IETF Logo Mail Archive

Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"

David Benjamin <davidben@chromium.org> Tue, 14 May 2019 16:32 UTC

Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EA0212008B for <tls@ietfa.amsl.com>; Tue, 14 May 2019 09:32:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.508
X-Spam-Level:
X-Spam-Status: No, score=-9.508 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wJQIqKLjCa7y for <tls@ietfa.amsl.com>; Tue, 14 May 2019 09:32:41 -0700 (PDT)
Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEF2E120044 for <tls@ietf.org>; Tue, 14 May 2019 09:32:41 -0700 (PDT)
Received: by mail-qt1-x832.google.com with SMTP id m32so16690240qtf.0 for <tls@ietf.org>; Tue, 14 May 2019 09:32:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6SbL0Bx/r6e0sSytXVYkPF+AlYEWQivYSMEUpfIYhg0=; b=aWiTRN8BBH2VgX/Hl5egdvqnvCkBbFLlsI+1zf8BLQYU02RnObtehsCD8suPvgzkJJ wsozWC+pbJN3oQKXu2PDbUaMQVqVHisCnsSEHKPdxIGuf6DFEJSbF47X+w/HMeqhXPXA ABboZa1ulOlsZEsUCo314Rk+2c3+GnO9frBgs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6SbL0Bx/r6e0sSytXVYkPF+AlYEWQivYSMEUpfIYhg0=; b=baTimfHDK+5/A/UjiN9PC+JCZiFJ5Qrr5LZanipI6lGX6vfguX9ZzWK9tYDSD5fzac MxOI5JABAKguAb/3VZIsnaSTcKTXBwqnnzi9s82EnvXRSilWPtST0tLZG3n1chs0V7QJ qZ1iim5fo2QPfrpAybz2Joy1XqGFrocB3P+f+MozFsaKiuGQ9uEys8JhB7026xX9y6CV V7rE59G8zlUxH3fbgwLu+NvF/sWTsREIKcFbBhAt064CHznadGlpiC6gl2EqpvPJFVP4 UnZYHar6xcj8x3qRgHbKVjgigmilFRwEc2sYsD+d4VfS8HhlbOWjFRwY6tngaKJKYHNY Brfw==
X-Gm-Message-State: APjAAAUE/WmpjE7A4QesnRZtA/IqEMfqwT2fE0dAWLbFwqYUOWE18fEJ FXas1xTfzrpsuA5CZb6zRV17yrK+AUeNhG9aPlIS
X-Google-Smtp-Source: APXvYqy6s7rTix4ivAM0sUAMKcu0v6R4fnmxUnm6Bq2pMXc2jApCGO35hH44jDjI4xQ1c9x5jXvfh1t1OJM79TVJJGI=
X-Received: by 2002:a0c:fd67:: with SMTP id k7mr28140809qvs.152.1557851560602; Tue, 14 May 2019 09:32:40 -0700 (PDT)
MIME-Version: 1.0
References: <28511b10-8f6a-4394-95a9-5188130f7b58@www.fastmail.com> <14984380.sTCEapK0kV@pintsize.usersys.redhat.com> <20190509222449.9C553404C@ld9781.wdf.sap.corp> <29960808.K0e8lGuAtk@pintsize.usersys.redhat.com> <20190514145249.C6DDB404C@ld9781.wdf.sap.corp>
In-Reply-To: <20190514145249.C6DDB404C@ld9781.wdf.sap.corp>
From: David Benjamin <davidben@chromium.org>
Date: Tue, 14 May 2019 12:32:23 -0400
Message-ID: <CAF8qwaAZi1MJDWHyOzokPD2MSQGZnuk7J5SAEQbt+Yi9TC6wvw@mail.gmail.com>
To: mrex@sap.com
Cc: Hubert Kario <hkario@redhat.com>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e25ab50588db94d9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/hdorspzC-VV5CkpMzvrhkZoApjU>
Subject: Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 May 2019 16:32:45 -0000

>
> > which exact piece of popular software actually still does that?
> > It ain't curl, it ain't Chrome, it ain't Firefox.
>
> It definitely was implemented in Chrome and Firefox, which is how this
> poor document got onto standards track:
>
>    https://tools.ietf.org/html/rfc7507
>
>  TLS Fallback Signaling Cipher Suite Value (SCSV)
>     for Preventing Protocol Downgrade Attacks
>
> >
> > It also isn't something done automatically
> > by any TLS implementation that's even remotely popular:
> > OpenSSL, NSS, GnuTLS, schannel, Secure Transport, go...
>
> It is impossible to do this transparently, because the a connection
> is ususable after a fatal TLS hanshake failure (or unexpected socket
> closure).
>
> Any application-level cleartext negotiation will have to be repeated
> as well, and the TLS implementation typically does not know about it.
> (such as HTTP CONNECT or STARTTLS)
>
> The POODLE paper
>    https://www.openssl.org/~bodo/ssl-poodle.pdf
>
> asserts that many clients doing downgrade dances exist, and at the
> time of publication, this includes Mozilla Firefox, Google Chrome and
> Microsoft Internet Explorer.
>

Chrome has not done a downgrade dance for over three years now (Chrome 50,
released in April 2016), even for TLS 1.3. Indeed much of the fuss around
TLS 1.3 was so clients could avoid repeating this mess.

David

v2.23.0 | Report a Bug | By Email