[TLS] Justification for "Ugly Dirty Hack"

To: tls at ietf.org
Subject: [TLS] Justification for "Ugly Dirty Hack"
From: Michael D'Errico <mike-list at pobox.com>
Date: Thu, 19 Nov 2009 09:08:26 -0800
Delivered-to: tls at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=iDd6lCLaNj/4 RPK9TCDpJf8dPTI=; b=Fbt9s5psDUKSXBqo8EM86F+vZE3aJB6oHLufHHt7mpHW NvzgJBP/8JKFemTj/JvvWV0ZsxC5eE6XgZwL8GhkiYFDn237MjVJM3Ec8yIjMd9b lL64mZOTZ1jaUBCmOBYTY0MJlhUArBsokMaeAZXRj4xOIp1lnRvMUz2oSCV/ajw=
Domainkey-signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=ZvjK0L l7p11ZHlTNWWhIuFKyXmZNjhPZ/9vY9aRxzPQoG+QVXUE7b0l3t1pw0dehxhbict B6W3nDajY3feAifhqCUrWAyUEa6Yc5CMamE5Q5Iy0yVbq7nU0aMwzFi92mdB+w1l TVgllKqmgks7/AK4mLMgwMjl4iaUnbotF5rEs=
In-reply-to: <4B04F92A.8050903 at extendedsubset.com>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <C72AB6FD.670D%stefan at aaa-sec.com> <4B04F92A.8050903 at extendedsubset.com>
User-agent: Thunderbird 2.0.0.23 (Macintosh/20090812)

Marsh Ray wrote:

Stefan Santesson wrote:

What I don't understand is the rationale for providing two solutions, when
one solution could work for all cases.


TLS can support a nice, clean, efficient solution going forward.

SSLv3 needs an ugly dirty hack, no way around it.


This appears to be the opposition to a solution that does not use
extensions.  That it is an "ugly dirty hack."  Here is how I think
about it:

We are in fact creating new versions of the protocol.  But not in
the sense that the existing version numbering scheme requires, i.e.
a strict linear progression from one version to the next.

We currently have 4 versions: SSLv3, TLS1.0, TLS1.1, TLS1.2.

We are in a sense creating 4 new parallel versions: SSLv3p, TLS1.0p,
TLS1.1p, and TLS1.2p (p meaning patched).

These four new versions sort of interleave into the list we already
have, thus we can't do what would normally be done to select which
version the client wants.  The extension-less approach Martin is
writing up has the client include a "magic" cipher suite in its
hello message to let the server know it is patched and can therefore
negotiate one of the new "p" versions.

If the server is unpatched, it will ignore the magic cipher suite
and continue as normal.  But if it is patched, then there needs to
be an unambiguous way to signal that it has selected a "p" version.
Using the server version in the ServerHello is a natural place to
put that.

My suggestion is to set the upper bit of the minor version field.
This provides a clear and unmistakable signal to the client, and is
completely contained within the 0x03 major version number space.  Is
it a "hack", yeah, but it's entirely reasonable.

Repurposing the Certificate message seems like WAYYYY more of a hack
than this!

This is also entirely forward-compatible.  The next published version
of TLS would be "TLS 4.0" {0x04,0x00}, which is greater than any of
the existing versions and also the "p" versions if the minor version
signals them.

Mike

Follow-Ups:
- [TLS] Protocol version bit to use, was Justification for "Ugly Dirty Hack"
  - From: Bill Frantz
- Re: [TLS] Justification for "Ugly Dirty Hack"
  - From: Stefan Santesson

References:
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Stefan Santesson
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Marsh Ray

Prev by Date: Re: [TLS] Proposal for hybrid solution using most of the ideas
Next by Date: Re: [TLS] Proposal for hybrid solution using most of the ideas
Previous by thread: Re: [TLS] Proposal for hybrid solution using most of the ideas
Next by thread: Re: [TLS] Justification for "Ugly Dirty Hack"
Index(es):
- Date
- Thread

[TLS] Justification for "Ugly Dirty Hack"

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.