Re: [TLS] 2nd WGLC: draft-ietf-tls-downgrade-scsv

Bodo Moeller <bmoeller@acm.org> Thu, 04 December 2014 09:02 UTC

Return-Path: <SRS0=jrr9=AY=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09AC81A896F for <tls@ietfa.amsl.com>; Thu, 4 Dec 2014 01:02:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.938
X-Spam-Level:
X-Spam-Status: No, score=-0.938 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y-ddWvPwQpOQ for <tls@ietfa.amsl.com>; Thu, 4 Dec 2014 01:02:42 -0800 (PST)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.24]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A0AC1A8966 for <tls@ietf.org>; Thu, 4 Dec 2014 01:02:42 -0800 (PST)
Received: from mail-ob0-f172.google.com ([209.85.214.172]) by mrelayeu.kundenserver.de (mreue102) with ESMTPSA (Nemesis) id 0MNKx7-1Y3M3y3zwn-006sEw for <tls@ietf.org>; Thu, 04 Dec 2014 10:02:40 +0100
Received: by mail-ob0-f172.google.com with SMTP id wn1so12850969obc.17 for <tls@ietf.org>; Thu, 04 Dec 2014 01:02:38 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.182.120.69 with SMTP id la5mr5947229obb.87.1417683758668; Thu, 04 Dec 2014 01:02:38 -0800 (PST)
Received: by 10.60.32.42 with HTTP; Thu, 4 Dec 2014 01:02:38 -0800 (PST)
In-Reply-To: <20141204021647.F06351B03D@ld9781.wdf.sap.corp>
References: <CAFewVt5XrE_qc7ejqW3Zwa-qfvzBksZevsytt6e3G4CaQTiQeA@mail.gmail.com> <20141204021647.F06351B03D@ld9781.wdf.sap.corp>
Date: Thu, 04 Dec 2014 10:02:38 +0100
Message-ID: <CADMpkc+GcfGumjD-vk2fcft0_xz74BfCRufu6CdQwy=Qyg7WYQ@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="089e0139fba6d6e46a05096038fa"
X-Provags-ID: V03:K0:I2ZxujAYKf+Qt8df14LmCL7PweBObT5CrWTtq4W0IQ3OlC+GuDO e1FohvrFfaTZMHx9tHMNH5jJ+3JQ4Yu7l81ezSA2XX7kv1j/u8tW637h24XIz7WTZ96hPLO ALG0XEB4anWYUR/QlvCweTFILJNVrb5oP6Vrgx4n1nw15GYpftNkvb2yic5gIcXi7Y3VXJF vFdSp2BPyTd3NDBeR7aGg==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/_8XftUYvORhOBwQ7ysnUbykfo10
Subject: Re: [TLS] 2nd WGLC: draft-ietf-tls-downgrade-scsv
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Dec 2014 09:03:54 -0000

Martin Rex <mrex@sap.com>:

> Brian Smith wrote:


> Recently, it has been shown that it is problematic to put the
> > TLS_FALLBACK_SCSV cipher suite ahead of any real cipher suites in the
> > ClientHello, because doing so causes unintended handshake failures.
>


> This statement is self-contradictory.
>
> The entire and only purpose of this I-D is to cause handshake failures,


No. The *purpose* is to prevent downgrade attacks. Handshake failures
(under certain circumstances) are the *means* towards that purpose.

When the server's highest protocol version doesn't exceed
ClientHello.client_version, this doesn't apply and there's no point in
aborting the handshake, regardless of whether and where TLS_FALLBACK_SCSV
appears. I see no contradiction.

Bodo