Re: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv

Adam Langley <agl@google.com> Thu, 23 January 2014 18:14 UTC

Return-Path: <agl@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FC101A00F7 for <tls@ietfa.amsl.com>; Thu, 23 Jan 2014 10:14:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.914
X-Spam-Level:
X-Spam-Status: No, score=-1.914 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kBJ6I5n1BL9p for <tls@ietfa.amsl.com>; Thu, 23 Jan 2014 10:14:39 -0800 (PST)
Received: from mail-ob0-x22c.google.com (mail-ob0-x22c.google.com [IPv6:2607:f8b0:4003:c01::22c]) by ietfa.amsl.com (Postfix) with ESMTP id 7DEE31A0028 for <tls@ietf.org>; Thu, 23 Jan 2014 10:14:39 -0800 (PST)
Received: by mail-ob0-f172.google.com with SMTP id vb8so2464862obc.31 for <tls@ietf.org>; Thu, 23 Jan 2014 10:14:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=Yk79wnv1R10dPIKR9iigOd96XjKenERaeq0B7B1PHgE=; b=M7lfFjaYIYnR+pPMRlk1/SVg0ryJb6onnHIoiVsSHzqV7n4Oc4lZMe2aI9HbGP/6R7 51hwptGQq5DvxcNMFblMf95S62kBbiVMWDpfa4HyzG0g7oI8H9zjDlxZZf+xZmiiuaev 1Ywsh5j9NI2xsEGf1eRs2fQqgvbaZOR5O9jjvSH/WqcyRQHX4G51zwc3jE/3QGPArMaW u+9z1r7UtD+iCXeqcqx+3mEexn89jHVhynmyasnldki/+YSL720mnE/+5jo2DK+QazJW yfjOeoiWsZgds8AhvmGB0RhqEbRV2gsQ4abEJ6/u9ksYDIJFYrqZcgXfGBBZzR7t/+C2 xv8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=Yk79wnv1R10dPIKR9iigOd96XjKenERaeq0B7B1PHgE=; b=KdwxMbn0x6m4xiKQFZ600xZpC5GkPZlNUmiNZVvG9GZQ6WqZSpAAXLWshirkpNGHxU Ap7e0qW+Usv0X7A11yzt6aa5CIawpVULm6nZcs5/UXZs/6KpMpyjic3c0UO6RlePudon E4yqdsYClyiUNA/BEEL4lvQAXSfQYNC2WM8E0605UrvNFUrSldBFjLu1hc69jldbb4aY wKexT7cgXiuVoHOEAAEM/SHn78byE9iAfdAHORslPh3zK6UGEvL17mvZWNaqZWSUuOIm A7meI6Pn6bEgWSB9i0I4nMFnA7CqO0GIenMq+UpbYzAscT/+rofbgyGwndPmBdKQ1nOz C9jg==
X-Gm-Message-State: ALoCoQm8qKfoK3kI6fk9JlW8kedUI3hFZeXBrLO/Jlz0CGW9nrj9FIZxcN3mwLT/emB5GOBqWgugqj6mzXjZfWsv+eUszMBsw2wu37m1TgDAjR46PT3bjg6MtwtKxlNXz6xJ1jXwE9bIWcN+qVAgUOzSBxMeeeJbVt/j2vcx8gcPlgiO9Yhuevn2Z7/bjqNZ8hM9+E1FBC0B
X-Received: by 10.182.129.201 with SMTP id ny9mr7907465obb.0.1390500878426; Thu, 23 Jan 2014 10:14:38 -0800 (PST)
MIME-Version: 1.0
Received: by 10.182.79.105 with HTTP; Thu, 23 Jan 2014 10:14:18 -0800 (PST)
In-Reply-To: <20140123180713.GA31076@roeckx.be>
References: <CABcZeBP_-MUonYYsxgz2ZdokiEDVhx4mYq1a4BMayuGbbxb2Gg@mail.gmail.com> <20140123180713.GA31076@roeckx.be>
From: Adam Langley <agl@google.com>
Date: Thu, 23 Jan 2014 13:14:18 -0500
Message-ID: <CAL9PXLzcMawdMiFfvn7xjYqPdWUFaOmNJRht31uAE-tB7skkig@mail.gmail.com>
To: Kurt Roeckx <kurt@roeckx.be>
Content-Type: text/plain; charset="UTF-8"
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2014 18:14:44 -0000

On Thu, Jan 23, 2014 at 1:07 PM, Kurt Roeckx <kurt@roeckx.be> wrote:
> I think the document starts from the assumption that there is
> someone in the middle that can alter the data, and then let the
> client do a downgrade.  What is stopping this attacker from
> removing this scsv from the client hello?

The Finished messages will detect any manipulation of the handshake.

The key to the draft is that we believe that no servers will be
intolerant to the SCSV, and thus clients can always send it when doing
a fallback.


Cheers

AGL