IETF Logo Mail Archive

Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: Re: Working Group Last Call for draft-ietf-tls-downgrade-scsv-00)

Andrei Popov <Andrei.Popov@microsoft.com> Mon, 20 October 2014 22:23 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 564221ACEEE for <tls@ietfa.amsl.com>; Mon, 20 Oct 2014 15:23:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2vPksp6APUs8 for <tls@ietfa.amsl.com>; Mon, 20 Oct 2014 15:23:37 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0717.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:717]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B80C1ACE99 for <tls@ietf.org>; Mon, 20 Oct 2014 15:23:37 -0700 (PDT)
Received: from BL2PR03MB419.namprd03.prod.outlook.com (10.141.92.18) by BL2PR03MB418.namprd03.prod.outlook.com (10.141.92.13) with Microsoft SMTP Server (TLS) id 15.0.1054.13; Mon, 20 Oct 2014 22:23:13 +0000
Received: from BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) by BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) with mapi id 15.00.1054.004; Mon, 20 Oct 2014 22:23:13 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] The TLS_FALLBACK_SCSV time bomb (was: Re: Working Group Last Call for draft-ietf-tls-downgrade-scsv-00)
Thread-Index: Ac/rUxJ+kqpMmvBKoUCxL3G2jHnzlgBVKtDw
Date: Mon, 20 Oct 2014 22:23:13 +0000
Message-ID: <71017e66b8ea43dea1e708e41b6aa93f@BL2PR03MB419.namprd03.prod.outlook.com>
References: <9A043F3CF02CD34C8E74AC1594475C739B9D2991@uxcn10-5.UoA.auckland.ac.nz>
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C739B9D2991@uxcn10-5.UoA.auckland.ac.nz>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [2001:4898:80e8:ed31::2]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:BL2PR03MB418;
x-exchange-antispam-report-test: UriScan:;
x-forefront-prvs: 03706074BC
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(377454003)(199003)(189002)(13464003)(107046002)(107886001)(97736003)(74316001)(86612001)(76576001)(85306004)(105586002)(95666004)(54356999)(101416001)(76176999)(50986999)(106356001)(99286002)(108616004)(76482002)(40100003)(85852003)(120916001)(99396003)(92566001)(15975445006)(19580405001)(122556002)(19580395003)(87936001)(80022003)(46102003)(31966008)(2656002)(33646002)(230783001)(4396001)(21056001)(86362001)(20776003)(64706001)(24736002)(3826002)(491001); DIR:OUT; SFP:1102; SCL:1; SRVR:BL2PR03MB418; H:BL2PR03MB419.namprd03.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/YH4UWKEletFnLLyt8CuW8Hl1IhI
Subject: Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: Re: Working Group Last Call for draft-ietf-tls-downgrade-scsv-00)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Oct 2014 22:23:40 -0000

> ... and 5,000 days for clients and servers where you have to wait for the hardware to die in order to see an update.
You may be right; after all SSl2 is still deployed. My argument is about the clients and servers that actually get regular updates. These up-to-date clients are losing fallback to SSL3, so there's nothing to protect using SCSV (extension works fine for TLS1.0-1.3). These up-to-date servers negotiate TLS1.2 with up-to-date clients, so there seems to be little need for them to protect TLS1.0 -> SSL3 downgrade.

> Oh, and given your affiliation, I was tempted to add: "So Microsoft are planning to roll out an update to Windows XP then?" :-).
Hopefully, POODLE will help bring about the end of XP :)

Cheers,

Andrei

-----Original Message-----
From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Peter Gutmann
Sent: Saturday, October 18, 2014 9:14 PM
To: <tls@ietf.org>
Subject: Re: [TLS] The TLS_FALLBACK_SCSV time bomb (was: Re: Working Group Last Call for draft-ietf-tls-downgrade-scsv-00)

Andrei Popov <Andrei.Popov@microsoft.com> writes:

>I think about 60-90 days or so, for those clients and servers that get 
>regular updates.

... and 5,000 days for clients and servers where you have to wait for the hardware to die in order to see an update.

(10,000 days is probably on the long side, but I still have to maintain backwards-compatible bugfixes for SSH versions from the late 1990s in major backbone routing gear, so we're talking a 15-year lifespan at least, which is where the 5K days came from).

Oh, and given your affiliation, I was tempted to add: "So Microsoft are planning to roll out an update to Windows XP then?" :-).

Peter.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email