[TLS] Black hole was Re: Analysis of Interop scenarios TLS extension RI w/MCSV

"tom.petch" <cfinss@dial.pipex.com> Sun, 13 December 2009 10:53 UTC

Return-Path: <cfinss@dial.pipex.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5A8F33A65A5 for <tls@core3.amsl.com>; Sun, 13 Dec 2009 02:53:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.26
X-Spam-Level:
X-Spam-Status: No, score=-0.26 tagged_above=-999 required=5 tests=[AWL=-1.163, BAYES_20=-0.74, RCVD_IN_NJABL_PROXY=1.643]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4-acT+e9USpM for <tls@core3.amsl.com>; Sun, 13 Dec 2009 02:53:30 -0800 (PST)
Received: from mk-outboundfilter-6.mail.uk.tiscali.com (mk-outboundfilter-6.mail.uk.tiscali.com [212.74.114.14]) by core3.amsl.com (Postfix) with ESMTP id 6013B3A677C for <tls@ietf.org>; Sun, 13 Dec 2009 02:53:30 -0800 (PST)
X-Trace: 166404387/mk-outboundfilter-6.mail.uk.tiscali.com/PIPEX/$PIPEX-ACCEPTED/pipex-customers/62.188.17.226/None/cfinss@dial.pipex.com
X-SBRS: None
X-RemoteIP: 62.188.17.226
X-IP-MAIL-FROM: cfinss@dial.pipex.com
X-SMTP-AUTH:
X-MUA: Microsoft Outlook Express 6.00.2800.1106Produced By Microsoft MimeOLE V6.00.2800.1106
X-IP-BHB: Once
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AlUFANNWJEs+vBHi/2dsb2JhbACCeyqFOYhqwCsKhCEE
X-IronPort-AV: E=Sophos;i="4.47,390,1257120000"; d="scan'208";a="166404387"
X-IP-Direction: IN
Received: from 1cust226.tnt1.lnd3.gbr.da.uu.net (HELO allison) ([62.188.17.226]) by smtp.pipex.tiscali.co.uk with SMTP; 13 Dec 2009 10:53:14 +0000
Message-ID: <001801ca7bda$3492bfc0$0601a8c0@allison>
From: "tom.petch" <cfinss@dial.pipex.com>
To: Marsh Ray <marsh@extendedsubset.com>, tls@ietf.org
References: <200912110208.nBB28SIT024876@fs4113.wdf.sap.corp><4B21BFF5.2020909@jacaranda.org> <4B227458.9080007@extendedsubset.com>
Date: Sun, 13 Dec 2009 10:43:00 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Subject: [TLS] Black hole was Re: Analysis of Interop scenarios TLS extension RI w/MCSV
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: "tom.petch" <cfinss@dial.pipex.com>
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Dec 2009 10:53:31 -0000

----- Original Message -----
From: "Marsh Ray" <marsh@extendedsubset.com>
To: "David-Sarah Hopwood" <david-sarah@jacaranda.org>; <tls@ietf.org>
Sent: Friday, December 11, 2009 5:33 PM
Subject: Re: [TLS] Analysis of Interop scenarios TLS extension RI w/MCSV

> David-Sarah Hopwood wrote:
> >
> > Why? What is the point of allowing the client to send an empty extension,
> > when a patched client MUST send the MSCV, and a patched server MUST use
> > *only* the MSCV to determine whether the client is patched? You'd just be
> > adding the option to send an extension that has no defined meaning.
>
> I would like for the decisions we make today to allow the MCSV hack to
> be retired at some point in the future. MCSV represents extra complexity
> that we added as a concession for interoperability with obsolete and
> out-of-spec systems. We all have to make compromises in life and
> protocol design, but it is better to do it in such a way that they
> eventually pass into history rather than build up over time.
>
> Today there are many clients which never interoperate with
> extensions-intolerant servers. If at all possible, these should have the
> option of not sending the MCSV hack from the beginning.

I was going to say that that logic leads me to conclude that we
should not send the empty extension either.  In a future version -
someone suggested 3.7 :-) - the binding of renegotiation to negotiation is
built in to the protocol and so no signalling - no MCSV, no RI, -
nothing extra is needed in ClientHello.

But while any server not supporting that version would fall back to TLS
1.somethingLess (which is the patched protocol we are now developping)
and would signal in whatever way we now decide that is supports the patch,
it would still need to know that this client with a version number it has
never heard of also supports the patch, so the client will have to go
on signalling in perpetuity.  In effect, we are digging ourselves a black
hole.

There is a solution.  We should require, as part of this patch, that upgraded
stacks treat a version number that is greater than some specified value as
also being a signal that the peer is upgraded.  Then we will be able to drop
the MCSV and/or RI as a signal from the '3.7' ClientHello. But we do need
to include this now.

Tom Petch

> - Marsh