Re: [TLS] An SCSV to stop TLS fallback.

Ralf Skyper Kaiser <> Sat, 07 December 2013 15:14 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 8D9951AE371 for <>; Sat, 7 Dec 2013 07:14:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id l4kGFZjvKlFz for <>; Sat, 7 Dec 2013 07:14:20 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4001:c03::22f]) by (Postfix) with ESMTP id 11FFC1ADF7A for <>; Sat, 7 Dec 2013 07:14:19 -0800 (PST)
Received: by with SMTP id x13so3395154ief.20 for <>; Sat, 07 Dec 2013 07:14:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=KdRBx4n4ETH74PJW/477s/kBpPVvBZB9PvjlejVfzfs=; b=PVPL9UEJ/gDxIh6zDE2D+0QY7xN3WyIAaTrHtb4zDd/6szQZGYmqDflR4wtV+t+gUn OuagFFi6F4x3TGUcJzjnC8ztEO/lMcaeM25DFON/09hhPhMjZpKAIRhDnHcThGL3G4M3 +zgp3061zDsGhIu7Rc81XFJLpNIlix2K0U4xU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=KdRBx4n4ETH74PJW/477s/kBpPVvBZB9PvjlejVfzfs=; b=EMWQMtuyyI7JhpQFD+YZhr6w9dnhXCg//TMT2LlzXe5A5Xyg/f2qzhJ2DCXN6x5jZd 4LUtxRa9m/5zb0wOGlPm6enn37rkOYspbXuKQFHt5oU5x3ojUpxetf2eOGPZ1erNQUd0 fADgIUhq+5RDYrqokTCmnynR0jnc8ufDMCa8iFmxfXvgRZ7lWbwcelLRoCEZ9xubWYqy 17xLh2cdPDwbbD2Tyk70/TG7p6sbWXTCe+8/A7+UZK7UlRt+8LXcgOgxgGWhGh+Im4/8 PqAcYnqFB0h1JvwekJWG5dezP+TB9uUSdti1rFduRikeUh4LmkOdjI/MER3OzJxoYa86 rDgA==
X-Gm-Message-State: ALoCoQmxTOwZwbEyb2CaFucEIMUnovcdJ8dsCENs8roORlyAdT9M8BNGGvqB88ja2tXiF7lIKnvH
MIME-Version: 1.0
X-Received: by with SMTP id qc9mr7069059igb.11.1386429255926; Sat, 07 Dec 2013 07:14:15 -0800 (PST)
Received: by with HTTP; Sat, 7 Dec 2013 07:14:15 -0800 (PST)
X-Originating-IP: []
In-Reply-To: <>
References: <> <> <> <> <> <>
Date: Sat, 7 Dec 2013 15:14:15 +0000
Message-ID: <>
From: Ralf Skyper Kaiser <>
To: Yaron Sheffer <>
Content-Type: multipart/alternative; boundary=089e01229ed84e5cbb04ecf337bc
Cc: "" <>
Subject: Re: [TLS] An SCSV to stop TLS fallback.
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 07 Dec 2013 15:14:21 -0000


On Sat, Dec 7, 2013 at 3:02 PM, Yaron Sheffer <> wrote:

> Hi Ralf,
> No, AFAIU the problem does not exist for cert pinning, because there is
> protocol involved. Specifically, the server sends out HTTP headers to
> indicate the pinning and its lifetime. So (for example) you can start by
> changing the certs on all cluster members and only afterwards enable
> pinning on all of them.

This feature could be optional and a server admin could decide to use this
feature (e.g. to advertise TLS Version pinning and CIpher-suite pinning).

A server-cluster can opt-out to use the feature.

I'm not yet giving up hope to also find a solution that makes this feature
available to server-clusters. It could be a technical solution or a
management/process solution.

> Re: cipher-suites, if I'm using ECDHE it doesn't mean that I want future
> DHE connections to fail. It is absolutely legitimate to change t
> setting he server's software for some reason, and to thereby also change
> the list of supported ciphersuites. I don't think we can ever reach
> consensus on weak vs. strong cipher-suites on this mailing list, and such
> consensus would be needed to standardize such a solution.

Sadly can we not make up our mind which ciphers are strong or weak and we
always shift this responsibility to the server-admin. We have done so in
the past and solving this now would be out-of-scope for the proposed
TLS-version/Cipher-suite pinning discussion.

> Thanks,
>         Yaron