ietf
[Top] [All Lists]

Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard

2015-01-12 09:06:03
On Sun, 2015-01-11 at 00:48 +0000, Stephen Farrell wrote:
Hi Nikos,
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2015-01-23. Exceptionally, 
comments may be
sent to iesg(_at_)ietf(_dot_)org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.
   This document defines a Signaling Cipher Suite Value (SCSV) that
   prevents protocol downgrade attacks on the Transport Layer Security
   (TLS) protocol.  It updates RFC 2246, RFC 4346, and RFC 5246.
The "TLS Fallback Signaling Cipher Suite" fix cannot be a proposed 
standard. 
The mechanism it fixes (the browser's special downgrade of TLS) is not an 
IETF
protocol, nor related to the TLS WG. Making this a proposed standard, would 
imply that the flawed technique is into standards track. 
I don't believe that that last conclusion follows. AFIAK there is
nothing to prevent the IETF standardising a fix for someone else's
or even our own past mistakes(*) even when those mistakes are not
on the standards track. And if in fact stardardising the "fix"
improves the Internet, then we should do that as the set of folks
responsible for this technology. (If doing so has IETF consensus.)

It's not up to me to say whether there was consensus for this draft or
not. I voiced my opinion against that draft. However, if you think that
this has to be on standards track, please provide at least some
argumentation for it. 

As far as I understand, this fix exists because Microsoft, Google and
Mozilla cannot coordinate and drop their insecure negotiation of TLS.

regards,
Nikos


<Prev in Thread] Current Thread [Next in Thread>