Re: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv

"Yngve N. Pettersen" <> Sun, 09 February 2014 16:41 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 60E371A0184 for <>; Sun, 9 Feb 2014 08:41:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id KfdZeXl7bCxm for <>; Sun, 9 Feb 2014 08:41:04 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id B2A661A0144 for <>; Sun, 9 Feb 2014 08:41:03 -0800 (PST)
Received: from ([]:65470 helo=killashandra.invalid.invalid) by with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <>) id 1WCXRG-0006fN-FP; Sun, 09 Feb 2014 17:41:02 +0100
Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes
To: "Bodo Moeller" <>
References: <> <op.xabk33wdhf8200@lessa.lan> <>
Date: Sun, 09 Feb 2014 17:40:53 +0100
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: "Yngve N. Pettersen" <>
Message-ID: <op.xa0wmfsg3dfyax@killashandra.invalid.invalid>
In-Reply-To: <>
User-Agent: Opera Mail/12.16 (Win32)
Cc: "" <>
Subject: Re: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 09 Feb 2014 16:41:07 -0000


Sorry about the delay, I did not have the data available until this week,  
due to hardware problems.

On Mon, 27 Jan 2014 12:03:29 +0100, Bodo Moeller <> wrote:

>> 2) The use of this SCSV require both client and server to be updated to
>> understand the SCSV. The deployment of such a fix is going to take a
>> minimum of 5-10 years (The renego patch, fixing a major security
>> vulnerability, have only recently passed 80%, more than 3 years after it
>> was released). I would prefer a solution that only require one party,  
>> the
>> client, to be updated.
> Your 5-10 year estimate is for wide deployment.  Narrower deployment can
> happen much quicker: once you update your client, you get the expected
> protection for all connections to those servers that have been updated.
>  Even if that's just 1% of *all* servers, that 1% might include those
> servers you care about most.  A percentage of servers isn't a very useful
> metric (and even a percentage of appropriately specified "sessions"
> couldn't do justice to the fact that security will be much more important
> for some of these than for others).

This depends on whether they are on your list of most important sites.

Taking the renego deployment as an example, at present, 4 years after  
publication of RFC 5746, 16.7% of the 526000 servers I sampled yesterday  
are not patched (54.7% vulnerable). In the Alexa top million segment the  
unpatched rate was 17.97% (51% vulnerable), in the top 1% (10K) the  
unpatched rate is 25.7% (44% vulnerable). For reference, a year after the  
publication of RFC 5746 52% of (327K) servers were unpatched, 67.7% of  
Alexa top 10K and 77% of top 100 weren't.

Based on the current patch rate, 7.3% per year, we are looking at at least  
another 2.5 years before all servers are patched. That is 6.5 years after  
release of the RFC, for what can be considered a critical patch.

I doubt this SCSV will be considered a critical patch, so it will be most  
likely be considered something that is added to the newest versions of  
servers, probably versions that is rolled out a year or (more likely) two  
years after publication of the RFC, and not backported as patches to older  
versions. Adoption rate will probably be more like the phasing out of SSL  
v3-only servers (currently 0.88% of servers (0.97% 3 years ago), 1.04% of  
Alexa top million, 1.4% of Aleaxa top 10K, although none in Alexa top  
100), which have been going on for 15 years now, and if we just  
extrapolate based on the reduction rate and assume client vendors don't  
put any pressure on sites, it will probably take another 30 years to  
complete the phaseout.

Assuming that the Alexa list is a fair representation of which sites are  
important to most users, this does not exactly fill me with confidence  
that the posited 1% SCSV patched sites will include the ones a security  
minded user will consider important.

As for how many servers are intolerant (of SSL v3-only servers in  
parenthesis) [of Renego patched in square brackets, all servers]:

  Version intolerance TLS 1.0-TLS 1.2 : 0.7% (4.9%)[0.20%]
  Version intolerance TLS 1.3+ : 2.6% (5.4%)[1.18%]
  Extension intolerance TLS 1.0-TLS 1.2: 0.98% (19.7%)[0.29%]
  Extension or version intolerance TLS 1.0-TLS 1.2: 1.07% (19.8%)[0.41%]

  Renego patched SSL v3-only: 42%

For further reference, below is a sample of the top domains that have  
servers that are NOT patched for the renego issue as of yesterday. Keep in  
mind that my sample list includes many servers that are not the main front  
line servers; they may, for example, have patched "www", "login" and other  
frontline servers, but not other servers that the user may encounter in  
their perusal of the site, and which may handle important aspects of their  
transactions. + national domains + national domains + national domains

Yngve N. Pettersen

Using Opera's mail client: