[TLS] Downgrade SCSV info

Martin Thomson <martin.thomson@gmail.com> Tue, 11 November 2014 21:26 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id CD1681A016F for <tls@ietfa.amsl.com>; Tue, 11 Nov 2014 13:26:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id ZekItCqejvEM for <tls@ietfa.amsl.com>; Tue, 11 Nov 2014 13:26:37 -0800 (PST)
Received: from mail-lb0-x22e.google.com (mail-lb0-x22e.google.com [IPv6:2a00:1450:4010:c04::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 715751A0019 for <tls@ietf.org>; Tue, 11 Nov 2014 13:26:37 -0800 (PST)
Received: by mail-lb0-f174.google.com with SMTP id p9so5044428lbv.5 for <tls@ietf.org>; Tue, 11 Nov 2014 13:26:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=Q1eDxz2y/Rcc/xdyLDxrQmydIjhZZq1GQw44XURZS7M=; b=T3jjxrMubp/ONW64zxNlaUMk+FUjbtLc7JybwW0hhab+e9h+EEAt8Or5s71HNiYHfX Lt2nvUWgvD87Fn1VdQYBki3qerl7fBH1w4WBc47HyFwXIsIUTnEAanDVZJnkjP6qmPvL qCywXzPPv34L6RQYYjz7Kk0gWSYX/Uahw0/pKCdLi66qpuqvRqi0m/kh1nxuslDmd92L TE/++Au+XyYwN+ylx0FmdrHtlgakE97udab3buf7RxRowm7xATX2wjwyc9Uw1bpB8UNl FIt8L+/Sg57vpc3gmOsa67Km0eUWPTRfWkdC7hTjPkjIn+/U5ZbGFQazBafsPabJo6qt PVSQ==
MIME-Version: 1.0
X-Received: by with SMTP id l8mr38710629lae.43.1415741195853; Tue, 11 Nov 2014 13:26:35 -0800 (PST)
Received: by with HTTP; Tue, 11 Nov 2014 13:26:35 -0800 (PST)
Date: Tue, 11 Nov 2014 13:26:35 -0800
Message-ID: <CABkgnnU=NM0pK1O7KdEa9T4nEo8qE3D2K4JPKSt8ShWU72DrVw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: "tls@ietf.org" <tls@ietf.org>, Rob Trace <Rob.Trace@microsoft.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/dxZRbI-giZOnABzqvKpCeidhXtM
Subject: [TLS] Downgrade SCSV info
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Nov 2014 21:26:38 -0000

I realize that this new information is late, but this is my
understanding of how Internet Explorer implements version fallback.
Rob, please correct me if I'm wrong.

TLS 1.2 (no RC4)
TLS 1.0 (no RC4)
TLS 1.0 (with RC4)

It is my opinion that this is not that large a risk.  We are highly
likely - in my opinion, and based on the numbers we have - to have few
TLS 1.1 servers that are both intolerant to the TLS 1.2 handshake AND
implement the downgrade SCSV.