Re: [TLS] assert TLSext in renego-ServerHello instead of disable renego

Nelson B Bolyard <nelson@bolyard.me> Sun, 15 November 2009 21:45 UTC

Return-Path: <nelson@bolyard.me>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1980A3A68D0 for <tls@core3.amsl.com>; Sun, 15 Nov 2009 13:45:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.071
X-Spam-Level:
X-Spam-Status: No, score=-1.071 tagged_above=-999 required=5 tests=[AWL=0.236, BAYES_00=-2.599, MISSING_HEADERS=1.292]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j2IJotHB8T3w for <tls@core3.amsl.com>; Sun, 15 Nov 2009 13:45:10 -0800 (PST)
Received: from smtpauth23.prod.mesa1.secureserver.net (smtpauth23.prod.mesa1.secureserver.net [64.202.165.47]) by core3.amsl.com (Postfix) with SMTP id 637AD3A67BE for <tls@ietf.org>; Sun, 15 Nov 2009 13:45:10 -0800 (PST)
Received: (qmail 22486 invoked from network); 15 Nov 2009 21:45:09 -0000
Received: from unknown (24.5.142.42) by smtpauth23.prod.mesa1.secureserver.net (64.202.165.47) with ESMTP; 15 Nov 2009 21:45:09 -0000
Message-ID: <4B0076DD.9000907@bolyard.me>
Date: Sun, 15 Nov 2009 13:47:09 -0800
From: Nelson B Bolyard <nelson@bolyard.me>
Organization: Network Security Services
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.9.1b1pre) Gecko/20081004 NOT Firefox/2.0 SeaMonkey/2.0a2pre
MIME-Version: 1.0
CC: "tls@ietf.org" <tls@ietf.org>
References: <200911092035.nA9KZviE026489@fs4113.wdf.sap.corp> <4AF8EF8F.3090100@jacaranda.org> <4AF8F7B4.7020101@pobox.com> <4AF8FDBD.4080003@jacaranda.org> <4AF9070E.4050305@jacaranda.org> <4AF99E04.3060604@pobox.com> <20091112055910.58D2369EF16@kilo.networkresonance.com> <4AFC46D8.9050905@pobox.com> <20091113060004.55DC569F31E@kilo.networkresonance.com>, <4AFD850C.7010704@pobox.com> <006FEB08D9C6444AB014105C9AEB133FB36A4EC024@il-ex01.ad.checkpoint.com>
In-Reply-To: <006FEB08D9C6444AB014105C9AEB133FB36A4EC024@il-ex01.ad.checkpoint.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] assert TLSext in renego-ServerHello instead of disable renego
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Nov 2009 21:45:11 -0000

On 2009-11-13 13:37 PDT, Yoav Nir wrote:
> Actually, there have been messages suggesting that clients sending this 
> (or any other) extension, may have their session terminated, especially 
> if using SSLv3 and even with some TLS 1.0 servers.

That is true.  There definitely is some small fraction of SSL/TLS servers
out there that will not complete a handshake if the client hello has any
extensions whatsoever.

> If that is true for even a small minority of servers (say, 1%) we can't
> realistically expect browser vendors to add this, except buried deeply in
> some advanced menu.

By that logic, you might assume that browsers would not use extensions at
all today, "except buried deeply in some advanced menu", but that is not
the case at all.  Browsers DO use extensions when attempting to negotiate
TLS today, but not when attempting to negotiate SSL 3.0 (only).  Some
browsers have a "fall back" strategy that lets them try SSL 3.0 after a
TLS handshake attempt fails.  Whether that strategy will remain viable
going forward remains to be seen.  But don't expect use of TLS hello
extensions to stop because of it.

> I wish we had some hard data on this, but if this is true, we may need
> to find other ways for the client to signal support, or to signal 
> re-negotiation.

There is no objection among browsers to using this extension.

/Nelson Bolyard
Developer of TLS library used by Firefox