IETF Logo Mail Archive

Re: [TLS] drop obsolete SSL 2 backwards compatibility from TLS 1.3 draft

Watson Ladd <watsonbladd@gmail.com> Sun, 28 December 2014 18:55 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CC601A8960 for <tls@ietfa.amsl.com>; Sun, 28 Dec 2014 10:55:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YnI-F5hf1Kcw for <tls@ietfa.amsl.com>; Sun, 28 Dec 2014 10:55:04 -0800 (PST)
Received: from mail-yk0-x22c.google.com (mail-yk0-x22c.google.com [IPv6:2607:f8b0:4002:c07::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95C951A89F2 for <tls@ietf.org>; Sun, 28 Dec 2014 10:55:04 -0800 (PST)
Received: by mail-yk0-f172.google.com with SMTP id 131so6010937ykp.31 for <tls@ietf.org>; Sun, 28 Dec 2014 10:55:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=G3laXNRtQ0Sus/WhJzVz1rc/MBOQ8XWN3SRjM6QS61g=; b=MNxeEhzx/PqnJbiCEDm+7dJqDbBgF/cmcVnbPBuuv0zgu5bUyV71b4wpc+C8+WqLZz n5YGbXi6oiqiNx/6R6lec2o0uL1AfLKUN1caWd4xRIzu61UtU7MLQs3K2YmupN/8c78j +eMMXKTKOUkVVJDgvTiqGvbH6U3tjwV6wZ6kU2Rqsbo4TY1IC26efIJpXoNwTfaYU3y8 xW6UU/WfOQUqq+b/QHLqKcmeaWcAI2k9Mu3ZGpui2F3hp71YgtjsuvepL4lqJbkxlUlS Q1soye0682c3tvY8OEkGa0yDWhRrIRv94+n2RAW52f2SSN7JrksXB3IMTiVAc3Mtz0fu L9ZA==
MIME-Version: 1.0
X-Received: by 10.236.30.168 with SMTP id k28mr20297888yha.163.1419792903806; Sun, 28 Dec 2014 10:55:03 -0800 (PST)
Received: by 10.170.207.6 with HTTP; Sun, 28 Dec 2014 10:55:03 -0800 (PST)
In-Reply-To: <20141228164421.GA5437@roeckx.be>
References: <201412221945.35644.davemgarrett@gmail.com> <F07340BA-F182-470C-AF90-C85A973075B9@gmail.com> <549F2D90.5030305@hauke-m.de> <201412271739.24476.davemgarrett@gmail.com> <38DB9255-0F1B-40BC-A36B-D0241BE65E40@gmail.com> <54A0171D.9070504@hauke-m.de> <20141228164421.GA5437@roeckx.be>
Date: Sun, 28 Dec 2014 13:55:03 -0500
Message-ID: <CACsn0cnV7ffbwVffvKmFMJ17JpZ2egN_opLyNjSVMbVE1bAwsw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Kurt Roeckx <kurt@roeckx.be>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/dcMECk9hdA1FqmBqVrhXif_8PMY
Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>, Dave Garrett <davemgarrett@gmail.com>
Subject: Re: [TLS] drop obsolete SSL 2 backwards compatibility from TLS 1.3 draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Dec 2014 18:55:06 -0000

On Sun, Dec 28, 2014 at 11:44 AM, Kurt Roeckx <kurt@roeckx.be> wrote:
> On Sun, Dec 28, 2014 at 03:43:41PM +0100, Hauke Mehrtens wrote:
>> Hi,
>>
>> as even OpenSSL 0.9.8 sends such ClientHellos in the default settings, I
>> think TLS 1.3 should support the following:
>>
>> 1. TLS 1.3 Clients must only negotiate TLS 1.0 or up. I think with the
>> Poodle attack most servers and clients already deactivated SSL v3
>> support. This is draft-ietf-tls-sslv3-diediedie-00.
>> 2. A TLS 1.3 Client most not send a SSL v2 or SSL v3 ClientHello. This
>> is draft-ietf-tls-sslv3-diediedie-00.
>> 2. A TLS 1.3 server may or should accept a SSL V2 and V3 compatible
>> ClientHello, but not negotiate these protocol versions.
>
> Maybe some people would like to see that TLS 1.3 should never be
> set up using an SSLv2 compatible client hello.

I am really confused as to what the proposed v2 compatible, TLS 1.3
hello would look like. TLS 1.3 demands extension support, and the
SSLv2 and v3 protocols do not support extensions.  We've already seen
bugs and workarounds (padding extensions) resulting from continued
support of SSLv2.

There is a working version negotiation mechanism in TLS 1.0 and above
which doesn't have these issues. We should use it: a tiny handful of
old clients don't matter.

Sincerely,
Watson Ladd
>
>
> Kurt
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin

v2.23.0 | Report a Bug | By Email