Re: [TLS] Consensus Call for draft-ietf-tls-renegotiation-00.txt
Ben Laurie <benl@google.com> Mon, 30 November 2009 00:08 UTC
Return-Path: <benl@google.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3FA803A68C7 for <tls@core3.amsl.com>; Sun, 29 Nov 2009 16:08:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.977
X-Spam-Level:
X-Spam-Status: No, score=-105.977 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zBFovVXU+zsC for <tls@core3.amsl.com>; Sun, 29 Nov 2009 16:08:34 -0800 (PST)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.33.17]) by core3.amsl.com (Postfix) with ESMTP id D4D133A67A1 for <tls@ietf.org>; Sun, 29 Nov 2009 16:08:33 -0800 (PST)
Received: from wpaz33.hot.corp.google.com (wpaz33.hot.corp.google.com [172.24.198.97]) by smtp-out.google.com with ESMTP id nAU08PKN003960 for <tls@ietf.org>; Mon, 30 Nov 2009 00:08:25 GMT
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1259539706; bh=S3V0tW2QbyYZY5SPAaW3plLWi6w=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type:Content-Transfer-Encoding; b=dxVSH4iujfEEcr4tsvkilq8nw/8CwCXD7XgZ59OM8zYerhhAB4tjcoxi2ag8KKUgV yQEAkRRRyr/Bbucbf6DiA==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:in-reply-to:references:date:message-id:subject:from:to: cc:content-type:content-transfer-encoding:x-system-of-record; b=a7Dm+WzIBNydYt8Yg5npCaDbL2hRYHkDlgIU0qIDNpZtVyianehxyu12VpihFvqlO gW63Hlz8VEDqixanKQpXw==
Received: from yxe33 (yxe33.prod.google.com [10.190.2.33]) by wpaz33.hot.corp.google.com with ESMTP id nAU08LAh025265 for <tls@ietf.org>; Sun, 29 Nov 2009 16:08:22 -0800
Received: by yxe33 with SMTP id 33so2803599yxe.0 for <tls@ietf.org>; Sun, 29 Nov 2009 16:08:21 -0800 (PST)
MIME-Version: 1.0
Received: by 10.150.162.24 with SMTP id k24mr5997687ybe.98.1259539701667; Sun, 29 Nov 2009 16:08:21 -0800 (PST)
In-Reply-To: <C738601F.6C5D%stefan@aaa-sec.com>
References: <59FE2EFB-F8EC-489D-AFCE-3D3C29291ADF@apple.com> <C738601F.6C5D%stefan@aaa-sec.com>
Date: Sun, 29 Nov 2009 16:08:21 -0800
Message-ID: <1b587cab0911291608u2de654a4vf95dc9ff601dbdbb@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Stefan Santesson <stefan@aaa-sec.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-System-Of-Record: true
Cc: Geoffrey Keating <geoffk@apple.com>, tls@ietf.org
Subject: Re: [TLS] Consensus Call for draft-ietf-tls-renegotiation-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Nov 2009 00:08:35 -0000
In 4, this says "Servers MUST treat receipt of TLS_RENEGO_PROTECTION_REQUEST exactly as if the client had sent an empty "renegotiation_info" extension" - presumably not _exactly_ - the hash calculation is different, right? In 5, "TLS clients which support this draft MUST generate either the"renegotiation_info" extension or the TLS_RENEGO_PROTECTION_REQUEST cipher suite with every ClientHello" - because TLS_RENEGO_PROTECTION_REQUEST is equivalent to an empty extension it can only be used in the first ClientHello. 6.1, " However, it is expected that many TLS servers that do not support renegotiation (and thus are not vulnerable) will not support this extension either, so in general, such behavior would not work well." is pretty feeble - what do we suggest clients do in this case? Yeah, I've heard that some people don't want to change their implementations - so what? If they want to be nonconformant, that's their choice - we should not be encouraging that choice, though. 6.2 "In order to enable clients to probe, even servers which do not support renegotiation SHOULD implement the minimal version of the extension described in this document for initial handshakes, thus signalling that they have been upgraded." - SHOULD should be MUST. https://mail.google.com/mail/?zx=16yvh4iv244dd&shva=1#vftt_inbox/12513961f5f15eea On Sun, Nov 29, 2009 at 8:30 AM, Stefan Santesson <stefan@aaa-sec.com> wrote: > Geoffery, > > The current version of this draft is: > http://tools.ietf.org/html/draft-ietf-tls-renegotiation-01 > It does no longer have the sections you refer to. > > /Stefan > > > On 09-11-29 4:27 AM, "Geoffrey Keating" <geoffk@apple.com> wrote: > >> Apple supports this draft, with the following modification: >> >> The draft does not address the security issue for existing clients unless it >> requires that renegotiation occur only when the extension is present. I >> suggest strengthening the language in 4.2 to read >> >> To prevent such attacks, servers MUST NOT allow clients who do not offer the >> "renegotiation_info" extension to complete a renegotiation. If the client >> initiated the renegotiation the server SHOULD respond to such requests with a >> "no_renegotiation" alert [RFC 5246 requires this alert to be at the "warning" >> level.] If the server initiated the renegotiation the fatal >> "handshake_failure" alert is appropriate. >> >> and delete the sentence 'Servers SHOULD follow this behaviour'. >> >> With this modification, section 4.1.1 is redundant and may be deleted. It is >> also possible to delete section 4.3 as with this modification, if the client >> is convinced to drop the extension, either servers support the draft and will >> refuse to renegotiate without the extension and are still secure, or don't >> support the draft and will ignore the extension, and so would be insecure >> anyway. >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] Consensus Call for draft-ietf-tls-renegotia… Joseph Salowey (jsalowey)
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Nicolas Williams
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Martin Rex
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Robert Relyea
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Stefan Santesson
- [TLS] Another critical problem with RI Michael D'Errico
- Re: [TLS] Another critical problem with RI Michael D'Errico
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Robert Dugal
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Wan-Teh Chang
- Re: [TLS] Another critical problem with RI Martin Rex
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Martin Rex
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Nasko Oskov
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… David-Sarah Hopwood
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Martin Rex
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Michael D'Errico
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Stephen Farrell
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Florian Weimer
- Re: [TLS] Proposed change to draft-ietf-tls-reneg… Michael D'Errico
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Dr Stephen Henson
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Ben Laurie
- Re: [TLS] Another critical problem with RI Stefan Santesson
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Yoav Nir
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Nelson B Bolyard
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… peter.robinson
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Peter Gutmann
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Simon Josefsson
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Yngve Nysaeter Pettersen
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Pasi.Eronen
- Re: [TLS] Proposed change to draft-ietf-tls-reneg… Pasi.Eronen
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Stephen Farrell
- Re: [TLS] Proposed change to draft-ietf-tls-reneg… Michael D'Errico
- Re: [TLS] Proposed change to draft-ietf-tls-reneg… Martin Rex
- Re: [TLS] Proposed change to draft-ietf-tls-reneg… Stefan Santesson
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Stefan Santesson
- Re: [TLS] Proposed change to draft-ietf-tls-reneg… Martin Rex
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Peter Gutmann
- Re: [TLS] Proposed change to draft-ietf-tls-reneg… David-Sarah Hopwood
- Re: [TLS] Proposed change to draft-ietf-tls-reneg… Martin Rex
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Nikos Mavrogiannopoulos
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Bodo Moeller
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Geoffrey Keating
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Stefan Santesson
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Ben Laurie
- Re: [TLS] Consensus Call for draft-ietf-tls-reneg… Geoffrey Keating