Re: [TLS] "Spec Compliance" and the older TLS protocols
Nikos Mavrogiannopoulos <nmav@redhat.com> Mon, 06 March 2017 08:41 UTC
Return-Path: <nmav@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CF7C12946C for <tls@ietfa.amsl.com>; Mon, 6 Mar 2017 00:41:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.923
X-Spam-Level:
X-Spam-Status: No, score=-6.923 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WXuPTOSg1fUK for <tls@ietfa.amsl.com>; Mon, 6 Mar 2017 00:41:17 -0800 (PST)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CEC5D129465 for <tls@ietf.org>; Mon, 6 Mar 2017 00:41:17 -0800 (PST)
Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8F1D1C02C017; Mon, 6 Mar 2017 08:41:18 +0000 (UTC)
Received: from dhcp-10-40-1-102.brq.redhat.com ([10.40.3.156]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v268fGZs026259 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 6 Mar 2017 03:41:17 -0500
Message-ID: <1488789676.3078.5.camel@redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Bradford Wetmore <bradford.wetmore@oracle.com>, tls@ietf.org
Date: Mon, 06 Mar 2017 09:41:16 +0100
In-Reply-To: <85c7a8fe-6963-ebbf-f600-49e88477ac26@oracle.com>
References: <85c7a8fe-6963-ebbf-f600-49e88477ac26@oracle.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Mon, 06 Mar 2017 08:41:18 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/cDprlKvYytQw-tRQaUeo9hE3t7o>
Subject: Re: [TLS] "Spec Compliance" and the older TLS protocols
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Mar 2017 08:41:19 -0000
On Fri, 2017-03-03 at 15:32 -0800, Bradford Wetmore wrote: > An interpretation question for our older RFCs, in particular TLSv1 > [RFC2246] and TLSv1.1 [RFC4346] in the context of recent > developments > [SWEET32]. > > In particular, likely for minimal interoperability reasons, specific > 3DES-based ciphersuites must be implemented in TLS: > > TLS 1.0 > > In the absence of an application profile standard specifying > otherwise, a TLS compliant application MUST implement the cipher > suite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA. > > TLS 1.1 > > In the absence of an application profile standard specifying > otherwise, a TLS compliant application MUST implement the cipher > suite TLS_RSA_WITH_3DES_EDE_CBC_SHA. I do not think the TLS 1.0 MUST requirement for a mandatory ciphersuite was ever implemented at the time TLS 1.0 was the latest protocol. None of the browsers of the time supported TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA. TLS 1.1 was modified to reflect the actual situation as you see above. > So, strictly speaking from a RFC point of view (not practical or > security POV, those are different questions), what do these "MUST > implement" statements mean in order for an implementation to still > be > considered "spec-compliant" in the post-SWEET32 era. 1-2 above? 1- > 3? > [RFC2119] isn't clear on whether 3 would be ok. Spec compliance at the time of TLS 1.0 and TLS 1.1 was interoperation with the available browsers and servers. The spec itself didn't result to guaranteed interoperability. regards, Nikos
- [TLS] "Spec Compliance" and the older TLS protoco… Bradford Wetmore
- Re: [TLS] "Spec Compliance" and the older TLS pro… Martin Thomson
- Re: [TLS] "Spec Compliance" and the older TLS pro… Yoav Nir
- Re: [TLS] "Spec Compliance" and the older TLS pro… Nikos Mavrogiannopoulos