IETF Logo Mail Archive

Re: [TLS] supported_versions in TLS 1.2

"Salz, Rich" <rsalz@akamai.com> Sat, 20 November 2021 14:17 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA8573A0907 for <tls@ietfa.amsl.com>; Sat, 20 Nov 2021 06:17:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.701, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id usxahYGyTIml for <tls@ietfa.amsl.com>; Sat, 20 Nov 2021 06:17:47 -0800 (PST)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E5563A08FC for <tls@ietf.org>; Sat, 20 Nov 2021 06:17:47 -0800 (PST)
Received: from pps.filterd (m0122330.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 1AKDg252026289; Sat, 20 Nov 2021 14:17:39 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=h79/DoaM7PP+gO/2Jxau2z77x1eRyzPXG/syHa+fgCg=; b=U7HSAlNITKDR9MiAMCjOdTNNnbFjOlwiI+skuT4Iaqhm++jZAm8ZknzRLTRw7sfd3hUW hipamY1eFeSk1Qzgn2aoQmIkGVGbyYWcLeOpRd3PGmuq3XyJjDcQetRB1va70KfLekHt RWSKW4tEHi1gA2En1ABksZrJrmdnQ+1gYQNUoGLbuz86OESGlxPL+043d7H9NSV+v4Uu 7TIXlLv3v5JPt2jiOHvxnRxXT7Sx57zotmV5rJUoo/rNaH6NrBOR2Elk9Krw7eaUmJ/t 8GHPVXiD6hx+ng3S/ERv2s3iHiu62HlinU7rs5tbVOiD3NZiCT3D3RrLr4qGlHgJIQ7P 8g==
Received: from prod-mail-ppoint5 (prod-mail-ppoint5.akamai.com [184.51.33.60] (may be forged)) by mx0b-00190b01.pphosted.com (PPS) with ESMTPS id 3cet0xb2wb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 20 Nov 2021 14:17:39 +0000
Received: from pps.filterd (prod-mail-ppoint5.akamai.com [127.0.0.1]) by prod-mail-ppoint5.akamai.com (8.16.1.2/8.16.1.2) with SMTP id 1AKE5gEs014651; Sat, 20 Nov 2021 06:17:38 -0800
Received: from email.msg.corp.akamai.com ([172.27.123.30]) by prod-mail-ppoint5.akamai.com with ESMTP id 3ceyvfr6ra-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sat, 20 Nov 2021 06:17:38 -0800
Received: from USMA1EX-DAG1MB3.msg.corp.akamai.com (172.27.123.103) by usma1ex-dag1mb6.msg.corp.akamai.com (172.27.123.65) with Microsoft SMTP Server (TLS) id 15.0.1497.24; Sat, 20 Nov 2021 09:15:08 -0500
Received: from USMA1EX-DAG1MB3.msg.corp.akamai.com ([172.27.123.103]) by usma1ex-dag1mb3.msg.corp.akamai.com ([172.27.123.103]) with mapi id 15.00.1497.024; Sat, 20 Nov 2021 09:15:08 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: David Benjamin <davidben@chromium.org>, Peter Saint-Andre <stpeter@mozilla.com>
CC: Peter Gutmann <pgut001@cs.auckland.ac.nz>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] supported_versions in TLS 1.2
Thread-Index: AQHX2v/H88LoLug+MEei5EmqZdKsgKwGnwgAgAAI3ICAAAU6gIAA9rsAgAAiO4CAA+NBAIAAB3oAgADLPAA=
Date: Sat, 20 Nov 2021 14:15:08 +0000
Message-ID: <5289476D-ADAA-4049-8300-5D67BA20314A@akamai.com>
References: <cba86b0d-5100-05c0-e7d6-8cbe6abc0c92@mozilla.com> <20211116164248.7ed2ee00@computer> <31aab4dd-46d6-d62b-0116-c7e6cc307b85@mozilla.com> <CAF8qwaCJeGAWhX8RoDGuU54M6OP70ZqK6MqF_kaiGq0b50eJ_w@mail.gmail.com> <SY4PR01MB6251973DFBF3D3535FE3CEFAEE9A9@SY4PR01MB6251.ausprd01.prod.outlook.com> <5C1F59E5-EB9F-4888-BF1B-DE26B4B99CD1@akamai.com> <1d249bd4-6774-1235-f875-08ae526f8c2f@mozilla.com> <CAF8qwaBfG2K8EDy3VGFy_PF1bkVEFtj+x7euzZea2_r72Rnm-g@mail.gmail.com>
In-Reply-To: <CAF8qwaBfG2K8EDy3VGFy_PF1bkVEFtj+x7euzZea2_r72Rnm-g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.55.21111400
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.27.118.139]
Content-Type: multipart/alternative; boundary="_000_5289476DADAA404983005D67BA20314Aakamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.790 definitions=2021-11-20_03:2021-11-17, 2021-11-20 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 bulkscore=0 suspectscore=0 spamscore=0 adultscore=0 malwarescore=0 phishscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2111200091
X-Proofpoint-GUID: je48jTMfGyIQzICi2g699nkr_76dDvYw
X-Proofpoint-ORIG-GUID: je48jTMfGyIQzICi2g699nkr_76dDvYw
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-11-20_03,2021-11-17_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 clxscore=1015 lowpriorityscore=0 bulkscore=0 suspectscore=0 spamscore=0 phishscore=0 adultscore=0 impostorscore=0 mlxlogscore=999 priorityscore=1501 mlxscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2111200093
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/nj6ObCEyHtpWhQ4uNLYmRSFuMpA>
Subject: Re: [TLS] supported_versions in TLS 1.2
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Nov 2021 14:17:53 -0000

Peter has forgotten more about long-term embedded applications than the rest of us have experience. I’ll leave it to him to say why it’s important.

From: David Benjamin <davidben@chromium.org>
Date: Friday, November 19, 2021 at 4:08 PM
To: Peter Saint-Andre <stpeter@mozilla.com>
Cc: Rich Salz <rsalz@akamai.com>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] supported_versions in TLS 1.2

I think that's right. There's not much benefit to adding supported_versions to a TLS-1.2-only stack. We introduced it in TLS 1.3 because of compatibility issues and because it was more flexible and less prone to compatibility issues going forward. The forward-looking benefits don't really apply here (TLS 1.2 has already been updated as TLS 1.3), and TLS 1.2 version intolerance was (painstakingly) cleared out already. (To that end, I'd suggest changing Section 3.1.3 of rfc7525bis. The old insecure version fallbacks are no more.)

There's nothing wrong with implementing supported_versions in TLS 1.2. It's, in fact, one of the steps in implementing TLS 1.3. It's just not very useful beyond that. Thus, in a document of recommendations for TLS 1.2 operators, there's no need to include it. (Note the absence of a recommendation doesn't mean we recommend against it.)

On Fri, Nov 19, 2021 at 3:41 PM Peter Saint-Andre <stpeter@mozilla.com<mailto:stpeter@mozilla.com>> wrote:
Hi Rich,

On 11/17/21 7:18 AM, Salz, Rich wrote:
> Peter has said it more colorfully than I have:
>
>>     Not necessarily.  Since TLS 1.3 has forked TLS into two protocols, 1.0-1.2 and
>      1.3 (lets call them TLS family A and TLS family B), there are a large number
>      of users who will be sticking with the TLS A rather than TLS B family for an
>
> But he is right. At least Amazon, CloudFlare, and Facebook have had implementations of TLS 1.3 that handed off the connection to "legacy code" if it was an earlier version.  (Of course, I don't know if they still do that.)
>
> To repeat myself from yesterday:  "I agree that if you have supported_versions than you probably also have a 1.3-capable stack.  But it is also possible to have the first without the second." And to be more direct: the draft SHOULD separate those two cases.

I think 7525bis does separate the two cases. To me the question is
whether we achieve anything by that a 1.2-only stack should implement
the "supported_versions" extension. Here's my reasoning (please do
correct me if I'm wrong)...

With regard to a TLS 1.2-only client, by my reading RFC 8446 says:

- if the client does not send the supported_versions extension then a
server that supports both 1.2 and 1.3 will negotiate 1.2

- if the client does not send the supported_versions extension then
presumably the value of that extension and of the legacy_version field
will both be set to 0x0303, in which case again a server that supports
both 1.2 and 1.3 will negotiate 1.2

Ergo: why should a 1.2-only client add support for the
supported_versions extension?

With regard to a TLS 1.2-only server, by my reading RFC 8446 says:

- if the server receives the supported_versions extension and it
supports the extension, it will only negotiate 1.2 because it doesn't
support 1.3

- if the server receives the supported_versions extension (say, from a
1.3 client) but doesn't support the extension, then it will negotiate 1.2

Ergo: why should a 1.2-only server add support for the
supported_versions extension?

Am I missing something?

Peter

v2.23.0 | Report a Bug | By Email