IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00

Bodo Moeller <bmoeller@acm.org> Wed, 15 October 2014 13:00 UTC

Return-Path: <SRS0=qaHA=7G=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A63A91A1B7B for <tls@ietfa.amsl.com>; Wed, 15 Oct 2014 06:00:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.261
X-Spam-Level: ***
X-Spam-Status: No, score=3.261 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, MANGLED_BACK=2.3, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FxU3Ux1GfTbj for <tls@ietfa.amsl.com>; Wed, 15 Oct 2014 06:00:05 -0700 (PDT)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.130]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F4F51A1B23 for <tls@ietf.org>; Wed, 15 Oct 2014 06:00:05 -0700 (PDT)
Received: from mail-yh0-f48.google.com (mail-yh0-f48.google.com [209.85.213.48]) by mrelayeu.kundenserver.de (node=mreue005) with ESMTP (Nemesis) id 0MFOmu-1XQ4JS3NWm-00ENBc; Wed, 15 Oct 2014 15:00:03 +0200
Received: by mail-yh0-f48.google.com with SMTP id v1so535432yhn.35 for <tls@ietf.org>; Wed, 15 Oct 2014 05:59:59 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.236.203.130 with SMTP id f2mr13833753yho.91.1413377999494; Wed, 15 Oct 2014 05:59:59 -0700 (PDT)
Received: by 10.170.194.15 with HTTP; Wed, 15 Oct 2014 05:59:59 -0700 (PDT)
In-Reply-To: <20141015140158.41a1faf8@pc.my-domain>
References: <2112FCAD-4820-49D9-9871-6501C83A554D@cisco.com> <543E2D81.1050700@redhat.com> <7F8CB03B-6882-41E7-9705-7126A8F2F44D@gmail.com> <CADMpkcJLrQEtiUGi9B7ZS5402cXTBvvThL9-YwUUhncaXQaVsA@mail.gmail.com> <20141015140158.41a1faf8@pc.my-domain>
Date: Wed, 15 Oct 2014 14:59:59 +0200
Message-ID: <CADMpkc+P-yRDndj0JK_8tctCHHoL26uBsyX5XRaZa-GPR_aZJQ@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a11c2b57497e969050575b5fd"
X-Provags-ID: V02:K0:NkwhLpGcIltCNLEXd8tXncdhcdha0DdC22rGSs7B5Uq Nmn6URwm1Jia+3BVuQrpSHAYidz/Q/fhye7SLFQ6jehySQ3ziM gXz1Db/a73bKllYjkJ+jY9VP995hLPC1duFa2zqoYfiKokc1V0 GXxBH7tSqIwMZflZTX2i999PHXPqXVK1YMczmxC+3iHFhe0wm8 UBfkNkoJJeI2sxTH17Dce9fK3ET0zN0QflUMkwwjQR/ELD9+bF 4IgAID1RDeazhgR4sKHgpJehha/ykIS2wrFXyN/v4ameIxV3B1 m9Yg231U33LYPRRcCIJQtqwZUJBGR3ftOe065mtfaWnfpuvDTt KimUqapSOTdpLjVxdb91o/Z6WamN97uOA9BzM7L2r9VZiTPTvw Qeu2E19xtHIri+3AgSLh3XqGM7PwV9ri/wmL4qUPsm13KNYQsE yQSCT
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/yKSBqegcBdIO1bfJldc9RuSQRo4
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-downgrade-scsv-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Oct 2014 13:00:07 -0000

Hanno Böck <hanno@hboeck.de>:

Can you quantify that tradeoff? How many devices are there really out
> there that would break? I'd like to have this discussions with
> hard numbers.
>

Finding hard numbers is, well, hard. In general, you find out the whole
picture about what you've broken only after you've broken it.

That doesn't mean that people aren't trying to get good estimates (Ivan
Ristic has done some data collection -- I've include some of his results in
slide 2 of http://www.ietf.org/proceedings/90/slides/slides-90-tls-0.pdf).
However, this doesn't cover other use cases such as an old printer on your
LAN with an SSL 3.0 admin interface.


One solution (keeping downgrade-workarounds and add SCSV):
>
[...]

> Other solution (remove downgrade-workarounds):
>
[...]

> I think the argument is clearly in favor of the latter solution unless
> you have some very good counterarguments.
>

I don't agree with the premise of your reasoning, because these two
approaches are in fact not mutually exclusive. Yes, we should get rid of
downgrade workarounds (browser vendors have been struggling with this for
years). At the same time, the SCSV offers us a general and simple way to
avoid security vulnerabilities when we fail to achieve perfection in that
area.

Less importantly, you've also not considered the complete incentive (or
disincentive, aka "punishment") structure. Disabling the downgrade dance in
one browser could drive that browser's users to a different browser that
"just works" (because it still willingly downgrades itself), which wouldn't
help anyone. In any case, the downgrade dance always punishes broken sites
with bad latency.

Bodo

v2.23.0 | Report a Bug | By Email