Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard

Bodo Moeller <> Thu, 22 January 2015 16:59 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id B60331ACD2A for <>; Thu, 22 Jan 2015 08:59:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.938
X-Spam-Status: No, score=-0.938 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id umwuIFtNh8fM for <>; Thu, 22 Jan 2015 08:59:21 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DBE511ACD2D for <>; Thu, 22 Jan 2015 08:59:19 -0800 (PST)
Received: from ([]) by (mreue004) with ESMTPSA (Nemesis) id 0LfWbl-1XuNYL1wSH-00p6Yq for <>; Thu, 22 Jan 2015 17:59:16 +0100
Received: by with SMTP id ge10so2751429lab.10 for <>; Thu, 22 Jan 2015 08:59:15 -0800 (PST)
MIME-Version: 1.0
X-Received: by with SMTP id g7mr2851572lbc.29.1421945955139; Thu, 22 Jan 2015 08:59:15 -0800 (PST)
Received: by with HTTP; Thu, 22 Jan 2015 08:59:14 -0800 (PST)
In-Reply-To: <>
References: <> <> <> <BAY180-W688DE2930CB7F231E60989FF480@phx.gbl> <> <BAY180-W1849690A1D8C42F1063DDBFF480@phx.gbl> <> <>
Date: Thu, 22 Jan 2015 17:59:14 +0100
Message-ID: <>
From: Bodo Moeller <>
To: "" <>
Content-Type: multipart/alternative; boundary="001a11c39f568bc710050d4097cf"
X-Provags-ID: V03:K0:4AbxnYPNNbw7T/YSZ0CCbQpxoJAqXAenxcNBz6x5v29K3HTsP7S mNPpkEK2JmWX7BIf+WMPOxzX1j6nSW8tOzlaBiGTu1xZ8i/+A4dToiDrJWjTuq7y0o6quvB GWSNWQFOEZT7FA7aYH186tcls3GCLAm9E3rDUZVZAGh10+582Gc2Fids3F5d8xMNLIuiiSF ln2DR79TcvD1q2gdLtr4g==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: <>
Subject: Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 22 Jan 2015 17:01:17 -0000

Michael Clark <>:

> + SCSV served a purpose of a mitigation while clients downgraded
>   due to version upgrade intolerant servers. It may have served its
>   purpose. Don't downgrade and there is no attack vector

This is certainly true, but note that all the major browsers (including the
current release of Mozilla Firefox) still *do* downgrade. Firefox has plans
to disable the downgrade dance by default, but there'll still be a user
setting for this, and various users may (have to) set this.  Not
downgrading isn't entirely science fiction any more, but it ain't over
until the fat lady sings.

Not having to do downgrade retries is the right goal, but when we have
achieved that, having the SCSV logic dormant in servers is really a minor
low-complexity addition to the protocol that won't do any harm, and may (or
may not) turn out to be useful again in the future.