Re: [TLS] TLS renegotiation issue

Michael Gray <mickgray@au1.ibm.com> Fri, 06 November 2009 00:00 UTC

Return-Path: <mickgray@au1.ibm.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D128628C14C for <tls@core3.amsl.com>; Thu, 5 Nov 2009 16:00:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.592
X-Spam-Level:
X-Spam-Status: No, score=-6.592 tagged_above=-999 required=5 tests=[AWL=0.007, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HCsoW5UrFn9s for <tls@core3.amsl.com>; Thu, 5 Nov 2009 16:00:23 -0800 (PST)
Received: from e23smtp01.au.ibm.com (e23smtp01.au.ibm.com [202.81.31.143]) by core3.amsl.com (Postfix) with ESMTP id B5BD03A6932 for <tls@ietf.org>; Thu, 5 Nov 2009 16:00:22 -0800 (PST)
Received: from d23relay04.au.ibm.com (d23relay04.au.ibm.com [202.81.31.246]) by e23smtp01.au.ibm.com (8.14.3/8.13.1) with ESMTP id nA5NxCDh028212 for <tls@ietf.org>; Fri, 6 Nov 2009 10:59:12 +1100
Received: from d23av02.au.ibm.com (d23av02.au.ibm.com [9.190.235.138]) by d23relay04.au.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id nA5NveTi1642576 for <tls@ietf.org>; Fri, 6 Nov 2009 10:57:41 +1100
Received: from d23av02.au.ibm.com (loopback [127.0.0.1]) by d23av02.au.ibm.com (8.14.3/8.13.1/NCO v10.0 AVout) with ESMTP id nA600g4I007905 for <tls@ietf.org>; Fri, 6 Nov 2009 11:00:42 +1100
Received: from d23ml003.au.ibm.com (d23ml003.au.ibm.com [9.190.250.22]) by d23av02.au.ibm.com (8.14.3/8.13.1/NCO v10.0 AVin) with ESMTP id nA600gNB007900; Fri, 6 Nov 2009 11:00:42 +1100
In-Reply-To: <d3aa5d00911051258n4a1501d4o3ffe1743eed0187@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
X-Mailer: Lotus Notes Release 7.0 HF277 June 21, 2006
Message-ID: <OF932FC8F5.DD33A5E8-ON4A257665.00777725-4A257666.00000910@au1.ibm.com>
From: Michael Gray <mickgray@au1.ibm.com>
Date: Fri, 6 Nov 2009 10:00:23 +1000
X-MIMETrack: Serialize by Router on d23ml003/23/M/IBM(Release 7.0.2FP3HF80 | July 14, 2008) at 06/11/2009 11:07:15
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS renegotiation issue
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2009 00:00:23 -0000

Eric Rescorla <ekr@rtfm.com>; wrote:

> well, that was really complete, but the link below is even more so!
>
>
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html

>
>
> On Thu, Nov 5, 2009 at 12:57 PM, Eric Rescorla <ekr@rtfm.com>; wrote:
> > FWIW, here's my more complete analysis.
> >
> > -Ekr

IMHO The proposed fix looks to be also introducing the concept of
Retrospective Trust into TLS.  This being necessary due to the problem
highlighted in the HTTP protocol in that it will process messages that
arrived prior to authentication etc.  However, IMHO I would guess that once
TLS is perhaps protected, then the attacker will simply attack at some
other level as the HTTP/Web Application is still vulnerable. IMHO these
other attacks might be easier to do and perhaps at the same time harder to
detect.  My view is that implying Retrospective Trust in TLS will lure
application developers into incorrectly thinking they are now (or are
still) safe and continue the IMHO dangerous practice of Retrospective
Trust.  IMHO I would question why allowing the concept of Retrospective
Trust into TLS is not inherently dangerous.

Mick Gray

P.S. - The opinions above are my own, and not necessarily those of my
employer.

> >
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls