IETF Logo Mail Archive

Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard

Jeffrey Walton <noloader@gmail.com> Thu, 22 January 2015 10:30 UTC

Return-Path: <noloader@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6362B1A9108 for <tls@ietfa.amsl.com>; Thu, 22 Jan 2015 02:30:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jAY6jSFOmwLx for <tls@ietfa.amsl.com>; Thu, 22 Jan 2015 02:30:13 -0800 (PST)
Received: from mail-ie0-x22c.google.com (mail-ie0-x22c.google.com [IPv6:2607:f8b0:4001:c03::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A65811A907F for <tls@ietf.org>; Thu, 22 Jan 2015 02:30:13 -0800 (PST)
Received: by mail-ie0-f172.google.com with SMTP id rd18so631515iec.3 for <tls@ietf.org>; Thu, 22 Jan 2015 02:30:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=5CzWA0BskCehV+YR/0LeDAvFDKPQToB9yhnEE8XbGIo=; b=hiUB35GX6qSQMi29TTicfRiaflFadJm0YRY6CAxaVKk/nY/tpK0jZsV3KuCN7YTIU4 LhriooqDpfgm06NSGQcwtQ4aEVS9s0XcuDLl5N7Df0JPLV1qoacQVkVTenCXvUdvEaRY Wn5gwwQtg2NLqgGheCpiQ8pSpRbLSeHHTTVYCRUDLg8stLAsPPXAD34xTDgwYz20OTzW Vg3Jrg8mBy5cngPc9p5G36JwUkErQKvFHe6BntL6wxMvg1XQ2mvucl0e++ZeTv/AiR+4 Z5yv0Iuj/vlFLEvfvfgp2/TtItQRT7OIgUWIY08lYXkSEHDFVgw/InYsiXIvIwaU2oIQ QN3g==
MIME-Version: 1.0
X-Received: by 10.42.76.135 with SMTP id e7mr1980379ick.46.1421922612820; Thu, 22 Jan 2015 02:30:12 -0800 (PST)
Received: by 10.36.20.15 with HTTP; Thu, 22 Jan 2015 02:30:12 -0800 (PST)
In-Reply-To: <1421919642.2723.63.camel@redhat.com>
References: <40128f312378442fbd26459bf5d7593b@usma1ex-dag1mb2.msg.corp.akamai.com> <20150119192701.190C71B0FF@ld9781.wdf.sap.corp> <CAFewVt6LRafnJN_L=xVeiAxNcpSB+8vPYzquPfjXsduudyj+QQ@mail.gmail.com> <BAY180-W688DE2930CB7F231E60989FF480@phx.gbl> <04690E05-4905-4941-A60D-7BC5CDC93431@gmail.com> <BAY180-W1849690A1D8C42F1063DDBFF480@phx.gbl> <39B8BC24-D539-456F-970B-B11665B0E892@gmail.com> <54C0B783.2060604@metaparadigm.com> <1421919642.2723.63.camel@redhat.com>
Date: Thu, 22 Jan 2015 05:30:12 -0500
Message-ID: <CAH8yC8=GCDN4maytqHDFjAcc9AHYmpNv--EMLzw9Noyq7AAqAg@mail.gmail.com>
From: Jeffrey Walton <noloader@gmail.com>
To: Nikos Mavrogiannopoulos <nmav@redhat.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/xPA7vIxPb87StfbGfWOwEIhCZp0>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: noloader@gmail.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jan 2015 10:30:15 -0000

On Thu, Jan 22, 2015 at 4:40 AM, Nikos Mavrogiannopoulos
<nmav@redhat.com> wrote:
> ...
>
> 2. Using it as an indicator of the client's minimum version is wrong as
> this field is not protected by the handshake hashes, so it shouldn't
> affect any of the decisions taken as part of the handshake.
If its not protected, then its wrong - period. It lacks semantic
authentication. If its not going to be protected, then it should not
be used. Since it should not be used, it should be removed altogether.

Wagner and Schenier told us that back in the 1990s.
https://www.schneier.com/paper-ssl.html.

v2.23.0 | Report a Bug | By Email