ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [TLS] Metadiscussion on changes in draft-ietf-tls-renegotiation

2010-02-01 10:13:58
from [Steve Checkoway] [Permanent Link] 

On Jan 29, 2010, at 3:54 PM, Stefan Santesson wrote:


The key is though that being liberal is only an option when this does not
hurt security, and that is a tricky balance act.


I'm not sure why you say that. Marsh's example of HTML shows interop issues 
that came from being liberal that had nothing to do with security. Allowing 
SCSV + RI doesn't hurt security, but that's not an argument for allowing it.


I totally agree in principle. However, if a renegotiating client sends a
full RI extension with valid data AND the client also sends SCSV, then what
security problem is introduced by allowing the renegotiation (i.e. Not
aborting)


None.


Hence, the "MUST abort" requirement seems like an unmotivated restriction.
I'm not saying that we have to change the current draft, I'm just curious to
understand the real benefits of this requirement.


I'm not convinced that there is a real benefit one way or the other. People 
have been disagreeing about which is better, but none of the arguments on 
either side have been very convincing.





So This "MUST NOT" requirement will likely be
ignored by some implementations.


They should expect the market to hold them accountable if problems result.

The implementers on this list have indicated they could produce
interoperable implementations of this spec. And they appear to have
proven it by demonstrating implementations which actually interoperate.



Again, based on what I have seen, I would not be surprised.
I don't think being accountable to the market is a very strong threat if a
safe adjustment to a more liberal processing helps customers to avoid
interop problems while maintaining the security of the protocol.


It seems rather unlikely that disallowing SCSV + RI is going to cause interop 
problems. An implementor who hasn't bothered to read the 1700+ emails about 
this is going to determine pretty quickly that SCSV + RI is not in spec during 
normal testing if the MUST NOT was overlooked in the spec.

Given that there are no security concerns and the interop concerns seem pretty 
minor at best, it makes sense to me to publish and get the fix out sooner 
rather than spending another month arguing about something, that in the end, 
doesn't change the security guarantees of TLS.

-- 
Steve Checkoway




_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [TLS] Metadiscussion on changes in draft-ietf-tls-renegotiation, Marsh Ray
Next by Date:  Re: [TLS] Metadiscussion on changes in draft-ietf-tls-renegotiation, Martin Rex
Previous by Thread:  Re: [TLS] Metadiscussion on changes in draft-ietf-tls-renegotiation, Martin Rex
Next by Thread:  Gen-ART LC/TC Review of draft-ietf-ccamp-pc-spc-rsvpte-ext-06, Ben Campbell
Indexes:  [Date] [Thread] [Top] [All Lists]