IETF Logo Mail Archive

Re: [TLS] simplistic renego protection

Michael D'Errico <mike-list@pobox.com> Wed, 18 November 2009 16:04 UTC

Return-Path: <mike-list@pobox.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BAB8828C103 for <tls@core3.amsl.com>; Wed, 18 Nov 2009 08:04:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.506
X-Spam-Level:
X-Spam-Status: No, score=-2.506 tagged_above=-999 required=5 tests=[AWL=0.093, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bVAIpEumFKf9 for <tls@core3.amsl.com>; Wed, 18 Nov 2009 08:04:40 -0800 (PST)
Received: from sasl.smtp.pobox.com (a-pb-sasl-sd.pobox.com [64.74.157.62]) by core3.amsl.com (Postfix) with ESMTP id C0B7128C0DF for <tls@ietf.org>; Wed, 18 Nov 2009 08:04:40 -0800 (PST)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id BF87C9F342 for <tls@ietf.org>; Wed, 18 Nov 2009 11:04:38 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=2HIiPZK4PIA1 3Xt/Nm8FFBJAeJ8=; b=DNPkaw09uI9iUyuiOFp0/7PQqL7H6gcIOSLqT3sL/xc0 FYOC3mo93k6MYzT7RyL83CiJ/gBEXPynqU/zkn0I1F7a7Tj+aDBJvUImNnh7l8gs jWBYINcnv2rk1MqGihWBJGScGYalWu3YUTYRknr3qCuzQkbgtaE6usvyBbWV87Q=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=FONYfu TH9T7novCPmf0PPBXi3KVzUfIUYPL1NXxDw3HGw213QfbJzmD1U+v02Ul8ootJDf wFzX5nOV4XdtOhjyGmfVBAFdj8bbZwQqOP5GQmlVvaa2xzR71iE0DfapHRf+kdEj t8RV7tpyc+v6BAqCrcQIwD+9FbtCd5YQeqDoE=
Received: from a-pb-sasl-sd.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id B295C9F341 for <tls@ietf.org>; Wed, 18 Nov 2009 11:04:38 -0500 (EST)
Received: from administrators-macbook-pro.local (unknown [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTPSA id 305A39F340 for <tls@ietf.org>; Wed, 18 Nov 2009 11:04:37 -0500 (EST)
Message-ID: <4B041B5F.9070607@pobox.com>
Date: Wed, 18 Nov 2009 08:05:51 -0800
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: tls@ietf.org
References: <200911161725.nAGHPWaA014181@fs4113.wdf.sap.corp> <089F31C221374096B0FE619F@446E7922C82D299DB29D899F> <4B02A084.9030903@cs.tcd.ie> <20091117175000.653E669FBC6@kilo.networkresonance.com> <4B038974.9080001@pobox.com> <20091118080333.9D4FB69FC85@kilo.networkresonance.com>
In-Reply-To: <20091118080333.9D4FB69FC85@kilo.networkresonance.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: 12E65BE0-D45C-11DE-9901-EF34BBB5EC2E-38729857!a-pb-sasl-sd.pobox.com
Subject: Re: [TLS] simplistic renego protection
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2009 16:04:41 -0000

Eric Rescorla wrote:
> At Tue, 17 Nov 2009 21:43:16 -0800,
> Michael D'Errico wrote:
>>
>> Is there some secret agenda to kill off SSLv3? What is the point
>> of that? 
> 
> Well, I don't think it's a secret that many feel that it would
> be good for people to upgrade from SSLv3 to TLS. TLS includes
> a number of useful security fixes and extended functionality.
> So, it's not clear it's great to go out of our way to preserve
> its use indefinitely.

The alternate method that does not use extensions is fairly complete.
People seem to have a problem with putting the server bit in the
version.  I can understand that, and am open to other ideas.  I've
suggested using a checksum within the server random for this, but
nobody has commented on it.

Thus you can not say we need to "go out of our way", the work is
already done, just needs some polish.

>> SSLv3 accounts for more than one-in-five connections as
>> reported to this list.
> 
> Well, I've seen this claimed, but I haven't seen a citation for where
> the data comes from. I'd be interested in seeing such a cite. The data
> I've seen (and posted) suggests that servers support TLS very widely,
> and certainly every piece of SSL/TLS-based software built on any even
> remotely modern stack includes support for TLS, whatever it chooses to
> negotiate.

Does it really matter what the exact numbers are for SSL vs. TLS?
If there are two proposals, one that supports both SSL and TLS, and
another that only supports TLS, why would you want to choose the
latter?

>>  There is an alternate proposal that does not
>> have this limitation, and is better in many other respects.  Why do
>> you keep pushing this one?
> 
> Because I feel that those other proposals are inferior in many
> other respects? I'm not sure why this is so hard for you to
> understand.

You never give concrete reasons for your dislike of alternate ideas,
just that you don't like them.  That is your opinion and you are
entitled to it, but since you don't give constructive suggestions
for improvement, it is unhelpful.  If you gave suggestions they would
be considered and incorporated into an updated proposal.

Personally I like extensions.  A lot.  But they are not needed for
this, and because they are not widely implemented, forcing them on
the population is ill-considered.

Mike

v2.23.0 | Report a Bug | By Email