Re: [TLS] Minutes from Tuesday
Bodo Moeller <bmoeller@acm.org> Tue, 21 October 2014 16:19 UTC
Return-Path: <SRS0=D4s1=7M=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0E611A890F for <tls@ietfa.amsl.com>; Tue, 21 Oct 2014 09:19:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.938
X-Spam-Level:
X-Spam-Status: No, score=-0.938 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ACzmwasFtP3 for <tls@ietfa.amsl.com>; Tue, 21 Oct 2014 09:19:55 -0700 (PDT)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.187]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4917F1A8904 for <tls@ietf.org>; Tue, 21 Oct 2014 09:19:55 -0700 (PDT)
Received: from mail-yh0-f50.google.com (mail-yh0-f50.google.com [209.85.213.50]) by mrelayeu.kundenserver.de (node=mreue004) with ESMTP (Nemesis) id 0LeyNP-1YTkcJ3GVL-00ql3H; Tue, 21 Oct 2014 18:19:53 +0200
Received: by mail-yh0-f50.google.com with SMTP id a41so1734142yho.37 for <tls@ietf.org>; Tue, 21 Oct 2014 09:19:51 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.236.229.164 with SMTP id h34mr4380741yhq.199.1413908391567; Tue, 21 Oct 2014 09:19:51 -0700 (PDT)
Received: by 10.170.194.15 with HTTP; Tue, 21 Oct 2014 09:19:51 -0700 (PDT)
In-Reply-To: <20141021150536.DA17C1AEFE@ld9781.wdf.sap.corp>
References: <2A0EFB9C05D0164E98F19BB0AF3708C71D3A8C4AA6@USMBX1.msg.corp.akamai.com> <20141021150536.DA17C1AEFE@ld9781.wdf.sap.corp>
Date: Tue, 21 Oct 2014 18:19:51 +0200
Message-ID: <CADMpkc+E7fPcLJPiH5g96aNDBsYu-jChkaps58z27P4z8SvvgQ@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a11c1db2a6ca9c40505f13310"
X-Provags-ID: V02:K0:TxcrrPUdYcWe4bcozobDtII8+I1GnBhm+uzuw363HfN JdWS6ynPJsTse79xMtJue0zOJUVXQt0kwpTayXbRS6IIwy4EBP XjCpQj5px30mI4bjgsZLzvSfdUBYSp9O7QyDWtajZ8ardDDk4p iaHrrueH27oXQ8BVXNGZEj4ehEAa0TrrQITd3Mt7GpZ5aaEb/w o+NCy/T5t5yIkfcR8omV+ReIsA2wlpRrkhRf2knPp69YpOvwMc oADhXhY+mwSpqFwPafHm3svKFuR0diNhY+7fdptdxJWDU17FDg UoapyfLhAldwjp4Im+za+W6Zdb3ULTwpH8KL3KFD9pkXyu9rw8 /8W69nYKvqr21U+AURHbYWZw/zlRlUxpD2HUssShtc8LLx9Q+5 Di0znowUaQTZsJX0tUxSgRXDb1dBrIsPagRPFh5COlsT3/xcWp /KhtK
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/fsiuvA-a33DoeVu5ZCL4DcxQM6Y
Subject: Re: [TLS] Minutes from Tuesday
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Oct 2014 16:19:57 -0000
Martin Rex <mrex@sap.com>: > Rather than aborthing the TLS handshake, the server ought to include > a TLS extension in the ServerHello indicating that he recognized a > potentially inappropriate fallback and otherwise continue the TLS handshake > in the regular fashion, leaving the decision of whether&how to continue > entirely up to those clients who do perform insecure fallbacks. > That would work too, but the server would then be doing all the work to send a ServerKeyExchange even if the client is going to abort the connection. This would also allow clients (browsers probably) to gather real data > on potentially incorrect fallbacks, [...] And it would then be a decision of the (fallback-performing) clients > whether and when to start hard-failing, once they've sorted out their > connection management and figured out how to deal with false positives > in their fallback heuristics. > Well, even just having to fall back to make the connection work indicates that something is wrong -- that's not a generally expected way of establishing a TLS connection. (Clients can gather some statistics without sending TLS_FALLBACK_SCSV if they want to use the connection regardless.) It seems that the response mechanism that you propose would allow the server to confirm to that client that the server noticed that the client noticed that something is wrong. What would really be gained by that, compared to what the current TLS_FALLBACK_SCSV protocol offers? Bodo
- Re: [TLS] Minutes from Tuesday Martin Rex
- [TLS] Minutes from Tuesday Salz, Rich
- Re: [TLS] Minutes from Tuesday Bodo Moeller
- Re: [TLS] Minutes from Tuesday Bodo Moeller
- Re: [TLS] Minutes from Tuesday Bodo Moeller
- Re: [TLS] Minutes from Tuesday Marsh Ray
- Re: [TLS] Minutes from Tuesday Adam Langley
- Re: [TLS] Minutes from Tuesday Salz, Rich
- Re: [TLS] Minutes from Tuesday Florian Weimer
- Re: [TLS] Minutes from Tuesday Martin Rex
- Re: [TLS] Minutes from Tuesday Bodo Moeller
- Re: [TLS] Minutes from Tuesday Martin Rex
- Re: [TLS] Minutes from Tuesday Manuel Pégourié-Gonnard
- Re: [TLS] Minutes from Tuesday Bodo Moeller
- Re: [TLS] Minutes from Tuesday Martin Rex
- Re: [TLS] Minutes from Tuesday Bodo Moeller
- Re: [TLS] Minutes from Tuesday Brian Smith