IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00

Bodo Moeller <bmoeller@acm.org> Tue, 14 October 2014 01:08 UTC

Return-Path: <SRS0=XkVJ=7F=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 863491A1A7A for <tls@ietfa.amsl.com>; Mon, 13 Oct 2014 18:08:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.714
X-Spam-Level:
X-Spam-Status: No, score=-1.714 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I8AyGQRm5vB5 for <tls@ietfa.amsl.com>; Mon, 13 Oct 2014 18:08:43 -0700 (PDT)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2AFC1A1A73 for <tls@ietf.org>; Mon, 13 Oct 2014 18:08:42 -0700 (PDT)
Received: from mail-yh0-f45.google.com (mail-yh0-f45.google.com [209.85.213.45]) by mrelayeu.kundenserver.de (node=mreue102) with ESMTP (Nemesis) id 0MT92U-1XlzIj2kmU-00SAF8; Tue, 14 Oct 2014 03:08:35 +0200
Received: by mail-yh0-f45.google.com with SMTP id b6so4081123yha.4 for <tls@ietf.org>; Mon, 13 Oct 2014 18:08:32 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.236.42.165 with SMTP id j25mr2229907yhb.130.1413248912366; Mon, 13 Oct 2014 18:08:32 -0700 (PDT)
Received: by 10.170.194.15 with HTTP; Mon, 13 Oct 2014 18:08:32 -0700 (PDT)
In-Reply-To: <CAFewVt7ag3tUzpEq_wtqzuZi2wOq6CYEBSKKgdajGDnSQYUS5w@mail.gmail.com>
References: <2112FCAD-4820-49D9-9871-6501C83A554D@cisco.com> <CABkgnnUxeouqDNhYFGDC2xqUaT8r7zFvAT5U1OUGJwHwCOuOwA@mail.gmail.com> <CADMpkcJKJiTCQXdDbepyiAf22J9VC03DDgiE521n3NsNnFmALA@mail.gmail.com> <CABkgnnWo9KGMkRrmA0wkJ5Dfnzh2Vo-cveCe_UeH71F8K_4oWw@mail.gmail.com> <CADMpkcJpHeKGV-xc4Uon8KWj=+p=6nQO1_rxb6sRN04nFX--gQ@mail.gmail.com> <CABkgnnU8DyzRvvq1e24bUsZdwx48mFOC6KstZaUCbvyQ-WwesQ@mail.gmail.com> <CADMpkc+wXf=SG3=C==SV77YXZdbXnbXspJLRZ1UORPF-WbVMEw@mail.gmail.com> <CAFewVt5mEodyqB6TWCmvOUBek9Bnb43bmw5mAqph-hQU=F=EpA@mail.gmail.com> <CAFewVt40ewzwujJZ8KQYYALnPjBSZnF-bDiVaz54URA6MaqPEg@mail.gmail.com> <CADMpkcKh=6Y9u_utfLiccZTUKT-BV1+3NQO7OzDN-Dn38sx-TQ@mail.gmail.com> <CAFewVt747+NJZxGohr_1=TqW=Pcu7qp7tz=8qYWP=Zg+vRPsPw@mail.gmail.com> <CADMpkcKE5fLuJngj9V1wCYFa8dcr9Hxw02y8Bk9Pb56cRZYYkQ@mail.gmail.com> <CAFewVt7ag3tUzpEq_wtqzuZi2wOq6CYEBSKKgdajGDnSQYUS5w@mail.gmail.com>
Date: Tue, 14 Oct 2014 03:08:32 +0200
Message-ID: <CADMpkcKN8mSnE41-5a_6w+Vh-83MsoFiC6qFL6-4z-X9fAAGbg@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a11c2009866a632050557a75e"
X-Provags-ID: V02:K0:67XVc2kfy5MnmlFqbEZM590uY7MXS6dtSiisFRw5ISV 30pSBx8qIU+AajsQKhazhQreQySKNKu2Y0SDbjEyrorOC4QR9O ea8wjsR4ReoIILMnsr4X8WnHkMuaTp6xeAXCloJbj+oetOApw3 uFCEPTPYeCwQknBKZuI1jsfnnmwd0Wg++8nSNn967KFF8CKax8 /sZEJ77WBoxMDHa0tr60yM2wcHH540gsSdFr0gzWX1GzpUO7/9 eEqlITKI95dGPY5HhUoCpeDI6f7IZeoVpGwOicQGIXTLNrDOK4 gvjI6Op0qdVaDnvS9bdFAuZvebDwFgr7tl/zVBmjrGC65TzV3W EGvC0efiuQegOPoE29fq8dI2iZgOz7eyLZORV/TRJeAcabH3cH t8IgeRVhY48RlDH8yni7I9piwrdOIyyYHcFgRICGgRA1knv0eR sYGmA
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/rwf3mhTnTpnJhqXcTL1-uCOpHFE
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Oct 2014 01:10:21 -0000

>
> > However, this issue really just follows from the relevant language in the
> > TLS RFCs: "Whenever a client already knows the highest protocol version
> > known to a server (for example, when resuming a session), it SHOULD
> initiate
> > the connection in that native protocol." If the client follows these
> > directions, using the old protocol version even in case the server gets
> > upgraded is expected.
>


> I agree. But, my conclusion is that the TLS specification is wrong,
>

Got it; sorry for being slow.

Here's one way to write that.

"If a client sends a ClientHello.client_version containing a lower value
than the latest (highest-valued) version supported by the client, it SHOULD
include the TLS_FALLBACK_SCSV cipher suite value in
ClientHello.cipher_suites. (...)

Sometimes, a client assuming that it already knows the highest protocol
version supported by a server (such as when resuming a session) may
initiate the connection in that native protocol as per Appendix E.1 of
[RFC5246]. In this situation, as an exception to the above, the client MUST
NOT include TLS_FALLBACK_SCSV in ClientHello.cipher_suites (unless it
downgrades ClientHello.client_version further in additional connection
attempts), since server-side support of protocol versions may have changed
since the previous connection.

(To avoid perpetuating use of an earlier protocol version if the server in
question actually does get updated, such clients SHOULD time out knowledge
of the highest protocol version supported by the server. Also, any such
knowledge MUST be forgotten if the server ever sends an
inappropriate_fallback alert.)"

Bodo

v2.43.4 | Report a Bug | By Email | System Status