Re: [TLS] History of extensions

Martin Rex <mrex@sap.com> Sun, 15 November 2009 02:13 UTC

Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 133213A67F9 for <tls@core3.amsl.com>; Sat, 14 Nov 2009 18:13:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.021
X-Spam-Level:
X-Spam-Status: No, score=-6.021 tagged_above=-999 required=5 tests=[AWL=-0.087, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xZLZZZ-wU-x6 for <tls@core3.amsl.com>; Sat, 14 Nov 2009 18:13:29 -0800 (PST)
Received: from smtpde03.sap-ag.de (smtpde03.sap-ag.de [155.56.68.140]) by core3.amsl.com (Postfix) with ESMTP id BE59F3A67F1 for <tls@ietf.org>; Sat, 14 Nov 2009 18:13:28 -0800 (PST)
Received: from mail.sap.corp by smtpde03.sap-ag.de (26) with ESMTP id nAF2DwGQ022812 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 15 Nov 2009 03:13:58 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <200911150213.nAF2DvaU019042@fs4113.wdf.sap.corp>
To: ekr@networkresonance.com
Date: Sun, 15 Nov 2009 03:13:57 +0100
In-Reply-To: <20091114164244.70D5D69F6AA@kilo.networkresonance.com> from "Eric Rescorla" at Nov 14, 9 06:42:44 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal06
X-SAP: out
Cc: tls@ietf.org, Nicolas.Williams@sun.com
Subject: Re: [TLS] History of extensions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Nov 2009 02:13:30 -0000

Eric Rescorla wrote:
> > 
> > IIUC the arguments about SSLv3, there's an installed base of SSLv3 and
> > TLS 1.0-with-bugs that is more likely to get patched to fix this and
> > only this than to get upgraded t TLS 1.1+ or to have all their bugs
> > patched.  I'm not sure that that's true.  IF it is true, then we have to
> > consider the possibility of designing the fix so that it's easier to
> > patch those.
> 
> As I said, clients offer extensions already and know how to fall
> back to not using extensions. I don't see that there is a problem
> here.

There are still millions of Web Browsers in use out there that
do not contain a fallback reconnect at the application level.
MSIE 6 comes to mind (I use it on 4 different machines).

A fix that only changes a small amount of code in schannel.dll is
probably easy.  But you're suggesting that MSIE6 needs to be enhanced
with a fallback reconnect in order to allow the TLS renego patch to
be applied without impairing connectivity/interoperability of MSIE6
with a part of the installed base.

That sounds like poor engineering to me.

We can fix this entirely in TLS in a highly interoperable fashion
by using and existing protocol element in the ClientHello handshake
message rather than a relatively new optional feature like TLS
extensions that has demonstrated to cause significant interop problems.


Personally I would not mind if in 6 months my Browser would start
to warn me if I'm connecting to an unpatched server.  But in order
to do that, we MUST have a negotiation which will determine this
reliably through ServerHello.  Making assumptions why a connection
was simply closed by the server (silently or with a fatal alert)
will NOT provide this information.  The TLS extension RI is unable
to provide this information, and that is a significant shortcoming.


-Martin


-Martin