Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallbac

On Jan 16, 2015 12:14 PM, "Andrei Popov" 
<Andrei(_dot_)Popov(_at_)microsoft(_dot_)com> wrote:

This does not mean that every browser will do it.


True, but if FF is able to stick with this, and roll it out into

production, that's a strong indication that other browsers may be able to
do the same. And, of course, this eliminates the fallback problem at the
root.


One remaining issue, however, is reported high rates of TLS 1.3 version

intolerance.

Why are we insisting on increasing on the wire version numbers for TLS 1.3,
instead of using the extension mechanism, even though we know this will
cause adoption problems?

Sincerely,
Watson Ladd


Cheers,

Andrei

-----Original Message-----
From: TLS [mailto:tls-bounces(_at_)ietf(_dot_)org] On Behalf Of Yuhong Bao
Sent: Friday, January 16, 2015 12:05 PM
To: Hanno Böck; tls(_at_)ietf(_dot_)org
Cc: ietf(_at_)ietf(_dot_)org
Subject: Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS

Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol
Downgrade Attacks) to Proposed Standard


This does not mean that every browser will do it.

----------------------------------------
Date: Fri, 16 Jan 2015 21:03:27 +0100
From: hanno(_at_)hboeck(_dot_)de
To: tls(_at_)ietf(_dot_)org
CC: ietf(_at_)ietf(_dot_)org
Subject: Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS

Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol
Downgrade Attacks) to Proposed Standard



Recently Mozilla has disabled the now so-called protocol dance, which

makes adding another workaround (SCSV) pretty much obsolete:

https://bugzilla.mozilla.org/show_bug.cgi?id=1084025#c7

And a few days ago mozilla dev Brian Smith tweetet this:
"Fx experiment to disable non-secure TLS version fallback is going even

better than expected. Starting to feel silly for delaying it so long."

https://twitter.com/BRIAN_____/status/555138042428526593

I think this adds further evidence that adding another workaround layer
(SCSV) is the wrong thing to do. Instead browsers should just stop doing

weird things with protocols that compromise security and drop the protocol
dance completely.


(By the way: Has anyone thought what happens when people implement TLS

hardware that is version intolerant to versions> 1.2 and at the same time
send SCSV in the handshake? I'm pretty sure that at some point some
hardware will appear that does exactly that. Will we need another SCSV
standard for every TLS version then?)


--
Hanno Böck
http://hboeck.de/

mail/jabber: hanno(_at_)hboeck(_dot_)de
GPG: BBB51E42

_______________________________________________
TLS mailing list
TLS(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/tls

_______________________________________________
TLS mailing list
TLS(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/tls

_______________________________________________
TLS mailing list
TLS(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/tls

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard, Jeffrey Walton

Next by Date:

RE: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard, Yuhong Bao

Previous by Thread:

RE: [TLS] Last Call: <draft-ietf-tls-downgrade-scsv-03.txt> (TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks) to Proposed Standard, Andrei Popov

Next by Thread:

Last Call: <draft-pechanec-pkcs11uri-16.txt> (The PKCS#11 URI Scheme) to Proposed Standard: new draft 18, Jan Pechanec

Indexes:

[Date] [Thread] [Top] [All Lists]