IETF Logo Mail Archive

Re: [TLS] Protocol version for inappropriate_fallback alerts (was: Re: I-D Action: draft-ietf-tls-downgrade-scsv-01.txt)

Bodo Moeller <bmoeller@acm.org> Fri, 14 November 2014 06:14 UTC

Return-Path: <bmoeller@acm.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E715F1A7026 for <tls@ietfa.amsl.com>; Thu, 13 Nov 2014 22:14:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.262
X-Spam-Level:
X-Spam-Status: No, score=-0.262 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d797G5ygQTXt for <tls@ietfa.amsl.com>; Thu, 13 Nov 2014 22:13:56 -0800 (PST)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.130]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A35E1A6FD0 for <tls@ietf.org>; Thu, 13 Nov 2014 22:13:52 -0800 (PST)
Received: from mail-oi0-f49.google.com (mail-oi0-f49.google.com [209.85.218.49]) by mrelayeu.kundenserver.de (node=mreue005) with ESMTP (Nemesis) id 0M9cAV-1XhlDt2xot-00D1dx; Fri, 14 Nov 2014 07:13:51 +0100
Received: by mail-oi0-f49.google.com with SMTP id u20so11474715oif.36 for <tls@ietf.org>; Thu, 13 Nov 2014 22:13:49 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.182.163.33 with SMTP id yf1mr2450406obb.0.1415945629629; Thu, 13 Nov 2014 22:13:49 -0800 (PST)
Received: by 10.60.32.42 with HTTP; Thu, 13 Nov 2014 22:13:49 -0800 (PST)
In-Reply-To: <20141113231954.C65861AFCC@ld9781.wdf.sap.corp>
References: <CADMpkcJyojb_=g3uinQX+YTN0tdYD6jivOwgoB_OGqB-6i4B1g@mail.gmail.com> <20141113231954.C65861AFCC@ld9781.wdf.sap.corp>
Date: Fri, 14 Nov 2014 07:13:49 +0100
Message-ID: <CADMpkcJHc1yQLCn9hAadBcYw9o95JLSeTmVu4Nso-1Eiu89OuQ@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="e89a8f6427284685c60507cb88a4"
X-Provags-ID: V02:K0:wnJ/SWkTM3T1Ej37Ta5BgpqWDWUMzQI3+MwY9C9UEXT E7ZnBo/sntTZEJTvfPqj7jf0TS5tpGZZt+jJLsk9t9tdwQaR4q 67n+tagluoxEue/tmdbiLcJjmVPDoQDFfOZKs/+0xfanYcnCbe ac52nTERoVXmPuxZvX+PByAmJvXsD2QT05K7oJmhfMyMpU8YSl WV6XpV0F1oqXNOuKBs87KOBak9UA+lPzhjgfSw5qSyJcNgCta+ V9lPhkd0E/ZyQDA4Qb9/1cSD0IIZBE27vtiZkar7bnZcxptFZm noE3ktFMB85yRLiwreDpd6md5uiYJa05nNqep2KS223nj6Ya3d sHmB/OXyR+b1Cfm775TB4+S8VNffL+6wO+i/SiIAW4jVxfkud8 iNawFNpEOJ3MgCBlWFSfEqBe7Y8f/bdMoZDO49lQFXTSUOME0X +jrPM
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/XqmIP72Olesh9RudwKoDu4XVwJo
Cc: Florian Weimer <fweimer@redhat.com>
Subject: Re: [TLS] Protocol version for inappropriate_fallback alerts (was: Re: I-D Action: draft-ietf-tls-downgrade-scsv-01.txt)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Nov 2014 06:14:08 -0000

Martin Rex <mrex@sap.com>:

>> +     [...] the inappropriate_fallback alert, like any
> >> +     other fatal alert this early during the handshake, should use
> >> +     a record layer protocol_version that the client can reasonably
> >> +     be expected to understand, [...]
>

> [...] Your proposed wording sounds very vague.
>


> It is vague on purpose, because it is supposed to be non-normative.
> Why would you want to inconvenience existing implementations
> (where the record level protocol version for an alert might get determined
> at the record protocol layer, and _not_ in function (as function parameter)
> that triggers the alert response, such as:
>
>    ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INAPPROPRIATE_FALLBACK);
>

In that case, I think we should be saying nothing in the server behavior
section at all (after all, alerts sent by the client in response to the
Client Hello aren't new). Rather, the client server behavior section should
point out that clients that want to detect the inappropriate_fallback alert
must be prepared to see any record-layer protocol version.

Florian, I'd put in explicit guidance on the record-layer protocol version
to use with the inappropriate_fallback alert at your request. What do you
think about explicitly asking the client to tolerate any version (as the
TLS RFC does for the Client Hello record version) vs. explicitly telling
the server what to use?

Bodo

v2.15.0 | Report a Bug | By Email