Re: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv
Watson Ladd <watsonbladd@gmail.com> Tue, 28 January 2014 06:14 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A93801A019D for <tls@ietfa.amsl.com>; Mon, 27 Jan 2014 22:14:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XUtHoxDFlgTT for <tls@ietfa.amsl.com>; Mon, 27 Jan 2014 22:14:36 -0800 (PST)
Received: from mail-wg0-x230.google.com (mail-wg0-x230.google.com [IPv6:2a00:1450:400c:c00::230]) by ietfa.amsl.com (Postfix) with ESMTP id BA79D1A0197 for <tls@ietf.org>; Mon, 27 Jan 2014 22:14:35 -0800 (PST)
Received: by mail-wg0-f48.google.com with SMTP id x13so6853957wgg.15 for <tls@ietf.org>; Mon, 27 Jan 2014 22:14:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=ZXQTilRlOezhEy9RnkSR5WXxOBg/yiIhNMoPW+LKGOY=; b=hAqDlgQJ69utrWJjyI54c6h1f9c8bAzXBZ86+j/jkGTCd6mczh57LEfGa0nSeloOMo 2Hba+W62uvtMx/YJ5cRUJLUhoIjA69FjnKkMfdtysPguqfsYt4XLZBiZ0bEar3vrDzCT fzafUAZYImxzFONjJAEhAQffSk0xO1J3dZwbQUzrbLPeRJcr1Fie1di+PVJSgjg5y1A0 qHg5nTDCQw4/Cihz/asU9s/e5FxtiQDHfvarW9ey0EcLryg/yPZIp7y/UFYO5ZWFwIpO UyN7BeTbM6csLBT7qtnfJ0KWZ8Y1VneQcwanj9xAoQpvmRwhGbN4wViy4EeYcOUWYQnh nyfw==
MIME-Version: 1.0
X-Received: by 10.180.79.7 with SMTP id f7mr827092wix.20.1390889672816; Mon, 27 Jan 2014 22:14:32 -0800 (PST)
Received: by 10.194.250.101 with HTTP; Mon, 27 Jan 2014 22:14:32 -0800 (PST)
In-Reply-To: <20140128024632.F2A8A1ABC9@ld9781.wdf.sap.corp>
References: <CACsn0ckJvRkdsHY9uFzPDh9ceLgc+56KDxRZhMVN_Js7BF=RkQ@mail.gmail.com> <20140128024632.F2A8A1ABC9@ld9781.wdf.sap.corp>
Date: Mon, 27 Jan 2014 22:14:32 -0800
Message-ID: <CACsn0ck9L0gEDgp3-T2b3-xqLnN0k5wDEMhnnZBwaRuLrBp=2g@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: mrex@sap.com, "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Subject: Re: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jan 2014 06:14:37 -0000
On Mon, Jan 27, 2014 at 6:46 PM, Martin Rex <mrex@sap.com> wrote: > Watson Ladd wrote: >> "Martin Rex" <mrex@sap.com> wrote: >> > >> > Which server implementers are eager to send such a fatal alert as >> > is contained in this proposal anyway? I will certainly ensure that >> > our server implementation will NEVER grow such silly behaviour. >> >> Let me get this straight: all SAP applications will be vulnerable to >> downgrades even when clients are fixed because that behavior is "silly". > > Nope. We do not implement reconnect fallbacks, so none of our stuff > is downgradable. > > There might be defective browsers who will needlessly downgrade > to insecure behaviour or suggest end users to not use HTTPS at all, > but that is a defect of those browsers, not of our server. So let me get this straight: Because none of your clients ever need to implement reconnects and none of your servers are ever connected to by clients that do, this proposal is a problem for you because...? You can always not implement it. I'm much more inclined to take seriously the complaints from folks who actually have to live with the proposal. So far the Firefox and Chrome folks have supported this proposal. The servers probably will support it: I think I can do PolarSSL without too much trouble, and someone far more skilled then me in arcana can do OpenSSL. > > >> >> I'm sure your clients will be happy to hear how seriously SAP takes >> security. > > We do take security very seriously. But we also take robustness, > support and performance very seriously, but the reconnect fallback > approach is neither robust, nor supportable and a royal PITA for > performance. Yes it is. But the browser folks disagree: being able to connect to a small minority of broken servers is worth the pain for them. > > How many TLS clients beyond a negligible small amount of browsers > is doing the reconnect fallbacks anyway? How many POP/IMAP/SMTP/LDAP > clients and programmatic HTTPS clients is doing reconnect fallbacks? If they aren't doing fallbacks, then this doesn't affect them. This is a much easier change (bail out if you think you can support TLS 1.2) then your proposal. > > > I refuse to blame the apps folks that they will have to jump hoops > to workaround the botched TLS feature negotiation, rather than fixing > the TLS feature negotiation within the TLS protocol itself. Dead hands. Our ability to redo the negotiation at this point is about nil. I've got no idea why it was done this way Hopefully with TLS 1.3 we won't screw it up even further: perhaps TLS 1.2.1 is a better name. The apps folks can always refuse to support servers that can't negotiate properly. Or we can make TLS APIs and libraries that handle the uglyness of reconnection for the apps. > > -Martin -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin
- [TLS] Call for acceptance of draft-moeller-tls-do… Eric Rescorla
- Re: [TLS] Call for acceptance of draft-moeller-tl… Ben Laurie
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Kurt Roeckx
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Rob Stradling
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Rob Stradling
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Michael D'Errico
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Thomson
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Ben Laurie
- Re: [TLS] Call for acceptance of draft-moeller-tl… Kurt Roeckx
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Daniel Kahn Gillmor
- Re: [TLS] Call for acceptance of draft-moeller-tl… Salz, Rich
- Re: [TLS] Call for acceptance of draft-moeller-tl… Geoffrey Keating
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yoav Nir
- Re: [TLS] Call for acceptance of draft-moeller-tl… Daniel Kahn Gillmor
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bill Frantz
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yoav Nir
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yngve N. Pettesen
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Michael D'Errico
- Re: [TLS] Call for acceptance of draft-moeller-tl… Michael D'Errico
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Andrei Popov
- Re: [TLS] Call for acceptance of draft-moeller-tl… Andrei Popov
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Moeller
- Re: [TLS] Call for acceptance of draft-moeller-tl… t.petch
- Re: [TLS] Call for acceptance of draft-moeller-tl… Andrei Popov
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yoav Nir
- Re: [TLS] Call for acceptance of draft-moeller-tl… Andrei Popov
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Watson Ladd
- Re: [TLS] Call for acceptance of draft-moeller-tl… Adam Langley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Martin Rex
- Re: [TLS] Call for acceptance of draft-moeller-tl… Joseph Salowey (jsalowey)
- Re: [TLS] Call for acceptance of draft-moeller-tl… Russ Housley
- Re: [TLS] Call for acceptance of draft-moeller-tl… Marsh Ray
- Re: [TLS] Call for acceptance of draft-moeller-tl… Eric Rescorla
- Re: [TLS] Call for acceptance of draft-moeller-tl… Bodo Möller
- Re: [TLS] Call for acceptance of draft-moeller-tl… Yngve N. Pettersen