IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00

Manuel Pégourié-Gonnard <mpg@polarssl.org> Thu, 16 October 2014 14:20 UTC

Return-Path: <mpg@polarssl.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E491B1A1A7D for <tls@ietfa.amsl.com>; Thu, 16 Oct 2014 07:20:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.397
X-Spam-Level:
X-Spam-Status: No, score=0.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_EQ_NL=1.545, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IV06HR1GkTnF for <tls@ietfa.amsl.com>; Thu, 16 Oct 2014 07:20:17 -0700 (PDT)
Received: from vps2.offspark.com (vps2.brainspark.nl [141.138.204.106]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66D9E1A1B04 for <tls@ietf.org>; Thu, 16 Oct 2014 07:20:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=polarssl.org; s=exim; h=Subject:Content-Transfer-Encoding:Content-Type:In-Reply-To:References:CC:To:MIME-Version:From:Date:Message-ID; bh=4s57MOqXnAJvcjlBvPQgXLnqalylqKOddstXJ1t+yZk=; b=DNBZm+yyqFwVl5la1vgQlKI5QIoRS+N4iqhKvXX9ifbEeVHoAynvqrV2CC9Hq+DoHCqu2ojndGdQoQEayGInCUT6U3pYZ41OrbbHcAObdw82SvHof/gicIitpUkHS+VYcEllRO7NduDAOjwjlKb7iaHl2/lSYmFl/xIG9rUZU/o=;
Received: from thue.elzevir.fr ([88.165.216.11] helo=[192.168.0.124]) by vps2.offspark.com with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <mpg@polarssl.org>) id 1XeluE-0002O4-OK; Thu, 16 Oct 2014 16:19:55 +0200
Message-ID: <543FD40E.9070405@polarssl.org>
Date: Thu, 16 Oct 2014 16:19:58 +0200
From: Manuel Pégourié-Gonnard <mpg@polarssl.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2
MIME-Version: 1.0
To: Nikos Mavrogiannopoulos <nmav@redhat.com>
References: <2112FCAD-4820-49D9-9871-6501C83A554D@cisco.com> <5438CFEA.7000401@brainhub.org> <543E9435.8000905@redhat.com> <2A0EFB9C05D0164E98F19BB0AF3708C71D39ECE9C9@USMBX1.msg.corp.akamai.com> <543E9C9F.5050104@redhat.com> <2A0EFB9C05D0164E98F19BB0AF3708C71D39ECE9D5@USMBX1.msg.corp.akamai.com> <543E9FFA.5030102@redhat.com> <CADMpkcLnOh3HGD+urWuo6fPfkX4WfGhwckE0jg5jS2KqD2RuMQ@mail.gmail.com> <CABkgnnWuCwOGBXG2RdetwPFn4KtVPygSBWG5qkme1mvNst6n+A@mail.gmail.com> <543F9893.806@redhat.com> <543FA0A0.1030205@polarssl.org> <543FCAED.50502@redhat.com> <543FCC90.7020408@polarssl.org> <1413468247.17221.8.camel@dhcp-2-127.brq.redhat.com>
In-Reply-To: <1413468247.17221.8.camel@dhcp-2-127.brq.redhat.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-SA-Exim-Connect-IP: 88.165.216.11
X-SA-Exim-Mail-From: mpg@polarssl.org
X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:24:06 +0000)
X-SA-Exim-Scanned: Yes (on vps2.offspark.com)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/ZmlWXwrATV1Z4mA2RWwY6Ut_ha4
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Oct 2014 14:20:18 -0000

On 16/10/2014 16:04, Nikos Mavrogiannopoulos wrote:
> On Thu, 2014-10-16 at 15:48 +0200, Manuel Pégourié-Gonnard wrote:
> 
>>> A widely-deployed client might use TLS 1.2 with FALLBACK_SCSV 
>>> unconditionally.  This client would break once servers start supporting 
>>> TLS 1.3.  That's just one example of what could go wrong which could not 
>>> go wrong before.
>>>
>> I'm sorry, but wouldn't that be very stupid of the client? Maybe the draft could
>> include wording that clients MUST NOT do that, to be extra clear, but IMHO it's
>> already quite clear.
> 
> Of course, but isn't this issue that SCSV is trying to fix in the first
> place? Isn't the SCSV's reason of existance the fact that there are some
> buggy servers that cannot handle TLS protocol version negotiation? Why
> should we assume that buggy clients are impossible to happen?
> 
That's probably a good argument for mentioning it explicitly in the spec.

Maybe also mention that TLS implementations must not include this SCSV unless
explicitly requested to do so by the application, to prevent false good ideas
such as "let's include FALLBACK_SCSV automatically when the version we're
offering is less than the highest version we support" (which also should be
clear by reading the spec, but who knows).

I might be overly optimistic, but I hope that people implementing client
work-arounds made necessary by the existence of buggy servers are able and
willing to correctly implement a short a simple spec without adding bugs.

Manuel.

v2.23.0 | Report a Bug | By Email