IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00

Bodo Moeller <bmoeller@acm.org> Mon, 20 October 2014 12:40 UTC

Return-Path: <SRS0=BZpw=7L=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B6D21A870F for <tls@ietfa.amsl.com>; Mon, 20 Oct 2014 05:40:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.938
X-Spam-Level:
X-Spam-Status: No, score=-0.938 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Oen2Z-d9qZBZ for <tls@ietfa.amsl.com>; Mon, 20 Oct 2014 05:40:04 -0700 (PDT)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE0881A8709 for <tls@ietf.org>; Mon, 20 Oct 2014 05:40:03 -0700 (PDT)
Received: from mail-yh0-f44.google.com (mail-yh0-f44.google.com [209.85.213.44]) by mrelayeu.kundenserver.de (node=mreue103) with ESMTP (Nemesis) id 0MI8Ug-1XhrDS3ktS-003rvC; Mon, 20 Oct 2014 14:40:01 +0200
Received: by mail-yh0-f44.google.com with SMTP id i57so3030308yha.17 for <tls@ietf.org>; Mon, 20 Oct 2014 05:39:59 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.236.203.114 with SMTP id e78mr39513833yho.47.1413808799662; Mon, 20 Oct 2014 05:39:59 -0700 (PDT)
Received: by 10.170.194.15 with HTTP; Mon, 20 Oct 2014 05:39:59 -0700 (PDT)
In-Reply-To: <1413807699.2597.14.camel@dhcp-2-127.brq.redhat.com>
References: <2112FCAD-4820-49D9-9871-6501C83A554D@cisco.com> <5438CFEA.7000401@brainhub.org> <543E9435.8000905@redhat.com> <2A0EFB9C05D0164E98F19BB0AF3708C71D39ECE9C9@USMBX1.msg.corp.akamai.com> <543E9C9F.5050104@redhat.com> <2A0EFB9C05D0164E98F19BB0AF3708C71D39ECE9D5@USMBX1.msg.corp.akamai.com> <543E9FFA.5030102@redhat.com> <CADMpkcLnOh3HGD+urWuo6fPfkX4WfGhwckE0jg5jS2KqD2RuMQ@mail.gmail.com> <CABkgnnWuCwOGBXG2RdetwPFn4KtVPygSBWG5qkme1mvNst6n+A@mail.gmail.com> <543F9893.806@redhat.com> <543FA0A0.1030205@polarssl.org> <543FCAED.50502@redhat.com> <543FCC90.7020408@polarssl.org> <1413468247.17221.8.camel@dhcp-2-127.brq.redhat.com> <CADMpkcLf+p5J600gueqzKec4nKuo78Xrr-auW+fyapuqM13Z4w@mail.gmail.com> <1413805668.2597.10.camel@dhcp-2-127.brq.redhat.com> <CADMpkcJZ_rm5U+vKoUdX03Jbotbf4zeJoVU=KB3CSJg=tX05fQ@mail.gmail.com> <1413807699.2597.14.camel@dhcp-2-127.brq.redhat.com>
Date: Mon, 20 Oct 2014 14:39:59 +0200
Message-ID: <CADMpkc+C269mpomY7CWF0UNyRh5V9jdqMq59ZqdJ8Z9CMNiuBQ@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: Nikos Mavrogiannopoulos <nmav@redhat.com>
Content-Type: multipart/alternative; boundary="089e0158c7c448ca170505da0333"
X-Provags-ID: V02:K0:qh7FZnHIWnIYDwtwdpb3K7TokZuw17zs41s/hd1rufn vT65foF6lnlhE8KtMWqmi/lmsOE2CaMZp4YzUwanUKWGZEFS82 7mI6wFM0Z4F10ZNF4Tp1BbTs7CvnsJQWE6WJz0IR3TVFsSTAit UzYSWTbpYenSntJPmToCOwFARnxujHKjFkOYbo3CXLnJIptGdA 13fW1c4InJvM0SORinjEMq5CqqZ3MQVDmK+nqiw6mK60st+6RT asoq1zwLaUxy2FJJgxA0wCuYCGYTJj0hBZ72LLS8Wzoi6DBqYu KUUqr6O93JdL23/Ah6KaulDMehhMzBs3/p88OIrkrpGrRZy+IM 0T9hyDexNrhwe+pTxuPjxCSAtiraMgPxQLrpZIEk3MSg+gUtz5 iI7Fse5nyDibqOZfMDmSe7lEE7b16WCnGXiVrs8PmfGmqs0mK/ hQoi/
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/r_LG602NjYK6JFcGSLfb1Gbk2aw
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Oct 2014 12:40:05 -0000

Nikos Mavrogiannopoulos <nmav@redhat.com>:

> It certainly makes sense to fix those broken servers. I disagree with
> > fixing them *instead* of deploying TLS_FALLBACK_SCSV; I think that's a
> > false dichotomy. If you are willing to stop fallback retries in the
> > client products that Red Hat distributes right now, great (do you?),
> > but clearly not everyone is willing to take that step at this time.
> > Until it has happened, clients already can benefit from
> > TLS_FALLBACK_SCSV.
>


> I disagree. It is a correct dichotomy :) If the servers are fixed, there
> is no use for the fallback SCSV, as clients would not need to perform
> the insecure fallback.
>

True, but clearly they aren't fixed *now*, and more importantly, various
current clients *do* still find it necessary to use fallback retries to
work with such servers.

I agree that TLS_FALLBACK_SCSV is hypothetically pointless :-)

In reality, though, it does serve a purpose.


As of the argument that clients would be protected from the SCSV, that
> only works if both the clients _and_ the servers are updated to support
> the fallback SCSV. Why is that step necessary, if we can instead fix the
> clients and the servers to properly negotiate TLS?


Using the SCSV already helps if *some* servers have been updated to support
it: connections to these servers, at least, will be more secure. For other
servers, you get what you have now.

Disabling fallback retries provides more encompassing protection, but
before you can take that step, you *first* need to fix the servers (that
is, all servers you'd still want to be able to connect to).

If you want to protect information in practice, it's not sufficient to be
confident to have a solution at some point in the future. It also matters
when you can deploy it. There's nothing that blocks you from deploying
TLS_FALLBACK_SCSV -- the broken servers will be just as broken, but you
don't depend on them getting fixed to be able to protect your connections
to servers that do support TLS_FALLBACK_SCSV.

Bodo

v2.23.0 | Report a Bug | By Email