Re: [TLS] Next steps for draft-ietf-tls-renegotiation
Eric Rescorla <ekr@networkresonance.com> Mon, 30 November 2009 21:05 UTC
Return-Path: <ekr@networkresonance.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0DAF03A689A for <tls@core3.amsl.com>; Mon, 30 Nov 2009 13:05:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.061
X-Spam-Level:
X-Spam-Status: No, score=0.061 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PcYN0n35UbFz for <tls@core3.amsl.com>; Mon, 30 Nov 2009 13:04:59 -0800 (PST)
Received: from kilo.networkresonance.com (74-95-2-169-SFBA.hfc.comcastbusiness.net [74.95.2.169]) by core3.amsl.com (Postfix) with ESMTP id 379133A6894 for <tls@ietf.org>; Mon, 30 Nov 2009 13:04:59 -0800 (PST)
Received: from kilo.local (localhost [127.0.0.1]) by kilo.networkresonance.com (Postfix) with ESMTP id D8EA76C3EE1; Mon, 30 Nov 2009 13:05:55 -0800 (PST)
Date: Mon, 30 Nov 2009 13:05:54 -0800
From: Eric Rescorla <ekr@networkresonance.com>
To: Nicolas Williams <Nicolas.Williams@sun.com>
In-Reply-To: <20091130170745.GH773@Sun.COM>
References: <808FD6E27AD4884E94820BC333B2DB774F3118C3CA@NOK-EUMSG-01.mgdnok.nokia.com> <20091130170745.GH773@Sun.COM>
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20091130210555.D8EA76C3EE1@kilo.networkresonance.com>
Cc: tls@ietf.org
Subject: Re: [TLS] Next steps for draft-ietf-tls-renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Nov 2009 21:05:00 -0000
At Mon, 30 Nov 2009 11:07:45 -0600, Nicolas Williams wrote: > > On Fri, Nov 27, 2009 at 11:26:34PM +0100, Pasi.Eronen@nokia.com wrote: > > <wearing Area Director hat> > > > > I have asked the secretariat to start IETF Last Call for > > draft-rescorla-tls-renegotiation-01. > > > > I've gone through the list archives for the past month, and it seems a > > large majority of the WG members support the overall approach in this > > draft (with a small, but very vocal, minority preferring a totally > > extension-less approach to signalling). > > I don't think that's a fair nor complete characterization of the current > differences of opinion. A more complete and correct characterization > might be: > > - The RI proposal has a fail-unsafe requirement that peers check the > contents of the extensions sent. > > NOTE: A fix for this wouldn't require an extension-less signalling > solution. > > [IMO: This is serious objection that goes beyond protocol design > aesthetics or ease of retrofitting for SSLv3. I think we can > live without a fix for this problem, but I'd much rather have a > fail-safe solution.] I don't really agree that this is a serious objection. As I said earlier, the security of TLS requires that the peer behave correctly in a variety of unobservable ways. If it doesn't, we have far more serious security problems than this (in particular, in order for the failure you're concerned about to occur, this failure requires *both* sides to be incorrectly implemented, whereas there are plenty of issues that can be created by merely one side being incorrect). Moreover, there *are* implementation errors where the various proposed alternative signalling mechanisms can go wrong as well, as our discussion over the past few days indicates. So I can't even agree with the characterization of this issue as "fail-safe" versus "fail-unsafe". Rather, each solution is subject to different kinds of implementation screwups. I don't find the argument that the screwups you can make with RI are somehow easier to be particularly convincing. Moreover, if you're really concerned about TLS being safe in the face of implementation errors, you should worry about designing mechanisms that are safe in the face of PRNG failure, seeing as we've seen at least two such errors in live TLS stacks. -Ekr
- [TLS] Next steps for draft-ietf-tls-renegotiation Pasi.Eronen
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Bodo Moeller
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… David-Sarah Hopwood
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Michael D'Errico
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Pasi.Eronen
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Steve Dispensa
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Pasi.Eronen
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Eric Rescorla
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Stefan Santesson
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… David-Sarah Hopwood
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Eric Rescorla
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Michael D'Errico
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Yoav Nir
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Nicolas Williams
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Ben Laurie
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Pasi.Eronen
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Pasi.Eronen
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Eric Rescorla
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Eric Rescorla
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Eric Rescorla
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Martin Rex
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Eric Rescorla
- [TLS] draft-renego "even after previous handshake… Marsh Ray
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Yoav Nir
- Re: [TLS] Next steps for draft-ietf-tls-renegotia… Pasi.Eronen