[TLS] One approach to rollback protection

Eric Rescorla <ekr@rtfm.com> Mon, 26 September 2011 23:42 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB2D41F0CAB for <tls@ietfa.amsl.com>; Mon, 26 Sep 2011 16:42:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.909
X-Spam-Level:
X-Spam-Status: No, score=-102.909 tagged_above=-999 required=5 tests=[AWL=0.068, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CPw6LxuD1Ik0 for <tls@ietfa.amsl.com>; Mon, 26 Sep 2011 16:42:15 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by ietfa.amsl.com (Postfix) with ESMTP id F2B121F0CA6 for <tls@ietf.org>; Mon, 26 Sep 2011 16:42:14 -0700 (PDT)
Received: by wyh21 with SMTP id 21so4804841wyh.31 for <tls@ietf.org>; Mon, 26 Sep 2011 16:44:58 -0700 (PDT)
Received: by 10.227.165.202 with SMTP id j10mr49128wby.18.1317080698182; Mon, 26 Sep 2011 16:44:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.227.151.205 with HTTP; Mon, 26 Sep 2011 16:44:18 -0700 (PDT)
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 26 Sep 2011 16:44:18 -0700
Message-ID: <CABcZeBNFtVBh7a=j4LE73Q0c-W8KGe4aKNBVZam1qOZr=aRaRQ@mail.gmail.com>
To: tls@ietf.org
Content-Type: text/plain; charset=ISO-8859-1
Subject: [TLS] One approach to rollback protection
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Sep 2011 23:42:15 -0000

I've been doing some thinking about how to prevent rollback to
TLS 1.0/SSLv3 from TLS 1.1-capable agents.

Since there's very little deployment of TLS 1.1+, basically anything
we do now will roll out more or less in parallel with TLS 1.1 deployment,
as long as it's backward compatible.The obvious technique here is to
stuff the relevant indicator in the cipher suites list, since we know that
servers ignore unknown entries there.

I've taken an initial crack at a draft for this:
http://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-version-cs.txt

-Ekr