Re: [TLS] [Technical Errata Reported] RFC5246 (2643)
Michael D'Errico <mike-list@pobox.com> Mon, 29 November 2010 03:08 UTC
Return-Path: <mike-list@pobox.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A58B028C11F for <tls@core3.amsl.com>; Sun, 28 Nov 2010 19:08:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tg97NrGaAFvb for <tls@core3.amsl.com>; Sun, 28 Nov 2010 19:08:03 -0800 (PST)
Received: from sasl.smtp.pobox.com (a-pb-sasl-sd.pobox.com [64.74.157.62]) by core3.amsl.com (Postfix) with ESMTP id C07A428C105 for <tls@ietf.org>; Sun, 28 Nov 2010 19:08:02 -0800 (PST)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id 22A5E37BD; Sun, 28 Nov 2010 22:09:28 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=q+Sf28NZ7Lly dRl9BmpcmYCg0Ig=; b=COGxw4XzCGyBUyyccknTW4CE/7u9hsiG/9OBT3JWNhkd azaVQmU5zfjrUoE9mDWp3dfnxg8VnyASyUU8v0ljJkav80Sm7KyOPklOpFoTVa7M 52RQmC/7LOtfFV/bAAsx3DU+F3WfeAfrqOIUbjcL3v9hXQ0eNKiIky8XJpeuhGg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=i6g3uv bk4Y8mROldz2Xc0pYmaM1NpBFvAi16yVfkyommUDt+C4qrWMtt0RLi4IlVj2zydF U8JOyJ57uhSUrEjHelPcuooesKgGrX+5iRWMPd7T1RTIQDotzVs9yexIBGf3lPVC ty08t4QNoc38U5cBBkrM1YdUCM/zYrgWFHOP0=
Received: from a-pb-sasl-sd.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id A579D37BA; Sun, 28 Nov 2010 22:09:20 -0500 (EST)
Received: from iMac.local (unknown [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTPSA id 788CC37B9; Sun, 28 Nov 2010 22:09:11 -0500 (EST)
Message-ID: <4CF31944.90800@pobox.com>
Date: Sun, 28 Nov 2010 19:08:52 -0800
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.21 (Macintosh/20090302)
MIME-Version: 1.0
To: RFC Errata System <rfc-editor@rfc-editor.org>
References: <20101123052057.CA4EBE06F1@rfc-editor.org>
In-Reply-To: <20101123052057.CA4EBE06F1@rfc-editor.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: 0F4DB4BA-FB66-11DF-9E95-DF8536391E49-38729857!a-pb-sasl-sd.pobox.com
Cc: tim.polk@nist.gov, tls@ietf.org
Subject: Re: [TLS] [Technical Errata Reported] RFC5246 (2643)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Nov 2010 03:08:04 -0000
Does it make sense to clarify how SSL 2.0 should be supported while we're
simultaneously saying SSL 2.0 MUST NOT be negotiated?
Mike
Prohibiting SSL Version 2.0
draft-turner-ssl-must-not-02.txt
Abstract
This document requires that when TLS clients and servers establish
connections that they never negotiate the use of Secure Sockets Layer
(SSL) version 2.0. This document updates the backward compatibility
sections found in the Transport Security Layer (TLS) Protocol, RFC
5246.
RFC Errata System wrote:
> The following errata report has been submitted for RFC5246,
> "The Transport Layer Security (TLS) Protocol Version 1.2".
>
> --------------------------------------
> You may review the report below and at:
> http://www.rfc-editor.org/errata_search.php?rfc=5246&eid=2643
>
> --------------------------------------
> Type: Technical
> Reported by: Matt McCutchen <matt@mattmccutchen.net>
>
> Section: E.3
>
> Original Text
> -------------
> When a TLS-capable server negotiates SSL 2.0 it SHOULD, after
> decrypting the ENCRYPTED-KEY-DATA field, check that these 8 padding
> bytes are 0x03. If they are not, the server SHOULD generate a random
> value for SECRET-KEY-DATA, and continue the handshake (which will
> eventually fail since the keys will not match).
>
> Corrected Text
> --------------
> When a TLS-capable server negotiates SSL 2.0 it SHOULD, after
> decrypting the ENCRYPTED-KEY-DATA field, check that these 8 padding
> bytes are not all 0x03. If they are, the server SHOULD generate a random
> value for SECRET-KEY-DATA, and continue the handshake (which will
> eventually fail since the keys will not match).
>
> Notes
> -----
> The condition is the wrong way around. When the bytes *are* all 0x03, that means the client supports TLS, so there must have been a version rollback attack in order for SSL 2.0 to be negotiated. For example, see the NSS implementation (line number may rot):
>
> https://mxr.mozilla.org/mozilla/source/security/nss/lib/ssl/sslcon.c#1695
>
> Instructions:
> -------------
> This errata is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party (IESG)
> can log in to change the status and edit the report, if necessary.
>
> --------------------------------------
> RFC5246 (draft-ietf-tls-rfc4346-bis-10)
> --------------------------------------
> Title : The Transport Layer Security (TLS) Protocol Version 1.2
> Publication Date : August 2008
> Author(s) : T. Dierks, E. Rescorla
> Category : PROPOSED STANDARD
> Source : Transport Layer Security
> Area : Security
> Stream : IETF
> Verifying Party : IESG
- [TLS] [Technical Errata Reported] RFC5246 (2643) RFC Errata System
- Re: [TLS] [Technical Errata Reported] RFC5246 (26… Michael D'Errico
- Re: [TLS] [Technical Errata Reported] RFC5246 (26… Marsh Ray