IETF Logo Mail Archive

Re: [TLS] Working Group Last Call fordraft-ietf-tls-downgrade-scsv-00

Rob Stradling <rob.stradling@comodo.com> Tue, 21 October 2014 09:58 UTC

Return-Path: <rob.stradling@comodo.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2570C1A00A3 for <tls@ietfa.amsl.com>; Tue, 21 Oct 2014 02:58:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.29
X-Spam-Level:
X-Spam-Status: No, score=-1.29 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_NET=0.611, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dqMUJRfgSGO3 for <tls@ietfa.amsl.com>; Tue, 21 Oct 2014 02:58:04 -0700 (PDT)
Received: from ian.brad.office.comodo.net (eth5.brad-fw.brad.office.ccanet.co.uk [178.255.87.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB2B01A0242 for <tls@ietf.org>; Tue, 21 Oct 2014 02:58:03 -0700 (PDT)
Received: (qmail 12500 invoked by uid 1000); 21 Oct 2014 09:58:00 -0000
Received: from and0004.comodo.net (HELO [192.168.0.58]) (192.168.0.58) (smtp-auth username rob, mechanism plain) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (AES128-SHA encrypted) ESMTPSA; Tue, 21 Oct 2014 10:58:00 +0100
Message-ID: <54462E27.30607@comodo.com>
Date: Tue, 21 Oct 2014 10:57:59 +0100
From: Rob Stradling <rob.stradling@comodo.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Brian Smith <brian@briansmith.org>, Martin Thomson <martin.thomson@gmail.com>
References: <2112FCAD-4820-49D9-9871-6501C83A554D@cisco.com><5438CFEA.7000401@brainhub.org> <543E9435.8000905@redhat.com><2A0EFB9C05D0164E98F19BB0AF3708C71D39ECE9C9@USMBX1.msg.corp.akamai.com><543E9C9F.5050104@redhat.com><2A0EFB9C05D0164E98F19BB0AF3708C71D39ECE9D5@USMBX1.msg.corp.akamai.com><543E9FFA.5030102@redhat.com><CADMpkcLnOh3HGD+urWuo6fPfkX4WfGhwckE0jg5jS2KqD2RuMQ@mail.gmail.com><CABkgnnWuCwOGBXG2RdetwPFn4KtVPygSBWG5qkme1mvNst6n+A@mail.gmail.com><543F9893.806@redhat.com> <543FA0A0.1030205@polarssl.org><543FCAED.50502@redhat.com> <543FCC90.7020408@polarssl.org><1413468247.17221.8.camel@dhcp-2-127.brq.redhat.com><CADMpkcLf+p5J600gueqzKec4nKuo78Xrr-auW+fyapuqM13Z4w@mail.gmail.com><1413805668.2597.10.camel@dhcp-2-127.brq.redhat.com><CABkgnnVzzzLMCcMrUs0QcH1A+RBCgr3qM7bFW339oL7sg2mfqw@mail.gmail.com> <CAFewVt6Khb4CCK4TbyG-D2oO1z=MrwuWSGgwhT98CRMaZ9iM0A@mail.gmail.com>
In-Reply-To: <CAFewVt6Khb4CCK4TbyG-D2oO1z=MrwuWSGgwhT98CRMaZ9iM0A@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/kz7xfekvz_-ltBP157HUNWmkD6E
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Working Group Last Call fordraft-ietf-tls-downgrade-scsv-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Oct 2014 09:58:07 -0000

On 20/10/14 18:30, Brian Smith wrote:
> On Mon, Oct 20, 2014 at 4:53 AM, Martin Thomson wrote:
<snip>
>     I think that we should do that, but as a practical matter, I suspect
>     that we'll be stuck with some amount of fallback for a while yet.  I
>     find the TLS 1.3 intolerance numbers pretty alarming in this regard;
>     even with rapid improvement, I doubt it will go away quickly.
>
> That's why the version negotiation mechanism for TLS 1.3 should be
> different. We've already made the mistake 3 times of trying to use
> ClientHello.client_version to negotiate versions and 3 times we've
> learned that it has terrible compatibility issues. Why keep repeating
> that same mistake? By negotiating TLS 1.3 with a new extension, and
> keeping ClientHello.client_version = TLS 1.2 for TLS 1.3, you avoid the
> compatibility costs without losing anything.

How about negotiating TLS 1.3 using yet another new SCSV?

Yes, I know, that'd be even more of a hack than negotiating TLS 1.3 with 
a new extension.  But since server-side support for extensions is 
optional, and since there are servers out there that are 
extension-intolerant, I figured I should at least suggest the idea.  ;-)

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

v2.23.0 | Report a Bug | By Email