IETF Logo Mail Archive

Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard

Bodo Moeller <bmoeller@acm.org> Thu, 22 January 2015 16:59 UTC

Return-Path: <SRS0=bNxw=CJ=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B60331ACD2A for <tls@ietfa.amsl.com>; Thu, 22 Jan 2015 08:59:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.938
X-Spam-Level:
X-Spam-Status: No, score=-0.938 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id umwuIFtNh8fM for <tls@ietfa.amsl.com>; Thu, 22 Jan 2015 08:59:21 -0800 (PST)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.131]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBE511ACD2D for <tls@ietf.org>; Thu, 22 Jan 2015 08:59:19 -0800 (PST)
Received: from mail-la0-f51.google.com ([209.85.215.51]) by mrelayeu.kundenserver.de (mreue004) with ESMTPSA (Nemesis) id 0LfWbl-1XuNYL1wSH-00p6Yq for <tls@ietf.org>; Thu, 22 Jan 2015 17:59:16 +0100
Received: by mail-la0-f51.google.com with SMTP id ge10so2751429lab.10 for <tls@ietf.org>; Thu, 22 Jan 2015 08:59:15 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.112.13.103 with SMTP id g7mr2851572lbc.29.1421945955139; Thu, 22 Jan 2015 08:59:15 -0800 (PST)
Received: by 10.25.25.145 with HTTP; Thu, 22 Jan 2015 08:59:14 -0800 (PST)
In-Reply-To: <54C0B783.2060604@metaparadigm.com>
References: <40128f312378442fbd26459bf5d7593b@usma1ex-dag1mb2.msg.corp.akamai.com> <20150119192701.190C71B0FF@ld9781.wdf.sap.corp> <CAFewVt6LRafnJN_L=xVeiAxNcpSB+8vPYzquPfjXsduudyj+QQ@mail.gmail.com> <BAY180-W688DE2930CB7F231E60989FF480@phx.gbl> <04690E05-4905-4941-A60D-7BC5CDC93431@gmail.com> <BAY180-W1849690A1D8C42F1063DDBFF480@phx.gbl> <39B8BC24-D539-456F-970B-B11665B0E892@gmail.com> <54C0B783.2060604@metaparadigm.com>
Date: Thu, 22 Jan 2015 17:59:14 +0100
Message-ID: <CADMpkcJLidpZcQd-zmFAyd022xHB9Cj0xkhQyjBxQBsLk54SbA@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a11c39f568bc710050d4097cf"
X-Provags-ID: V03:K0:4AbxnYPNNbw7T/YSZ0CCbQpxoJAqXAenxcNBz6x5v29K3HTsP7S mNPpkEK2JmWX7BIf+WMPOxzX1j6nSW8tOzlaBiGTu1xZ8i/+A4dToiDrJWjTuq7y0o6quvB GWSNWQFOEZT7FA7aYH186tcls3GCLAm9E3rDUZVZAGh10+582Gc2Fids3F5d8xMNLIuiiSF ln2DR79TcvD1q2gdLtr4g==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/dkRvYr4VOV-Z8tWOtU2P3jGzwGU>
Subject: Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jan 2015 17:01:17 -0000

Michael Clark <michael@metaparadigm.com>:


> + SCSV served a purpose of a mitigation while clients downgraded
>   due to version upgrade intolerant servers. It may have served its
>   purpose. Don't downgrade and there is no attack vector


This is certainly true, but note that all the major browsers (including the
current release of Mozilla Firefox) still *do* downgrade. Firefox has plans
to disable the downgrade dance by default, but there'll still be a user
setting for this, and various users may (have to) set this.  Not
downgrading isn't entirely science fiction any more, but it ain't over
until the fat lady sings.

Not having to do downgrade retries is the right goal, but when we have
achieved that, having the SCSV logic dormant in servers is really a minor
low-complexity addition to the protocol that won't do any harm, and may (or
may not) turn out to be useful again in the future.

Bodo

v2.23.0 | Report a Bug | By Email