IETF Logo Mail Archive

Re: [TLS] drop obsolete SSL 2 backwards compatibility from TLS 1.3 draft

Dave Garrett <davemgarrett@gmail.com> Sun, 28 December 2014 01:07 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CFA11ACE70 for <tls@ietfa.amsl.com>; Sat, 27 Dec 2014 17:07:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HY47KL22gHb9 for <tls@ietfa.amsl.com>; Sat, 27 Dec 2014 17:07:54 -0800 (PST)
Received: from mail-qg0-x230.google.com (mail-qg0-x230.google.com [IPv6:2607:f8b0:400d:c04::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45E6D1ACE75 for <tls@ietf.org>; Sat, 27 Dec 2014 17:07:54 -0800 (PST)
Received: by mail-qg0-f48.google.com with SMTP id f51so8330578qge.35 for <tls@ietf.org>; Sat, 27 Dec 2014 17:07:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=xpThICAeYBFnpmzEOw/On5xU5JgqZtWZJbQsTe2rHHg=; b=jbg7l74zPpGgHLL4R+ypNU3Sd4u6GhEhK2VRjymExlv9fAUrjtd1wrn4eHsVx/yl0E 8eR4RcHqlv73HH3uqAAo2X5nqjeFSSEhMQt/Vv4n6q/1qy4AX+goOAnhJrluUEZamO1z l9P3GFKkXbChq8twspL4W/u0UVjmMhKWEYBYADp2IW6kfnt6jAAMAYH4Kl7aslyIX/hY nia/5/AcWGhU2b5OfJil8xDC33dbCe1Pk6wnHSmp9XkiWUJU5C1HW89XbK0jEuhFQ8f8 eNI1k7Vif6/2if/4Acdjop4ixM/tKa/NHnxJ45QL6yLMVnPrLTY4ACN5ZTSaxmEkg6P4 8DXA==
X-Received: by 10.229.99.134 with SMTP id u6mr79740528qcn.10.1419728873330; Sat, 27 Dec 2014 17:07:53 -0800 (PST)
Received: from dave-laptop.localnet (pool-72-78-212-218.phlapa.fios.verizon.net. [72.78.212.218]) by mx.google.com with ESMTPSA id b39sm28159234qge.10.2014.12.27.17.07.52 (version=TLSv1 cipher=RC4-SHA bits=128/128); Sat, 27 Dec 2014 17:07:52 -0800 (PST)
From: Dave Garrett <davemgarrett@gmail.com>
To: Brian Smith <brian@briansmith.org>
Date: Sat, 27 Dec 2014 20:07:51 -0500
User-Agent: KMail/1.13.5 (Linux/2.6.32-66-generic-pae; KDE/4.4.5; i686; ; )
References: <201412221945.35644.davemgarrett@gmail.com> <201412271906.00820.davemgarrett@gmail.com> <CAFewVt4xv7cgr9pB=Rt=kvHh0kQ0-PH-RBvi4i=HrQBhZatL7w@mail.gmail.com>
In-Reply-To: <CAFewVt4xv7cgr9pB=Rt=kvHh0kQ0-PH-RBvi4i=HrQBhZatL7w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <201412272007.52081.davemgarrett@gmail.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/_4rHW3AhlPIScc6I3IdFTrM-ZaI
X-Mailman-Approved-At: Mon, 29 Dec 2014 09:10:39 -0800
Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] drop obsolete SSL 2 backwards compatibility from TLS 1.3 draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Dec 2014 01:07:58 -0000

On Saturday, December 27, 2014 07:39:07 pm Brian Smith wrote:
> Dave Garrett <davemgarrett@gmail.com> wrote:
> > On Saturday, December 27, 2014 06:37:08 pm Brian Smith wrote:
> >> if the server is allowed to support TLS 1.0, then it should seems
> >> reasonable for it to negotiate TLS 1.0 with a client that sent an
> >> SSL2-compatible TLS 1.0 ClientHello.
> > 
> > The fact
> > that some clients are EOL and might not do connect in a way that will
> > work forever is not something worth worrying about. I don't think it's
> > unreasonable to expect that 20 years later the "new" hello format should
> > be mandatory.
> > 
> > SSL2 messages should not be tolerated at this point if we want TLS 1.3 to
> > be considered a specification for a modern security protocol
> > implementation.
> 
> Like I said in my previous message, I do think that for TLS 1.3,
> SSL2-compatible ClientHellos must not be used since they don't allow
> extensions. Further, it is better for the TLS 1.3 spec to remove all
> the text describing the SSL2-compatible hello stuff, regardless of
> whether or not supporting SSL2-compatible-ClientHello for TLS
> 1.0/1.1/1.2 is explicitly prohibited or not.

I'm hesitant to even mention it, but obviously my next most preferred route is 
obviously to do that and make acceptance of an SSL2 hello for older TLS versions 
a SHOULD NOT rather than a MUST NOT. That, however, is basically just RFC 6176 
with a wag of a finger thrown in.

If the TLS WG was doing the proper thing, namely writing a TLS 1.3 that was just 
an update of TLS designed to make implementing modern security easier and saving 
other changes for TLS 1.4, then I would probably agree with your position. It's 
not though; HTTP/2 is having to be released with a messy hack to attempt to make 
TLS 1.2 palatable. The response I got to suggesting a more iterative approach 
was that people wanted to fix all the problems and get it right. That's a bit of 
a contradiction with considering this hello format valid for any use.

There have been bugs caused by supporting this and it should be mandated to no 
longer be usable for all implementations. Anyone actually relying on it and not 
capable of flipping the client-side switches needed to stop it is not likely to 
be a candidate for early adoption of TLS 1.3, anyway.


Dave

v2.23.0 | Report a Bug | By Email