Re: [TLS] Working Group Last Call for
Martin Rex <mrex@sap.com> Mon, 25 October 2010 21:12 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3B35D3A68D3 for <tls@core3.amsl.com>; Mon, 25 Oct 2010 14:12:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.603
X-Spam-Level:
X-Spam-Status: No, score=-9.603 tagged_above=-999 required=5 tests=[AWL=0.046, BAYES_00=-2.599, HELO_EQ_DE=0.35, J_CHICKENPOX_61=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vJll0g2fj7iR for <tls@core3.amsl.com>; Mon, 25 Oct 2010 14:12:53 -0700 (PDT)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by core3.amsl.com (Postfix) with ESMTP id A39323A684C for <tls@ietf.org>; Mon, 25 Oct 2010 14:12:52 -0700 (PDT)
Received: from mail.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id o9PLE9BW001115 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 25 Oct 2010 23:14:14 +0200 (MEST)
From: Martin Rex <mrex@sap.com>
Message-Id: <201010252114.o9PLE8ka017930@fs4113.wdf.sap.corp>
To: mrex@sap.com
Date: Mon, 25 Oct 2010 23:14:08 +0200
In-Reply-To: <201010251952.o9PJq3pa012929@fs4113.wdf.sap.corp> from "Martin Rex" at Oct 25, 10 09:52:03 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal07
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] Working Group Last Call for
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Oct 2010 21:12:55 -0000
Martin Rex wrote: > > 2. SSLv2 deficiencies: "Sessions can be easily terminated" > > o Sessions can be easily terminated. A man-in-the-middle can easily > insert a TCP FIN to close the session and the peer is unable to > determine whether or not it was a legitimate end of the session. > > I think this exaggerates the usefulness of the closy_notify(0) > warning level alert as used in practice. By using an application > level framing protocol to mark boundaries of data, it is fairly > easy for application callers to compensate for this "lack" of SSLv2. > Many applications that use a framing protocol look only at their > own framing rather than waiting for the close_notify alert exchange > to _complete_. The semantics of the close_notify(0) Alert in TLSv1.2 (mostly unchanged from TLSv1.0). Quoting from http://tools.ietf.org/html/rfc5246#section-7.2.1 Unless some other fatal alert has been transmitted, each party is required to send a close_notify alert before closing the write side of the connection. The other party MUST respond with a close_notify alert of its own and close down the connection immediately, discarding any pending writes. It is not required for the initiator of the close to wait for the responding close_notify alert before closing the read side of the connection. When pages are reloaded/refreshed or when users navigate before a web pages has completed loading all elements, it happens regularly that connections get terminated prematurely. In some situations the TLS-level close-notify might suggest a different behaviour than the common and likely app-level decision. What should a server do when processing an upload-request (HTTPS PUT), sends back a 200/201 to the Browser. Does (or should) the server wait for the clients TLS close-notify and should the server rollback the PUT if the clients close-notify is not sent? If a server actually did rollback in absence of the client'c TLS close-notify, that would actually open(!) a vulnerability, i.e. an attacker could remove the clients TLS close-notify from the network causing the server to think it should rollback while the client believes the transaction was successful. A "secure communication closure protocol" would need three legs, but that is clearly prohibited by the TLS spec for the close_notify alert. -Martin
- [TLS] Working Group Last Call for draft-ietf-tls-… Joe Salowey
- Re: [TLS] Working Group Last Call for draft-ietf-… Simon Josefsson
- Re: [TLS] Working Group Last Call for draft-ietf-… Nikos Mavrogiannopoulos
- Re: [TLS] Working Group Last Call for draft-ietf-… Yoav Nir
- Re: [TLS] Working Group Last Call for draft-ietf-… Michael D'Errico
- Re: [TLS] Working Group Last Call for draft-ietf-… Paul Hoffman
- Re: [TLS] Working Group Last Call for draft-ietf-… Martin Rex
- Re: [TLS] Working Group Last Call for Martin Rex
- Re: [TLS] Working Group Last Call for Marsh Ray
- Re: [TLS] Working Group Last Call fordraft-ietf-t… t.petch
- Re: [TLS] Working Group Last Call fordraft-ietf-t… Martin Rex
- Re: [TLS] Working Group Last Call fordraft-ietf-t… t.petch