Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00

Florian Weimer <fweimer@redhat.com> Thu, 16 October 2014 09:03 UTC

Return-Path: <fweimer@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81B7E1A1AE0 for <tls@ietfa.amsl.com>; Thu, 16 Oct 2014 02:03:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3qacLbrvlEPD for <tls@ietfa.amsl.com>; Thu, 16 Oct 2014 02:03:06 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 960721A1AB6 for <tls@ietf.org>; Thu, 16 Oct 2014 02:03:06 -0700 (PDT)
Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s9G932lW030155 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 16 Oct 2014 05:03:02 -0400
Received: from oldenburg.str.redhat.com (oldenburg.str.redhat.com [10.33.200.60]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s9G930bU029449 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Thu, 16 Oct 2014 05:03:02 -0400
Message-ID: <543F89C4.3020303@redhat.com>
Date: Thu, 16 Oct 2014 11:03:00 +0200
From: Florian Weimer <fweimer@redhat.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.1
MIME-Version: 1.0
To: Bodo Moeller <bmoeller@acm.org>
References: <2112FCAD-4820-49D9-9871-6501C83A554D@cisco.com> <543E95AE.1030300@redhat.com> <CADMpkcLDgsR9D5xk75iXjZJLMyZPtGEEGF70fadBb4_aEKOPsw@mail.gmail.com>
In-Reply-To: <CADMpkcLDgsR9D5xk75iXjZJLMyZPtGEEGF70fadBb4_aEKOPsw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/h1v5_djnc0rVAuVS5myxWAEXLWQ
Cc: tls@ietf.org
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Oct 2014 09:03:08 -0000

On 10/15/2014 08:09 PM, Bodo Moeller wrote:
> "Florian Weimer" <fweimer@redhat.com <mailto:fweimer@redhat.com>>:
>
>  > One more issue: The draft is silent on how to respond to an
> inappropriate_fallback alert.
>
> No, it is expressly a fatal alert. What else do you think would need to
> be said?

If it were that clear, we wouldn't need this new SCSV at all because 
browsers would never have performed fallback in response to fatal alerts.

So far I've come up with the following questions:

Should the client continue to retry with lower TLS versions once it 
receives an inappropriate_fallback alert?

Should it retry without the SCSV?  I guess you mean "no way!", but this 
is only implicit.

-- 
Florian Weimer / Red Hat Product Security