Re: [TLS] 2nd WGLC: draft-ietf-tls-downgrade-scsv

Brian Smith <brian@briansmith.org> Thu, 04 December 2014 03:03 UTC

Return-Path: <brian@briansmith.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AAED1A1B95 for <tls@ietfa.amsl.com>; Wed, 3 Dec 2014 19:03:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.979
X-Spam-Level:
X-Spam-Status: No, score=-1.979 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bOdrvWZJcTR7 for <tls@ietfa.amsl.com>; Wed, 3 Dec 2014 19:03:32 -0800 (PST)
Received: from mail-oi0-f41.google.com (mail-oi0-f41.google.com [209.85.218.41]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60C911A000B for <tls@ietf.org>; Wed, 3 Dec 2014 19:03:32 -0800 (PST)
Received: by mail-oi0-f41.google.com with SMTP id a3so11936521oib.0 for <tls@ietf.org>; Wed, 03 Dec 2014 19:03:31 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=PO5HI8pOIVx+cvpYPXeV8XGoBF0ol/N4HXjraND9GVY=; b=b3zrfM7lD9Q4JmaSlhSMOhJiOILHb712HIVoVA5dP7fs784Eq4e+bamLMCQOItOMws S5MPKosPrg1Eqj726rAvV6P7e8IR3L8++To9zx68lLVuvHB9Gh7kFCEQkzp8O0HMcVLj hTWtiwu+0S62rGRuF7j4xcGJpCCB+CHdyatTLnRQNN6PC2AtZRElcizBi4s812bXLJ9I 6Xq3SltXS7KUXnxsKUwMxV5IJc3sEL7h3jo+5+d986kNk65fbXOzZuEbte1ue5zgQ+sv 9sRKjWLbX+oLZSyyhU0tJ5r6DiUrUUnxS4Ub4bTlIu4qW2crpem2/RUV60wGO2MiipIC ALVQ==
X-Gm-Message-State: ALoCoQnzVYlTs0tqQqfLt5uF6zFrMoypGG9HlWI6pvOSX/dhtvTjM7CZQRikbbN2Qp/HnZjDV9lG
MIME-Version: 1.0
X-Received: by 10.182.205.164 with SMTP id lh4mr5159554obc.5.1417662211750; Wed, 03 Dec 2014 19:03:31 -0800 (PST)
Received: by 10.76.19.144 with HTTP; Wed, 3 Dec 2014 19:03:31 -0800 (PST)
In-Reply-To: <20141204021647.F06351B03D@ld9781.wdf.sap.corp>
References: <CAFewVt5XrE_qc7ejqW3Zwa-qfvzBksZevsytt6e3G4CaQTiQeA@mail.gmail.com> <20141204021647.F06351B03D@ld9781.wdf.sap.corp>
Date: Wed, 03 Dec 2014 19:03:31 -0800
Message-ID: <CAFewVt6FfK=w0b2+ZxKPXzCgzRa-oj2UgtwGTiGY2nKoS5csGA@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
To: mrex@sap.com
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/jVsknDRSZ-1Ro53Gs-qmIDUajac
Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] 2nd WGLC: draft-ietf-tls-downgrade-scsv
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Dec 2014 03:03:34 -0000

Martin Rex <mrex@sap.com> wrote:
> Brian Smith wrote:
>> Sean Turner <turners@ieca.com> wrote:
>>> This message initiates the 2nd WGLC for draft-ietf-tls-downgrade-scsv-02.
>>> Please review the document and send your comments to the list by Friday,
>>> December 12, 2014.
>>
>> The text in the draft should be changed to read something like
>> "Clients SHOULD put the TLS_FALLBACK_SCSV after all cipher suites that
>> the client actually intends to negotiate."
>
> That is silly.

This suggestion is based on implementation experience, known
interoperability issues, and testing that has been already reported on
this list and on the openssl-dev list.

> I don't think there is such a weird recommendation in rfc5746.

Apparently, there is not yet evidence that RFC5746 has similar problems.

>> Recently, it has been shown that it is problematic to put the
>> TLS_FALLBACK_SCSV cipher suite ahead of any real cipher suites in the
>> ClientHello, because doing so causes unintended handshake failures.
>
> This statement is self-contradictory.
>
> The entire and only purpose of this I-D is to cause handshake failures,

That is true, but *only* in a specific set of circumstances. The
problem is that handshake failures occur in other circumstances where
the draft does not prescribe a failure.

Cheers,
Brian