEnXWsTjBIVXdYRh EYTPJMV8Ehmn22dcFcodUx36H40dD3oEUEo1W334E/Y4M8NaCX66syX+tLR/vMNxLfyX 9+jwO+8hbOStp+0gS8ioYt/saSg/DFkOFGt384Oz1Lm+4qQQlFTMmJOiPEs6ArE6slLR nmxCTqLcJQSxpq1U9aK1odnyNe9y6xBC68uNwmIrzcVeC+J2/1HrPdHrMKJJ3vMNsMSb TZbFMNxEJ211Pdit5JRUXSJb92qI7MyrRiFWDV5X/yeJOF/fDvDb8kRX3Qfuj9fA3xoK jOJg==
X-Received: by 10.140.102.206 with SMTP id w72mr2471846qge.93.1442526472018; Thu, 17 Sep 2015 14:47:52 -0700 (PDT)
Received: from dave-laptop.localnet (pool-72-94-152-197.phlapa.fios.verizon.net. [72.94.152.197]) by smtp.gmail.com with ESMTPSA id 38sm2170415qgh.11.2015.09.17.14.47.51 (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 17 Sep 2015 14:47:51 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: tls@ietf.org
Date: Thu, 17 Sep 2015 17:47:50 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <CABcZeBPnO4zn_HkvwLpLC+EVYN8EKOBEsR80oRt3HZgsiNGDoQ@mail.gmail.com> <2561736.y7EIFaQIvx@pintsize.usersys.redhat.com> <CAFewVt5sWrRMn0+dcVk6jiCKKB5OGH5JouyXLGo3SkhX=zpMMA@mail.gmail.com>
In-Reply-To: <CAFewVt5sWrRMn0+dcVk6jiCKKB5OGH5JouyXLGo3SkhX=zpMMA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <201509171747.50470.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/XXbnr5slG2Y3MHuEld7K8dSvlpM>
Subject: Re: [TLS] Should we require implementations to send alerts?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2015 21:47:54 -0000

On Thursday, September 17, 2015 03:27:10 pm Brian Smith wrote:
> Hubert Kario <hkario@redhat.com> wrote:
> > and yet Firefox depends on them to report human-readable errors to users
> > when it can't connect to a server...
> 
> In what situation will a conformant implementation send Firefox an alert?
> Firefox is conformant (AFAICT) and in particular Firefox implements the
> mandatory-to-implement cipher suite. Therefore no conformant implementation
> should be sending Firefox an alert other than close_notify.
> 
> (We should focus on conformant implementations because non-conformant
> implementations can do whatever they want, by definition).

The flaw in your logic here is the fact that specifications change. Firefox will receive a protocol_version alert from a version-incompatible server. Both implementations could be fully conformant to their target specifications, just different versions. Without this alert being consistently sent, everyone gave up and implemented a sloppy fallback mechanism which made downgrade attacks rather simple.

Likewise, you'll get an alert if different ciphers are supported on each endpoint. Mandatory to implement does not mean mandatory to use.

Certificate alerts can happen pretty much anywhere and this is a user-configurable area so it's not the implementations fault, but it needs to know what happened for anyone to be able to handle it.

We could probably build a whole list here, but that's enough for me to say that alerts matter in conformant implementations and that we need to always expect they're used correctly.


Dave

v2.23.0 | Report a Bug | By Email