IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00

Bodo Moeller <bmoeller@acm.org> Fri, 26 September 2014 19:09 UTC

Return-Path: <SRS0=QEdY=6T=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A1BF1A1A28 for <tls@ietfa.amsl.com>; Fri, 26 Sep 2014 12:09:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.714
X-Spam-Level:
X-Spam-Status: No, score=-1.714 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9HBSVNhki1pp for <tls@ietfa.amsl.com>; Fri, 26 Sep 2014 12:09:43 -0700 (PDT)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.13]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 209331A1A0B for <tls@ietf.org>; Fri, 26 Sep 2014 12:09:43 -0700 (PDT)
Received: from mail-qa0-f41.google.com (mail-qa0-f41.google.com [209.85.216.41]) by mrelayeu.kundenserver.de (node=mreue103) with ESMTP (Nemesis) id 0LyBrp-1YIUwD3QZh-015cST; Fri, 26 Sep 2014 21:09:41 +0200
Received: by mail-qa0-f41.google.com with SMTP id cm18so6591609qab.28 for <tls@ietf.org>; Fri, 26 Sep 2014 12:09:38 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.140.19.178 with SMTP id 47mr25230655qgh.28.1411758578540; Fri, 26 Sep 2014 12:09:38 -0700 (PDT)
Received: by 10.140.156.5 with HTTP; Fri, 26 Sep 2014 12:09:38 -0700 (PDT)
In-Reply-To: <4362f4b71cb44ebd80629d52dd791437@BL2PR03MB419.namprd03.prod.outlook.com>
References: <2112FCAD-4820-49D9-9871-6501C83A554D@cisco.com> <e2ae0847d4ef49c48fe972adead9bbcc@BL2PR03MB419.namprd03.prod.outlook.com> <CAMfhd9UQ1wHFMJpLcxX6o3YDcLn_Az_vy7PfB9QUwyjHrrPaJQ@mail.gmail.com> <ceda19c3fdee4b488cff118d34f44afe@BL2PR03MB419.namprd03.prod.outlook.com> <CAMfhd9XuPBQ1ohNO1Yj1TTQdMCnDg-uUrtvwWA=q74D2gSOPVA@mail.gmail.com> <4362f4b71cb44ebd80629d52dd791437@BL2PR03MB419.namprd03.prod.outlook.com>
Date: Fri, 26 Sep 2014 21:09:38 +0200
Message-ID: <CADMpkcLZa0P_Zd-MAhJnBsguX-AWSzSSKq0LR-6r+CpaS-X0mQ@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: Andrei Popov <Andrei.Popov@microsoft.com>
Content-Type: multipart/alternative; boundary="001a1134f6f8952dfe0503fca808"
X-Provags-ID: V02:K0:vLRvrQrGQyzXJIjaqMtYCBYwzFU8QPeZDV0/7p1SLgx D4QaPLkx5GsEHSi5t/shAgwR4vpw/mWSZWn+0fPYORRXfkCPwP xqKMKP1Av6uUxfu46SgZSJ1voADEQ8Y3PsbxVG+eDTnWfs3uro y1vldMj/HIUUUalUz7BSy8b7DmhGzkne11vdrre6ADuKUpNC/a 6q8T1mmVSAbcqvIBQFXtCh8AmPlzJAYu/Edpfl7EH/Obxu2ZTw jOyxUMNd5RhGdIS7MN9u3W4aPt2e0f0LuHab1WIK2exH802ngM ozTUGLaiN9qGWRgl/Qewadyu0rY1CozvCnFW+v78+AsCBHDiBn oLhRSnbbL+IBYDagloSEDZoh/B3CblRRJmL5dgQcf6hGHZFTxv iWZibi8HbSB93V3jy8Bu2LWypqKqJDf7a+GAxDltQjwRm0ehGN BvRQP
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/alOeX7ZvmE3rkda9-xag6Nv__sc
Cc: Adam Langley <agl@imperialviolet.org>, "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Sep 2014 19:09:44 -0000

Andrei Popov <Andrei.Popov@microsoft.com>:


> In any case, the client app has a workaround (which is to not send the
> downgrade SCSV when skipping TLS versions).


Well, that could sometimes be acceptable. Or do send the downgrade SCSV for
the version that you want to skip just to confirm that it's this server's
highest supported protocol, and then just use the previous version instead
(in a new connection). There's an extra latency penalty in this, but I
consider this version-skipping scenario very unlikely and we haven't ever
bothered to address this in standard version negotiation either (the client
can't send a list of supported protocol versions) and so have a similar
latency penalty there, so I don't think we should consider this a serious
drawback.

This workaround is far from perfect, but I can live with the current
> downgrade-scsv draft if I have to. In this case, the fix is pretty trivial,
> so I thought it was worth bringing this up.


You mean, version-specific SCSVs? I'd rather not do that, because then
there's much more to do (and possibly get wrong) in servers. And even if we
allocate a bunch of SCSVs for future protocol versions, at some point we
might run out.


(As an aside, if latency is the utmost concern, you don't strictly have to
try protocol versions in sequence -- you could do multiple connections in
parallel. However, that shouldn't be the norm. We *do* have version
negotiation in the protocol, after all. We shouldn't forget that the entire
fallback business is about servers that aren't just up to date with the
latest protocol version, but are exceptionally broken on top of that.)

Bodo

v2.43.4 | Report a Bug | By Email | System Status