IETF Logo Mail Archive

Re: [TLS] Accept draft-turner-ssl-must-not-02 as WG item

Marsh Ray <marsh@extendedsubset.com> Wed, 15 September 2010 06:57 UTC

Return-Path: <marsh@extendedsubset.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3418D3A6AB8 for <tls@core3.amsl.com>; Tue, 14 Sep 2010 23:57:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.582
X-Spam-Level:
X-Spam-Status: No, score=-0.582 tagged_above=-999 required=5 tests=[AWL=-1.082, BAYES_20=-0.74, SARE_LWSHORTT=1.24]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gx9zxBmVVNv3 for <tls@core3.amsl.com>; Tue, 14 Sep 2010 23:57:23 -0700 (PDT)
Received: from mho-01-ewr.mailhop.org (mho-01-ewr.mailhop.org [204.13.248.71]) by core3.amsl.com (Postfix) with ESMTP id 681D63A69A0 for <tls@ietf.org>; Tue, 14 Sep 2010 23:57:23 -0700 (PDT)
Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-01-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from <marsh@extendedsubset.com>) id 1OvlwC-000KX6-Rc for tls@ietf.org; Wed, 15 Sep 2010 06:57:48 +0000
Received: from [192.168.1.15] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id D464B6494 for <tls@ietf.org>; Wed, 15 Sep 2010 06:57:47 +0000 (UTC)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 69.164.193.58
X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX1+nssiKhM3PiXguc6kBmpFhiReEabOOT50=
Message-ID: <4C906E6B.4030706@extendedsubset.com>
Date: Wed, 15 Sep 2010 01:57:47 -0500
From: Marsh Ray <marsh@extendedsubset.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.12) Gecko/20100826 Thunderbird/3.0.7
MIME-Version: 1.0
To: tls@ietf.org
References: <E1Ovj4f-0007mZ-4a@wintermute02.cs.auckland.ac.nz>
In-Reply-To: <E1Ovj4f-0007mZ-4a@wintermute02.cs.auckland.ac.nz>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] Accept draft-turner-ssl-must-not-02 as WG item
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Sep 2010 06:57:29 -0000

On 09/14/2010 10:54 PM, Peter Gutmann wrote:
> Martin Rex<mrex@sap.com>  writes:
>
>> Personally I can not think of a reason to move away from what rfc-5246
>> appendix E.2 says.
>
> [...] Without a clear MUST
> NOT for the server to finally get clients to switch off SSLv2 hellos, we're
> never going to get rid of these things.

I 100% agree on the goal of getting everyone exchanging the modern, 
extension-compatible Hellos. I also think that the "tough love" approach 
is sometimes needed to move these things forward, particularly where 
they diminish security.

I'm thinking though that this document is kind of an unusual case.

For example, if you're not compliant with RFC 791 (Internet Protocol), 
you can't exchange packets over the internet. If you don't implement RFC 
793 (Transmission Control Protocol), you can't talk with most network 
services. Likewise, if you don't implement most of RFC 2246 (TLS 1.0) 
and some related standards, you won't be doing any shopping online.

But if draft-turner-ssl-must-not-02 becomes RFC NNNN, that means...

If you don't implement RFC NNNN, then you _can_ successfully continue to 
interoperate with some set of servers? With no inherent sacrifice of 
performance or security?

Conversely, if you _do_ implement this future RFC NNNN, you must now 
cease interoperating with previously legitimate requests.

So what is the expected consequence to a vendor for _not_ implementing 
this possible future RFC? It's not something that the vendor misses out 
on, like the big party going on over in TCP port 443. Certainly no 
prospective customer is going to push them for support of RFC NNNN.

Why would any vendor implement this spec unless they were planning to 
follow its recommendations for their own set of reasons anyway?

We've all vented to our co-workers (and spouses) at one time or another: 
"that goshdarn vendor will just never add support for RFC such-and-such 
even though it was standardized years ago, if only they took standards 
compliance more seriously!" Could it be that publishing a set of SHOULDs 
and MUSTs that are likely to be summarily disregarded has the potential 
to, um, erode the authority of the standards process a little bit?

It's not like implementers had jumped to add support for all the 
optional extensions when they were first defined. Today only a tiny 
fraction of TCP port 443 servers implement TLS 1.1 or 1.2 (827 and 11 
out of 607,249 respectively 
http://blog.ivanristic.com/Qualys_SSL_Labs-State_of_SSL_2010-v1.6.pdf).

It's been said that the only way we will move old protocols forward is 
to find some killer security hole in the old version. It also seems to 
be ever more frequently repeated that "SSL is irreparably broken". But 
I'm not so cynical. (Sorry, it doesn't happen often. :-) Perhaps folks 
could be enthusiastic again about upgrading if they expected it to bring 
new and improved functionality which even served their short term 
self-interest a little. You know, like the old times.

I could see that it might be helpful to give an engineer some official 
support for removing some attack surface that nobody's really using 
anyway. In this case, could that need be equally served by an 
informational RFC?

- Marsh

v2.23.0 | Report a Bug | By Email