IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00

Bodo Moeller <bmoeller@acm.org> Fri, 10 October 2014 19:52 UTC

Return-Path: <SRS0=LxXc=7B=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E82081ACF55 for <tls@ietfa.amsl.com>; Fri, 10 Oct 2014 12:52:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.714
X-Spam-Level:
X-Spam-Status: No, score=-1.714 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a4768IqMdsaj for <tls@ietfa.amsl.com>; Fri, 10 Oct 2014 12:52:29 -0700 (PDT)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.13]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87F0D1ACF54 for <tls@ietf.org>; Fri, 10 Oct 2014 12:52:29 -0700 (PDT)
Received: from mail-qg0-f42.google.com (mail-qg0-f42.google.com [209.85.192.42]) by mrelayeu.kundenserver.de (node=mreue103) with ESMTP (Nemesis) id 0LkjTw-1YD7S31Ujk-00aSeX; Fri, 10 Oct 2014 21:52:27 +0200
Received: by mail-qg0-f42.google.com with SMTP id z60so4468136qgd.15 for <tls@ietf.org>; Fri, 10 Oct 2014 12:52:25 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.224.97.72 with SMTP id k8mr12091992qan.21.1412970745143; Fri, 10 Oct 2014 12:52:25 -0700 (PDT)
Received: by 10.140.156.5 with HTTP; Fri, 10 Oct 2014 12:52:24 -0700 (PDT)
In-Reply-To: <CAFewVt40ewzwujJZ8KQYYALnPjBSZnF-bDiVaz54URA6MaqPEg@mail.gmail.com>
References: <2112FCAD-4820-49D9-9871-6501C83A554D@cisco.com> <CABkgnnUxeouqDNhYFGDC2xqUaT8r7zFvAT5U1OUGJwHwCOuOwA@mail.gmail.com> <CADMpkcJKJiTCQXdDbepyiAf22J9VC03DDgiE521n3NsNnFmALA@mail.gmail.com> <CABkgnnWo9KGMkRrmA0wkJ5Dfnzh2Vo-cveCe_UeH71F8K_4oWw@mail.gmail.com> <CADMpkcJpHeKGV-xc4Uon8KWj=+p=6nQO1_rxb6sRN04nFX--gQ@mail.gmail.com> <CABkgnnU8DyzRvvq1e24bUsZdwx48mFOC6KstZaUCbvyQ-WwesQ@mail.gmail.com> <CADMpkc+wXf=SG3=C==SV77YXZdbXnbXspJLRZ1UORPF-WbVMEw@mail.gmail.com> <CAFewVt5mEodyqB6TWCmvOUBek9Bnb43bmw5mAqph-hQU=F=EpA@mail.gmail.com> <CAFewVt40ewzwujJZ8KQYYALnPjBSZnF-bDiVaz54URA6MaqPEg@mail.gmail.com>
Date: Fri, 10 Oct 2014 21:52:24 +0200
Message-ID: <CADMpkcKh=6Y9u_utfLiccZTUKT-BV1+3NQO7OzDN-Dn38sx-TQ@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a11c3e01857aba2050516e3ef"
X-Provags-ID: V02:K0:otpAipRRdfpYKavu8+5QB6f6kUVyt57prfphTBC0ySq DMHPK9WgKoB88xBwA/1nwPHpj1eaRuv4PoYta0qpM5QGSFy+Jd 7TaQ6n4zfo9PV2fAkYaF/jWcVZ8jBV/ugLEl81gXO+BEyMTvsS f9s/7ONoPJtJzEO2CVCXt0eCF4kVpWRPM6OvYCFA6vZvk6qxa/ 8tChgvMd4hp2kV/H5XPqCFb4Hy7DYQLBFsjCIb5dfRo5j1TKCS as7tDlekJEyMywUr+8+zXcLD6j9vpCBLDBa4MAfq0HnQATasm4 TcZGfKDW+XUtdC++WdKv/WZAX1Trdaccvm1pqX20x5NpmRmnN8 mj+3/HF3zwVh6ueNP+jbuLzzlfpjlaN5XvasTWtKtFMeR/tner +NVWosTvYKlQTYfCAuudnkDzKWJwrxRo+W6Jmfrmqh71YAle5B 0CWMj
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/w9Fhx6P7ljNWrUt0L_sKqMiYyzs
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Oct 2014 19:53:22 -0000

Brian Smith <brian@briansmith.org>:

>       However, as an exception to the above, when the client intends to
> >       perform an abbreviated handshake to resume a previously negotiated
> >       session and sets ClientHello.client_version to the protocol
> >       version negotiated for that session, the client MUST NOT include
> >       TLS_FALLBACK_SCSV in ClientHello.cipher_suites.
> >
> > So, if the client does NOT set ClientHello.client_version to the
> > version negotiated for that session, then the client MAY send the SCSV
> > in the resumption handshake.
>


> Bodo, could you please reword the above to make it clearer?
>

Maybe I should rather change it?

"However, when the client intends to
perform an abbreviated handshake to resume a previously negotiated
session and sets ClientHello.client_version to the protocol
version negotiated for that session, the client MAY omit
TLS_FALLBACK_SCSV from ClientHello.cipher_suites
even if that version is lower than the latest version supported by the
client.

(Given that the protocol version has previously been negotiated
between the client and server, TLS_FALLBACK_SCSV is only
expected to have an effect if the server has since been updated
to support higher versions. Omitting TLS_FALLBACK_SCSV
lets the client continue to use the previously negotiated protocol
version. Sending TLS_FALLBACK_SCSV, in contrast, could lead
to an inappropriate_fallback alert if the client should start anew
to create a new session using the new highest protocol version.)"

Previously I'd assumed you'd want to keep "normal" behavior (simply
continue to use the previous protocol version), but I don't see a
compelling reason for the specification to prescribe that to clients.

Bodo

v2.23.0 | Report a Bug | By Email