Re: [TLS] TLS 1.2 Long-term Support Profile draft posted

Eric Rescorla <ekr@rtfm.com> Sun, 20 March 2016 17:02 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1620912D590 for <tls@ietfa.amsl.com>; Sun, 20 Mar 2016 10:02:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hgHVjkqjmdDV for <tls@ietfa.amsl.com>; Sun, 20 Mar 2016 10:02:23 -0700 (PDT)
Received: from mail-yw0-x233.google.com (mail-yw0-x233.google.com [IPv6:2607:f8b0:4002:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E168D12D508 for <tls@ietf.org>; Sun, 20 Mar 2016 10:02:22 -0700 (PDT)
Received: by mail-yw0-x233.google.com with SMTP id g3so192564658ywa.3 for <tls@ietf.org>; Sun, 20 Mar 2016 10:02:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=PTM8mkdumBEav+OOIR53c3nbXPKKP3m0qleOnirSlug=; b=hk+Ymd9uAsgetFZPVu0UVCOd7fdozAQDimsuefiCmw3e6/Z8ywcsvrd0wfTI8sJ3cx qyJTXbpQpMwWNH3tXzL6YwHSNBgSsROFiR2GoSNTwBSyF9kEAl38QOJ3EvkPa4Y+dR/t 7ir9Wyj0oKvdk91B9zIWUrxUgEEJx3FqlGSNCiGf69znriHSAySX93pFWWcBD+Ow2wSb oi/Xkop8vXoLi8DEcRhYU8vINwO00F2jNi4j4rNGj4aUoLwbofOAHOLYqpcQB7zJeuIk 6FaacH4GKFPe/cOlMgactlYKgx3Hta++L1UNnkR/+7lACp2YXMpwnMLdwDpghIWAmrTx MzTA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=PTM8mkdumBEav+OOIR53c3nbXPKKP3m0qleOnirSlug=; b=Gn6xSP+MttIStNDMbJKKTy80pHDfNXJbbPxtrpQ0WNeO18nqyqhMy1Cx2c20YsnVMk 8rgmxT06JmRYCfaxSLnTYWipm0RRpCzgluAqeu0QhclRMpBSA95OMsV9KarDmc0md29S /t2Z1PtEx68KFSD/RmhyG510FvmwAwDPBvXoAurZG2/5WawhH0Z3RHQhsFm9fQlzI3Ym 1vmwH6TJbqoqAD+bc3F1mPfaXhzW6fpB0XbXzFn3GvWc9Gb63/n08mdmdnKRxiA0UpzJ fklCbZSNP5QL/+1U0E/7PussXAZLx3XQ6dOX2K09m2j3ng1f/tB9JQVaa+/61G4aj+/+ xDJQ==
X-Gm-Message-State: AD7BkJJW+2JQz9nBqrddjwxkCvsStbCDQjfH2BYoagwnfddsAIVVhT0+Id11MFt1juWmHcU2EKsZK5VaQiJLTg==
X-Received: by 10.37.231.146 with SMTP id e140mr10368389ybh.57.1458493341979; Sun, 20 Mar 2016 10:02:21 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.249.5 with HTTP; Sun, 20 Mar 2016 10:01:42 -0700 (PDT)
In-Reply-To: <20160320110945.GA30544@LK-Perkele-V2.elisa-laajakaista.fi>
References: <9A043F3CF02CD34C8E74AC1594475C73F4C2374E@uxcn10-tdc05.UoA.auckland.ac.nz> <201603191930.35445.davemgarrett@gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4C27783@uxcn10-tdc05.UoA.auckland.ac.nz> <20160320110945.GA30544@LK-Perkele-V2.elisa-laajakaista.fi>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 20 Mar 2016 10:01:42 -0700
Message-ID: <CABcZeBMWQ40Vy79S7zQH1PLrQjrCUmie839bLRmJ_HNNiPHu1w@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Content-Type: multipart/alternative; boundary=94eb2c0b12e88ec3db052e7df1a6
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/zIP6ce63jedZPL2Jyr-zYI8JVbk>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS 1.2 Long-term Support Profile draft posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Mar 2016 17:02:24 -0000

On Sun, Mar 20, 2016 at 4:09 AM, Ilari Liusvaara <ilariliusvaara@welho.com>;
wrote:
>
> [1] TLS 1.3 doesn't completely fix this: Even if TLS 1.3 itself has
> negotiated DHE parameter sizes, there is nothing preventing down-
> negotiation to TLS 1.2, followed by server dumping some bad para-
> meter sizes (forcing client to either break connection or being vuln-
> erable to downgrade attacks).
>

The ServerRandom anti-downgrade mechanism should prevent this downgrade
from 1.3 to 1.2 even in this setting.

-Ekr