IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00

Nikos Mavrogiannopoulos <nmav@redhat.com> Mon, 20 October 2014 12:21 UTC

Return-Path: <nmav@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA3C51A86F8 for <tls@ietfa.amsl.com>; Mon, 20 Oct 2014 05:21:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.912
X-Spam-Level:
X-Spam-Status: No, score=-6.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F-4Ot_O9fT2k for <tls@ietfa.amsl.com>; Mon, 20 Oct 2014 05:21:42 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7A651A86DD for <tls@ietf.org>; Mon, 20 Oct 2014 05:21:42 -0700 (PDT)
Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s9KCLfEF004618 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 20 Oct 2014 08:21:41 -0400
Received: from [10.34.2.127] (dhcp-2-127.brq.redhat.com [10.34.2.127]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s9KCLdL9011522 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Mon, 20 Oct 2014 08:21:40 -0400
Message-ID: <1413807699.2597.14.camel@dhcp-2-127.brq.redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Bodo Moeller <bmoeller@acm.org>
Date: Mon, 20 Oct 2014 14:21:39 +0200
In-Reply-To: <CADMpkcJZ_rm5U+vKoUdX03Jbotbf4zeJoVU=KB3CSJg=tX05fQ@mail.gmail.com>
References: <2112FCAD-4820-49D9-9871-6501C83A554D@cisco.com> <5438CFEA.7000401@brainhub.org> <543E9435.8000905@redhat.com> <2A0EFB9C05D0164E98F19BB0AF3708C71D39ECE9C9@USMBX1.msg.corp.akamai.com> <543E9C9F.5050104@redhat.com> <2A0EFB9C05D0164E98F19BB0AF3708C71D39ECE9D5@USMBX1.msg.corp.akamai.com> <543E9FFA.5030102@redhat.com> <CADMpkcLnOh3HGD+urWuo6fPfkX4WfGhwckE0jg5jS2KqD2RuMQ@mail.gmail.com> <CABkgnnWuCwOGBXG2RdetwPFn4KtVPygSBWG5qkme1mvNst6n+A@mail.gmail.com> <543F9893.806@redhat.com> <543FA0A0.1030205@polarssl.org> <543FCAED.50502@redhat.com> <543FCC90.7020408@polarssl.org> <1413468247.17221.8.camel@dhcp-2-127.brq.redhat.com> <CADMpkcLf+p5J600gueqzKec4nKuo78Xrr-auW+fyapuqM13Z4w@mail.gmail.com> <1413805668.2597.10.camel@dhcp-2-127.brq.redhat.com> <CADMpkcJZ_rm5U+vKoUdX03Jbotbf4zeJoVU=KB3CSJg=tX05fQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/y71Ulg0WcTa15zfNHRMlqSb8xRM
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Oct 2014 12:21:45 -0000

On Mon, 2014-10-20 at 14:13 +0200, Bodo Moeller wrote:
> Nikos Mavrogiannopoulos <nmav@redhat.com>:
> 
>         Indeed, there is an arguments to keep that mechanism, as there
>         are still
>         some TLS 1.3 intolerant servers. But instead of prolonging the
>         life of
>         such an insecure mechanism wouldn't it make sense to fix those
>         broken
>         servers instead; e.g., by peer pressure by documenting the
>         implementations that are not TLS 1.3-ready in [0]?

> It certainly makes sense to fix those broken servers. I disagree with
> fixing them *instead* of deploying TLS_FALLBACK_SCSV; I think that's a
> false dichotomy. If you are willing to stop fallback retries in the
> client products that Red Hat distributes right now, great (do you?),
> but clearly not everyone is willing to take that step at this time.
> Until it has happened, clients already can benefit from
> TLS_FALLBACK_SCSV.

I disagree. It is a correct dichotomy :) If the servers are fixed, there
is no use for the fallback SCSV, as clients would not need to perform
the insecure fallback.

As of the argument that clients would be protected from the SCSV, that
only works if both the clients _and_ the servers are updated to support
the fallback SCSV. Why is that step necessary, if we can instead fix the
clients and the servers to properly negotiate TLS?

regards,
Nikos

v2.23.0 | Report a Bug | By Email