IETF Logo Mail Archive

Re: [TLS] SCSV versioning

Bodo Moeller <bmoeller@acm.org> Fri, 27 February 2015 01:32 UTC

Return-Path: <SRS0=gnoC=DN=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E85261A1AA7 for <tls@ietfa.amsl.com>; Thu, 26 Feb 2015 17:32:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.938
X-Spam-Level:
X-Spam-Status: No, score=-0.938 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yqVhNpsbW_pw for <tls@ietfa.amsl.com>; Thu, 26 Feb 2015 17:32:45 -0800 (PST)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.187]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7680C1A1AA2 for <tls@ietf.org>; Thu, 26 Feb 2015 17:32:45 -0800 (PST)
Received: from mail-ob0-f171.google.com ([209.85.214.171]) by mrelayeu.kundenserver.de (mreue004) with ESMTPSA (Nemesis) id 0MVHys-1Y1I0447lW-00YgSc for <tls@ietf.org>; Fri, 27 Feb 2015 02:32:43 +0100
Received: by mail-ob0-f171.google.com with SMTP id gq1so15503005obb.2 for <tls@ietf.org>; Thu, 26 Feb 2015 17:32:36 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.183.24.162 with SMTP id ij2mr8329449obd.18.1425000756577; Thu, 26 Feb 2015 17:32:36 -0800 (PST)
Received: by 10.76.144.230 with HTTP; Thu, 26 Feb 2015 17:32:36 -0800 (PST)
In-Reply-To: <m2d24w19pi.fsf@localhost.localdomain>
References: <73A15C72-FC5B-4241-9AA2-9ACCC65B562D@cisco.com> <CADMpkcLz1cRKz=SPyVXXu_8JBch-dhmCn43dkdxno=d81nos_A@mail.gmail.com> <m2d24w19pi.fsf@localhost.localdomain>
Date: Thu, 26 Feb 2015 20:32:36 -0500
Message-ID: <CADMpkc+wNFP1rVHALAW3mmW=S22SLEp3Jm0=PcE+bBt2C5V3hQ@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: Geoffrey Keating <geoffk@geoffk.org>
Content-Type: multipart/alternative; boundary="001a1134a7aee69246051007d719"
X-Provags-ID: V03:K0:z+lmDA/chEFokCsXz+6p87uo5Mx37C8PyaC9xBVqhJ3aIja/ihi Hg4/7AqiNy4Rc6c7xkKlFsKCtOWUe9IaasGGSLZP++9SSqcTfKpjkFT5btYm37MHYQohUTj JKvGcVlQzFFZSQ4TSbP7PYb+I9R349kPBJ4hG05Cu5qtvrXvQSlcPjmLW7q4OFAVMIsqolh LM8zczaMwA+D2X3XSzLUw==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/k7BuaEVJ9P1Un9bdAQTAvEkIoN0>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] SCSV versioning
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Feb 2015 01:40:27 -0000

>
> I believe it's the same thing I mentioned last year, in
>
> http://www.ietf.org/mail-archive/web/tls/current/msg11208.html
>
> The implicit assumption made by the SCSV is that all new servers
> (supporting the SCSV) will not have bugs requiring a fallback.  As
> soon as that first server appears which supports SCSV but requires
> fallback, this SCSV can't be used.


This would affect fallback handshakes from *future* protocol versions to
TLS 1.2, as we've seen that it's not a problem in practice when falling
back from TLS 1.2 to earlier versions. So it could mean that clients that
want to maintain interoperability with servers that can't handle their TLS
1.3 handshake attempts might not want to send TLS_FALLBACK_SCSV in fallback
handshake Client Hello messages announcing TLS 1.2. (The document's
Security Considerations cover this, by the way.) I don't see how it could
be a reason to not use the SCSV when falling back to a version below TLS
1.2.

Bodo

v2.14.0 | Report a Bug | By Email