Re: [TLS] Comments/Questions on draft-gutmann-tls-encrypt-then-mac-00.txt
Adam Langley <agl@imperialviolet.org> Wed, 25 September 2013 13:11 UTC
Return-Path: <alangley@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96C6121F9E0B for <tls@ietfa.amsl.com>; Wed, 25 Sep 2013 06:11:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ci60J4QBnVPn for <tls@ietfa.amsl.com>; Wed, 25 Sep 2013 06:11:44 -0700 (PDT)
Received: from mail-lb0-x22c.google.com (mail-lb0-x22c.google.com [IPv6:2a00:1450:4010:c04::22c]) by ietfa.amsl.com (Postfix) with ESMTP id 4DB2821F9DD0 for <tls@ietf.org>; Wed, 25 Sep 2013 06:11:39 -0700 (PDT)
Received: by mail-lb0-f172.google.com with SMTP id x18so5008541lbi.17 for <tls@ietf.org>; Wed, 25 Sep 2013 06:11:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=OnpjsbpyRUzPQ6l6/mF9kURlQkHzUWGO0z+ij3fxMaQ=; b=HqLl+LCNXd/1153BkAIP6niPT/A92vaNcjj0t2rP1f+Li5beTYZxQn62xjMqZne0xh Iv6DHvgY5nzMBzxoobXyBfyIFFz6+7OcSBRGPZLTa2TDuUKLENIg4QgjM52uf+lUNXHT jFEW9Nw1Gqskt0iZWmv8DNVK6TIomFR+p1Bd9PQa5aK85c2JXVpmSJp0+KRwx/tUrT86 xNIJkgP7P3f9Irg5UGuhi/0nipox+Jo50w9K/JBo+sGN3qnx2nay445vW/lR4URz14YJ LfQu8r4CB1P/EZPwyd+BrDVTB5BTHg9r+cQik55J+H+kk8XCQPYYk2AGiGbcW9SEErSu hJvw==
MIME-Version: 1.0
X-Received: by 10.152.8.115 with SMTP id q19mr30282961laa.16.1380114698172; Wed, 25 Sep 2013 06:11:38 -0700 (PDT)
Sender: alangley@gmail.com
Received: by 10.112.6.170 with HTTP; Wed, 25 Sep 2013 06:11:38 -0700 (PDT)
In-Reply-To: <CADMpkcJtp-+P8CFn_K7uptXtorYom0ALdaUn6xB16JFZSHoBtg@mail.gmail.com>
References: <9A043F3CF02CD34C8E74AC1594475C735567D321@uxcn10-6.UoA.auckland.ac.nz> <CADMpkcJtp-+P8CFn_K7uptXtorYom0ALdaUn6xB16JFZSHoBtg@mail.gmail.com>
Date: Wed, 25 Sep 2013 09:11:38 -0400
X-Google-Sender-Auth: inYuk__6gIoVp-iyjmajrdGKJ1E
Message-ID: <CAMfhd9U2eBdeO4MuDBW9hcuxzu0sttkifySSHJp9=bm5n3NNEg@mail.gmail.com>
From: Adam Langley <agl@imperialviolet.org>
To: Bodo Moeller <bmoeller@acm.org>
Content-Type: text/plain; charset="UTF-8"
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Comments/Questions on draft-gutmann-tls-encrypt-then-mac-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Sep 2013 13:11:44 -0000
On Wed, Sep 25, 2013 at 7:03 AM, Bodo Moeller <bmoeller@acm.org> wrote: > So maybe the right fix to this kind of problem is to adapt an idea from > draft-rescorla-tls-version-cs-00 and create a signalling ciphersuite value > that would *only* be used in SSL 3.0 connections by clients that have > downgraded, and tells the server "If you can read this, tear down the > connection because we shouldn't actually be using SSL 3.0 for this > connection"? (I think I would want such an SCSV to indicate TLS 1.2 support rather than TLS 1.0 support, but that's just a detail.) A possible problem with this approach is that there are both broken servers and broken networks and I don't have good information about the latter. (It's obviously much more difficult to detect.) Broken networks can stop the transit of TLS based on version and that has been observed, very rarely, in the wild. However, just because we haven't observed it much doesn't mean that it's not happening, it just means that we rarely get to observe it. If it turns out that broken networks are insignificant then we can use an SCSV to prevent version downgrade. (Using the renegotiation extension for this would have been nice, but I think we've already lost that battle.) However, if they are not then we may need to run modern ciphersuites in older versions. The first step to figuring this out is that Chrome will stop downgrading to SSLv3 when talking to Google servers soon. If that works, and we're able to get to the point where we can remove fallback completely without breaking networks, then that will answer the question. Cheers AGL -- Adam Langley agl@imperialviolet.org http://www.imperialviolet.org
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- [TLS] Comments/Questions on draft-gutmann-tls-enc… Eric Rescorla
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Christian Kahlo
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Dr Stephen Henson
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bill Frantz
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Nikos Mavrogiannopoulos
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Nikos Mavrogiannopoulos
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Christian Kahlo
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Nikos Mavrogiannopoulos
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Christian Kahlo
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Eric Rescorla
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Alfredo Pironti
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Ralph Holz
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Adam Langley
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Michael D'Errico
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Yaron Sheffer
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Michael D'Errico
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Yaron Sheffer
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Martin Rex
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Mohamad Badra
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Martin Rex
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Michael D'Errico
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Martin Rex
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Martin Rex
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Paul Bakker
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Paul Bakker
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Alfredo Pironti
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Paul Bakker
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Yoav Nir