Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard
Andrei Popov <Andrei.Popov@microsoft.com> Fri, 16 January 2015 20:13 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E891A1B2B71; Fri, 16 Jan 2015 12:13:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.255
X-Spam-Level:
X-Spam-Status: No, score=-0.255 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ICQz-MLKOaZq; Fri, 16 Jan 2015 12:13:51 -0800 (PST)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0111.outbound.protection.outlook.com [207.46.100.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2D4E1B2B6F; Fri, 16 Jan 2015 12:13:50 -0800 (PST)
Received: from BN3PR0301MB1252.namprd03.prod.outlook.com (25.161.207.28) by BN3PR0301MB1185.namprd03.prod.outlook.com (25.160.156.147) with Microsoft SMTP Server (TLS) id 15.1.59.20; Fri, 16 Jan 2015 20:13:50 +0000
Received: from BN3PR0301MB1250.namprd03.prod.outlook.com (25.161.207.26) by BN3PR0301MB1252.namprd03.prod.outlook.com (25.161.207.28) with Microsoft SMTP Server (TLS) id 15.1.59.20; Fri, 16 Jan 2015 20:13:48 +0000
Received: from BN3PR0301MB1250.namprd03.prod.outlook.com ([25.161.207.26]) by BN3PR0301MB1250.namprd03.prod.outlook.com ([25.161.207.26]) with mapi id 15.01.0059.007; Fri, 16 Jan 2015 20:13:48 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Yuhong Bao <yuhongbao_386@hotmail.com>, Hanno Böck <hanno@hboeck.de>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard
Thread-Index: AQHQLDb4p3YI4XMTuk2zmtbg4N2xWpzDNo2AgAAAd4CAAADYAA==
Date: Fri, 16 Jan 2015 20:13:48 +0000
Message-ID: <BN3PR0301MB12509A9375A4C24F6D8208B18C4F0@BN3PR0301MB1250.namprd03.prod.outlook.com>
References: <20150109180539.22231.7270.idtracker@ietfa.amsl.com>, <20150116210327.61046788@pc> <BLU177-W27326CC964968EABAFED09C34F0@phx.gbl>
In-Reply-To: <BLU177-W27326CC964968EABAFED09C34F0@phx.gbl>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:ed31::2]
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
x-dmarcaction-test: None
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(3005004); SRVR:BN3PR0301MB1252; UriScan:;
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:; SRVR:BN3PR0301MB1252;
x-forefront-prvs: 04583CED1A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(199003)(13464003)(52034003)(189002)(377454003)(19580405001)(19580395003)(106116001)(77156002)(99286002)(92566002)(86612001)(76576001)(62966003)(122556002)(54206007)(106356001)(86362001)(40100003)(105586002)(15395725005)(50986999)(54606007)(64706001)(101416001)(97736003)(46102003)(2900100001)(2656002)(87936001)(102836002)(2950100001)(68736005)(74316001)(76176999)(54356999)(230783001)(15975445007)(33656002)(2501002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0301MB1252; H:BN3PR0301MB1250.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jan 2015 20:13:48.1330 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0301MB1252
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BN3PR0301MB1185;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Z2iwP-Faz2x99Iln3cYXtcKrqwU>
Cc: "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jan 2015 20:13:53 -0000
> This does not mean that every browser will do it. True, but if FF is able to stick with this, and roll it out into production, that's a strong indication that other browsers may be able to do the same. And, of course, this eliminates the fallback problem at the root. One remaining issue, however, is reported high rates of TLS 1.3 version intolerance. Cheers, Andrei -----Original Message----- From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Yuhong Bao Sent: Friday, January 16, 2015 12:05 PM To: Hanno Böck; tls@ietf.org Cc: ietf@ietf.org Subject: Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard This does not mean that every browser will do it. ---------------------------------------- Date: Fri, 16 Jan 2015 21:03:27 +0100 From: hanno@hboeck.de To: tls@ietf.org CC: ietf@ietf.org Subject: Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard Recently Mozilla has disabled the now so-called protocol dance, which makes adding another workaround (SCSV) pretty much obsolete: https://bugzilla.mozilla.org/show_bug.cgi?id=1084025#c7 And a few days ago mozilla dev Brian Smith tweetet this: "Fx experiment to disable non-secure TLS version fallback is going even better than expected. Starting to feel silly for delaying it so long." https://twitter.com/BRIAN_____/status/555138042428526593 I think this adds further evidence that adding another workaround layer (SCSV) is the wrong thing to do. Instead browsers should just stop doing weird things with protocols that compromise security and drop the protocol dance completely. (By the way: Has anyone thought what happens when people implement TLS hardware that is version intolerant to versions> 1.2 and at the same time send SCSV in the handshake? I'm pretty sure that at some point some hardware will appear that does exactly that. Will we need another SCSV standard for every TLS version then?) -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@hboeck.de GPG: BBB51E42 _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-0… The IESG
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Nikos Mavrogiannopoulos
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Salz, Rich
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Stephen Farrell
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Nikos Mavrogiannopoulos
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Stephen Farrell
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Bodo Moeller
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Nikos Mavrogiannopoulos
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Hanno Böck
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Yuhong Bao
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Adam Langley
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Andrei Popov
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Watson Ladd
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Bodo Moeller
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Brian Smith
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Martin Rex
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Martin Rex
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Jeffrey Walton
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Yoav Nir
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Eric Rescorla
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Salz, Rich
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Bodo Moeller
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Colm MacCárthaigh
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Yuhong Bao
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Martin Rex
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Salz, Rich
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Martin Rex
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Brian Smith
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Salz, Rich
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Martin Rex
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Martin Rex
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Xiaoyin Liu
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Yoav Nir
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Xiaoyin Liu
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Yoav Nir
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Nikos Mavrogiannopoulos
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Bodo Moeller
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Xiaoyin Liu
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Bodo Moeller
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Michael D'Errico
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Martin Rex
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Michael Clark
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Michael Clark
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Nikos Mavrogiannopoulos
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Michael Clark
- [TLS] advertizing the minimum TLS supported versi… Nikos Mavrogiannopoulos
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Jeffrey Walton
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Michael Clark
- Re: [TLS] advertizing the minimum TLS supported v… Michael Clark
- Re: [TLS] advertizing the minimum TLS supported v… Michael Clark
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Hubert Kario
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Henrik Grubbström
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Henrik Grubbström
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Bodo Moeller
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Bodo Moeller
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Dave Garrett
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Eric Rescorla
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Michael Clark
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Michael Clark
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Michael Clark
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Martin Rex
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Henrik Grubbström
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Nikos Mavrogiannopoulos
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Stephen Farrell
- Re: [TLS] Last Call: <draft-ietf-tls-downgrade-sc… Martin Rex