IETF Logo Mail Archive

Re: [TLS] Prohibiting SSL 3.0

Dave Garrett <davemgarrett@gmail.com> Fri, 31 October 2014 09:02 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E8251A70E1 for <tls@ietfa.amsl.com>; Fri, 31 Oct 2014 02:02:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RS8suoZT4vcn for <tls@ietfa.amsl.com>; Fri, 31 Oct 2014 02:02:03 -0700 (PDT)
Received: from mail-qg0-x236.google.com (mail-qg0-x236.google.com [IPv6:2607:f8b0:400d:c04::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 342FA1A797C for <tls@ietf.org>; Fri, 31 Oct 2014 02:02:03 -0700 (PDT)
Received: by mail-qg0-f54.google.com with SMTP id q108so5195673qgd.41 for <tls@ietf.org>; Fri, 31 Oct 2014 02:02:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:mime-version:content-type :content-transfer-encoding:message-id; bh=jjhxYkykHW0HS1yVvr/f22kDh1C0lJPi4zTmTUAtM28=; b=DI0bD5jl1FVoyrCUpuSNzMsf6jGr4PKFLqSa86ZroLSZpET+3XkjII+WDMYchdz+bl X8UB1tuxpfUkQUZXRwMOyKjl9evInQWn2ah5zbI+rQKend5lnC8CDRDxKn/rifg4jI03 lv/PgGVHpHh9YdOHtHJP7VlUuWALjXbcEO7fOtRNs0PE9P//L/EGGOrcadYAu2B5nbwi apty4O32eLglnM2H5j7tljdTXUU1snSGYHQmOlXRENCXTd+xE1syARLbYLWHd4LlC2UK cyiTAwdgmKI9PMrB4xg1xcrm/dYN3UIQ0hB489cUcBpUvMa9eXOW/qTP/VNY/L6MdZyi uHTw==
X-Received: by 10.224.50.84 with SMTP id y20mr34766148qaf.44.1414746122374; Fri, 31 Oct 2014 02:02:02 -0700 (PDT)
Received: from dave-laptop.localnet (pool-72-78-212-218.phlapa.fios.verizon.net. [72.78.212.218]) by mx.google.com with ESMTPSA id i33sm8940502qgd.8.2014.10.31.02.02.02 for <multiple recipients> (version=TLSv1 cipher=RC4-SHA bits=128/128); Fri, 31 Oct 2014 02:02:02 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: tls@ietf.org
Date: Fri, 31 Oct 2014 05:02:00 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-66-generic-pae; KDE/4.4.5; i686; ; )
MIME-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <201410310502.01198.davemgarrett@gmail.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/r9HyAkJW43BDhok7mbBDaBV9PVU
X-Mailman-Approved-At: Fri, 31 Oct 2014 16:46:34 -0700
Subject: Re: [TLS] Prohibiting SSL 3.0
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Oct 2014 09:02:05 -0000

Martin Rex wrote:
> [...] TLS is not designed to provide protection from [...]

This is not a useful debate. What SSL/TLS was designed to do last millennium is irrelevant. We have new threat models now and have to adapt our expectations of security protocols to deal with them.

https://www.youtube.com/watch?v=MiU42KI1GUw#t=110s

There's no point in arguing about SSL3 at this point. Even if it's theoretically safe with various mitigations within a narrow use-case, very few people trust it anymore. It's archaic and long since deprecated. TLS 1.0 is obsolete for that matter. If security is the actual goal here, it really should be TLS 1.2 or bust by now. The only reason any of these old versions are supported is an unwillingness/incapability of vendors to properly coordinate upgrades and deprecations. It took a decade and a half and POODLE to get anybody to jointly axe SSL3. We should take it as good that we can move slightly into the future and move on.

I'd like to see a draft for prohibiting TLS 1.0 on the queue next. If we've learned one thing recently, it's that you shouldn't wait until the last possible moment to get rid of old protocols. We shouldn't be expecting old versions to be maintained properly with all necessary mitigations that are required, nor should we be surprised when they inevitably have some long standing flaw that eventually gets discovered.


-- Dave

v2.23.0 | Report a Bug | By Email