IETF Logo Mail Archive

Re: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv

Geoffrey Keating <geoffk@geoffk.org> Fri, 24 January 2014 23:15 UTC

Return-Path: <geoffk@geoffk.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5E971A0207 for <tls@ietfa.amsl.com>; Fri, 24 Jan 2014 15:15:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.003
X-Spam-Level:
X-Spam-Status: No, score=-0.003 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ALp7hdHL4u2X for <tls@ietfa.amsl.com>; Fri, 24 Jan 2014 15:15:00 -0800 (PST)
Received: from dragaera.releasedominatrix.com (dragaera.releasedominatrix.com [216.129.105.14]) by ietfa.amsl.com (Postfix) with ESMTP id D44571A01F0 for <tls@ietf.org>; Fri, 24 Jan 2014 15:15:00 -0800 (PST)
Received: by dragaera.releasedominatrix.com (Postfix, from userid 501) id 8865733CF89; Fri, 24 Jan 2014 23:14:59 +0000 (UTC)
Sender: geoffk@localhost.localdomain
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
References: <20140124210534.C77871ABCA@ld9781.wdf.sap.corp> <52E2DA85.4010705@fifthhorseman.net>
From: Geoffrey Keating <geoffk@geoffk.org>
Date: Fri, 24 Jan 2014 15:14:59 -0800
In-Reply-To: <52E2DA85.4010705@fifthhorseman.net>
Message-ID: <m2ha8tynt8.fsf@localhost.localdomain>
Lines: 12
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.4
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Call for acceptance of draft-moeller-tls-downgrade-scsv
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jan 2014 23:15:09 -0000

Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:

> By transmitting this SCSV, the client is saying to the server "just so
> you know, i tried a better protocol, but it didn't work -- if you meant
> to accept better protocols, then someone is messing with us, please abort."

Another way to phrase this is that the client is saying "I think you
are an old buggy server.  If you think you are not an old buggy
server, please abort."

The implicit assumption is that there will not be new buggy servers.
I think that's the greatest weakness of this concept.

v2.23.0 | Report a Bug | By Email