IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00

Bodo Moeller <bmoeller@acm.org> Mon, 27 October 2014 14:53 UTC

Return-Path: <SRS0=0P51=7S=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 833831A87AD for <tls@ietfa.amsl.com>; Mon, 27 Oct 2014 07:53:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.938
X-Spam-Level:
X-Spam-Status: No, score=-0.938 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hUH4wkPxAzR2 for <tls@ietfa.amsl.com>; Mon, 27 Oct 2014 07:53:09 -0700 (PDT)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.13]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A4AB1A0023 for <tls@ietf.org>; Mon, 27 Oct 2014 07:53:08 -0700 (PDT)
Received: from mail-yk0-f171.google.com (mail-yk0-f171.google.com [209.85.160.171]) by mrelayeu.kundenserver.de (node=mreue103) with ESMTP (Nemesis) id 0MQLgi-1XWcZw1vps-00Toxx; Mon, 27 Oct 2014 15:53:04 +0100
Received: by mail-yk0-f171.google.com with SMTP id 20so396865yks.30 for <tls@ietf.org>; Mon, 27 Oct 2014 07:53:03 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.236.191.230 with SMTP id g66mr22970470yhn.27.1414421583408; Mon, 27 Oct 2014 07:53:03 -0700 (PDT)
Received: by 10.170.194.15 with HTTP; Mon, 27 Oct 2014 07:53:03 -0700 (PDT)
In-Reply-To: <544C6C00.3070903@brainhub.org>
References: <2112FCAD-4820-49D9-9871-6501C83A554D@cisco.com> <5449E969.9000800@brainhub.org> <CADMpkc+cLJNMYZb4OqukM7qT1aPsqEmCF0JxOyuLYe=78BEcgQ@mail.gmail.com> <544AB4B4.2010305@brainhub.org> <CADMpkc+cku0G6SKs7ZX6oHidiP2X8x8KfB9+E7mjYcNDXrPw9w@mail.gmail.com> <544B5764.9020006@brainhub.org> <CABkgnnVcNgC0SXFkfLYJHyxWe0uxDDShfgPgH=JmmTv0KVQhpg@mail.gmail.com> <544B5D82.2080900@brainhub.org> <CADMpkcLzXV0P8uyoL7F=o3fMUkaJwWZUF7+fBoGYaBri1DgDcg@mail.gmail.com> <544BFCED.9080904@brainhub.org> <CAFewVt4=uBP-J0WJyppph_BzbdEsTHw63BF9XrrHNfqUwapvSg@mail.gmail.com> <544C6C00.3070903@brainhub.org>
Date: Mon, 27 Oct 2014 15:53:03 +0100
Message-ID: <CADMpkcKhWMaKD-qFM13uA9YvZ9fw4GawT5tkoX2ooTMSMgzwwA@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="20cf305b10820ab531050668b023"
X-Provags-ID: V02:K0:M6mmMZ2FtF+4/iie8efj29EtDKSdC8FqPbZ/cp8w0ql zSn++RimzWmNIkyV8XDk1XWHjOHDjOOaysuVbvfNeeC/BOBBd/ WtU5ToX36NqguXGSRp9HpNGLGwgcQeo+J1gWPqYWmtfgoeLIj/ Xw6YU6p4a8ZdRpY6CPpSpE5ctk/eXlubN0A8nHiPtSpWSMU6RG Wnz7UwMsAwwHgy/CpNfbaomAeWwHrLOMKdtUFMJO6CE8KTMPXE CC81t+14+AvhdxziheTFGcMJdgbxKsVDgiGiTJfND2OM7/x04C AZYn/ulyblEU2e79M6X0jLafgnDoftIAJzK5464cAw2nlsJG7m 1OLJtjCTyavHnj+ULAGfOYt85s3GayCXf8x/U09ab5sjW7Ws8S 0sykq3CkTgZSKGOj484WKUDMGvEK79fwUmQvU22eOmzYSwGVqQ 6URDL
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/d_KD4oSvEXQlfxS_pq-zm9bZstQ
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Oct 2014 14:54:37 -0000

Andrey Jivsov <crypto@brainhub.org>:

To be even more specific, let's simplify the above a bit:
>
>        TLS1.2: X, Y

[...]

> If you accept that this is allowed on the server, for the purpose of the
> draft what's the server's maximum protocol version?
>

Very clearly it is TLS 1.2, but I'll make it clearer in the next version of
the I-D to avoid any ambiguity.

Note that in fallback retries, clients might omit cipher suites (that don't
work with the older protocol version).  We don't want to the server to try
to be clever then and say "Well, this Client Hello doesn't look a fallback
after all because I only support these ciphers with older protocols".



> [...] However, this results in odd behaviour when the server is required
> to fail fallback handshakes with versions that are more secure than it
> could negotiate if TLS_FALLBACK_SCSV was not present.
>

Maybe so, but I can live with that: this is not an arbitrary restriction,
but it follows from rules that serve the purpose they are designed for, and
it does not affect servers that follow the TLS specification.

Bodo

v2.23.0 | Report a Bug | By Email