Re: [TLS] draft-rescorla-tls-renegotiate.txt

To: "tls at ietf.org" <tls at ietf.org>
Subject: Re: [TLS] draft-rescorla-tls-renegotiate.txt
From: Marsh Ray <marsh at extendedsubset.com>
Date: Fri, 06 Nov 2009 17:41:23 -0600
Delivered-to: tls at core3.amsl.com
In-reply-to: <4AF4A091.3070609 at pobox.com>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Openpgp: id=1E36DBF2
References: <200911061959.nA6JxnnB001831 at fs4113.wdf.sap.corp> <4AF497C5.5060801 at REDHAT.COM> <4AF4A091.3070609 at pobox.com>
User-agent: Thunderbird 2.0.0.23 (Windows/20090812)

Michael D'Errico wrote:
> 
> A server can still negotiate an SSLv3 connection as it does today.
> It just can't re-negotiate that connection later.

But on the server question:

There is a large, but unknown, group of sites that really depend on
being able to serve different requirements for client certs from the
same IP.

For example, one development tool widely used in the industry is MS
Visual Studio 2005. It provides a nice IDE for developing web apps
(among other things). It has wizards all over the place. One will
generate a "web service" project, another will make an installer for it.
This WS architecture frequently uses client cert authentication and IIS
provides features to map client certs to OS user accounts. There are
other client auth schemes in use, too, pretty much anything supported by
HTTP. Server certs are expensive (or require approval to obtain) so I
suspect it's very common to serve web service projects requiring client
cert auth from the same hostname and IP as a web site that does not.

Just making an argument for how important per-request renegotiation is
in some deployments.

My guess is that any patch introducing an (SSLv3 xor renegotiation)
requirement is likely to cause a bit of headache. Consider the
possibility that a developer has an app that he tests and works fine on
his machine. But once he installs his app on the production server, all
the sudden some mysterious subset of clients (those using SSLv3) will
stop being able to connect to some different service which shares the
same IP address. Trial-and-error troubleshooting causes puts the blame
on the developer.

We should consider the possibility that it could introduce more (and
more confusing) incompatibilities than just deprecating SSLv3 outright.

> This is true for
> all TLS versions as well; you can still allow unpatched clients to
> connect, just not renegotiate.

I strongly suspect it also applies to many SSLv3 clients.

- Marsh

Follow-Ups:
- [TLS] Simple way to drop re-negotiation in HTTP (Re: draft-rescorla-tls-renegotiate.txt)
  - From: Nicolas Williams

References:
- Re: [TLS] draft-rescorla-tls-renegotiate.txt
  - From: Martin Rex
- Re: [TLS] draft-rescorla-tls-renegotiate.txt
  - From: Robert Relyea
- Re: [TLS] draft-rescorla-tls-renegotiate.txt
  - From: Michael D'Errico

Prev by Date: [TLS] To API or not (Re: TLS renegotiation issue)
Next by Date: Re: [TLS] draft-rescorla-tls-renegotiate.txt
Previous by thread: Re: [TLS] draft-rescorla-tls-renegotiate.txt
Next by thread: [TLS] Simple way to drop re-negotiation in HTTP (Re: draft-rescorla-tls-renegotiate.txt)
Index(es):
- Date
- Thread

Re: [TLS] draft-rescorla-tls-renegotiate.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.