Re: [TLS] Downgrade SCSV info
Bodo Moeller <bmoeller@acm.org> Tue, 11 November 2014 22:10 UTC
Return-Path: <bmoeller@acm.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FF041AD3CE for <tls@ietfa.amsl.com>; Tue, 11 Nov 2014 14:10:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.262
X-Spam-Level:
X-Spam-Status: No, score=-0.262 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kCDYc3Gyp5j4 for <tls@ietfa.amsl.com>; Tue, 11 Nov 2014 14:10:28 -0800 (PST)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.187]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5DD31AD3B6 for <tls@ietf.org>; Tue, 11 Nov 2014 14:10:25 -0800 (PST)
Received: from mail-ob0-f171.google.com (mail-ob0-f171.google.com [209.85.214.171]) by mrelayeu.kundenserver.de (node=mreue004) with ESMTP (Nemesis) id 0Lyh7L-1Y2KQi0g9X-0164p1; Tue, 11 Nov 2014 23:10:23 +0100
Received: by mail-ob0-f171.google.com with SMTP id wp18so8226037obc.30 for <tls@ietf.org>; Tue, 11 Nov 2014 14:10:21 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.182.142.10 with SMTP id rs10mr34920915obb.36.1415743821829; Tue, 11 Nov 2014 14:10:21 -0800 (PST)
Received: by 10.60.32.42 with HTTP; Tue, 11 Nov 2014 14:10:21 -0800 (PST)
In-Reply-To: <CABkgnnU=NM0pK1O7KdEa9T4nEo8qE3D2K4JPKSt8ShWU72DrVw@mail.gmail.com>
References: <CABkgnnU=NM0pK1O7KdEa9T4nEo8qE3D2K4JPKSt8ShWU72DrVw@mail.gmail.com>
Date: Tue, 11 Nov 2014 23:10:21 +0100
Message-ID: <CADMpkcKiCAzdOpTuMvW8EXh=7-bS5KrXigZ4Vq_CFJNQGKDekg@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a11c2df3498031605079c8b61"
X-Provags-ID: V02:K0:neduevb1PfBp+TVoT88Iu5vTTmyRh/RhnkEBYoYjzFS u8dJhogxD5ZNADDxxfJ6P2Zk2Ygop/Ipa6aZzyF32FJab6JzG7 moAmDsoakdJyptizVSohF5oU5/XY3GakU6kHXdSnWFfR8Ioyk+ 8Tnb41d4uzKdqlCTNr4BJoSdloFecMKuVaom1AzNULvCGPuKqP TAf6qUa5smXyzhTI6jtKMW8e6ivYBi3FxbOQ5jLRlDgEJFophT xtHWZ2ccC418SqiufS99+WXyTW7VVZAVwCfrbLViP8gS259xBY YBtM6wO3wDZXrtgC8qcZG2rOYZymJGVGmpf7O5GPk/X920ErZ7 meB0vsOi8CoS91ASME/8ww/464RgL9dyNW17pdXLJ4lj5eQisc 1Y0HgisoxBIqehQ2Wlock+0HwMfSk9NVm7/HySGlBZWTe2sqgb hkP2z
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/uX0TT-1hgUPXcjSsZymvJ3Zhd18
Subject: Re: [TLS] Downgrade SCSV info
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Nov 2014 22:10:29 -0000
Martin Thomson <martin.thomson@gmail.com>: > I realize that this new information is late, but this is my > understanding of how Internet Explorer implements version fallback. > Rob, please correct me if I'm wrong. > > TLS 1.2 (no RC4) > TLS 1.0 (no RC4) > TLS 1.0 (with RC4) > TLS 1.0 with TLS_FALLBACK_SCSV? It is my opinion that this is not that large a risk. We are highly > likely - in my opinion, and based on the numbers we have - to have few > TLS 1.1 servers that are both intolerant to the TLS 1.2 handshake AND > implement the downgrade SCSV. Right, although it couldn't hurt for the client to try TLS 1.1 next in case it sees an inappropriate_fallback alert. (Then in the end you have essentially the same outcome as if trying the protocols in decreasing order, in the presence of an active attacker forcing you to downgrade.) Bodo
- [TLS] Downgrade SCSV info Martin Thomson
- Re: [TLS] Downgrade SCSV info Bodo Moeller
- Re: [TLS] Downgrade SCSV info Martin Thomson
- Re: [TLS] Downgrade SCSV info Bodo Moeller
- Re: [TLS] Downgrade SCSV info Rob Trace
- Re: [TLS] Downgrade SCSV info Bodo Moeller