[TLS] [Fwd: Re: What's the right version number in the PreMasterSecret for renegotiation]
Michael D'Errico <mike-list@pobox.com> Wed, 25 April 2012 20:31 UTC
Return-Path: <mike-list@pobox.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60C1D21F8829 for <tls@ietfa.amsl.com>; Wed, 25 Apr 2012 13:31:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.451
X-Spam-Level:
X-Spam-Status: No, score=-2.451 tagged_above=-999 required=5 tests=[AWL=0.148, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xoAGqhhX+Kqn for <tls@ietfa.amsl.com>; Wed, 25 Apr 2012 13:31:20 -0700 (PDT)
Received: from sasl.smtp.pobox.com (a-pb-sasl-sd.pobox.com [74.115.168.62]) by ietfa.amsl.com (Postfix) with ESMTP id 06E0621F8828 for <tls@ietf.org>; Wed, 25 Apr 2012 13:31:19 -0700 (PDT)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id 7F77C9A3F for <tls@ietf.org>; Wed, 25 Apr 2012 16:31:19 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:subject:content-type; s=sasl; bh=0biM zxzW1gs5m4vQyh0oogjhSbw=; b=gCYTSw98KATbZh1r56tQ9uGX17YcsFVVPVqq Ubz3xfJY/h66AbEfikxtS996uOPz/YEJGUVGnqUY+AZYav68JM+gC62t92v7MFiP L/n+zql+6f1Wqi3zCK+CRWJT+ZrHz2IDvx5hGLRxKYPvurQplEHqjPdB5epGNz2o s6WLsic=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:subject:content-type; q=dns; s=sasl; b=ACu ucKHdBgV5gEeJTNVeOn+gb5S7qw+Ep3fP1jd0j006pbhKvDf7pcdggiftXTdO1wM wjgSMfeg4Pj6cD1OSCiQWZIhqansdVvGObyPYoGWsDutH3IgAi1GWuphcJYRVWaI J6Pup0uFGK9W5N9Qg2m5Vng8UhPlJtr7h9sp3AN4=
Received: from a-pb-sasl-sd.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id 78E5F9A38 for <tls@ietf.org>; Wed, 25 Apr 2012 16:31:19 -0400 (EDT)
Received: from iMac.local (unknown [68.224.233.225]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTPSA id C9DE19A37 for <tls@ietf.org>; Wed, 25 Apr 2012 16:31:18 -0400 (EDT)
Message-ID: <4F985F15.90807@pobox.com>
Date: Wed, 25 Apr 2012 13:31:17 -0700
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228)
MIME-Version: 1.0
To: TLS Mailing List <tls@ietf.org>
Content-Type: multipart/mixed; boundary="------------050103010003050201000006"
X-Pobox-Relay-ID: 9D04E3CA-8F15-11E1-B609-8BEB728A0A4D-38729857!a-pb-sasl-sd.pobox.com
Subject: [TLS] [Fwd: Re: What's the right version number in the PreMasterSecret for renegotiation]
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Apr 2012 20:31:21 -0000
Nasko asked that I forward this message to the list. Apologies if you've already received it. Mike
--- Begin Message ---On Fri, Apr 20, 2012 at 11:42:47AM -0700, Michael D'Errico wrote: > While it would be good for clients to do this correctly, I've seen > many people argue that checking the version embedded inside an RSA > premaster secret serves no purpose other than to cause more failed > handshakes. Version rollback protection is redundant since the > Finished messages also catch tampering. I'm with Michael on this. I've discussed this privately with a few people few months ago and the consensus seems to be that from security perspective it is not needed anymore with one caveat - no SSLv2 fallback allowed. The premaster version check was added to prevent the downgrade to SSLv2, so if SSLv2 is disabled, there is very little use of the value in current TLS implementations. > So, yes, please fix any problems you find w.r.t. encoding the version > in the RSA premaster secret, but also consider turning off checking > in your servers (or make it configurable, disabled by default). It is best to be configurable, with the default off. -- Nasko Oskov "A hacker does for love what others would not do for money."--- End Message ---
- [TLS] What's the right version number in the PreM… Xuelei Fan
- Re: [TLS] What's the right version number in the … Michael D'Errico
- Re: [TLS] What's the right version number in the … Martin Rex
- Re: [TLS] What's the right version number in the … Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] What's the right version number in the … Kyle Hamilton
- Re: [TLS] What's the right version number in the … Michael D'Errico
- Re: [TLS] What's the right version number in the … Xuelei Fan
- Re: [TLS] What's the right version number in the … Martin Rex
- Re: [TLS] What's the right version number in the … Andrei Popov
- Re: [TLS] What's the right version number in the … Michael D'Errico
- [TLS] [Fwd: Re: What's the right version number i… Michael D'Errico