[TLS] backwards compatiblity philosophy and MCSV (was Re: Last Call: draft-ietf-tls-renegotiation)
Chris Newman <Chris.Newman@Sun.COM> Fri, 04 December 2009 23:54 UTC
Return-Path: <Chris.Newman@Sun.COM>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 47B8E3A6A73 for <tls@core3.amsl.com>; Fri, 4 Dec 2009 15:54:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.046
X-Spam-Level:
X-Spam-Status: No, score=-6.046 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0mwldNdbhgkW for <tls@core3.amsl.com>; Fri, 4 Dec 2009 15:54:32 -0800 (PST)
Received: from sca-es-mail-2.sun.com (sca-es-mail-2.Sun.COM [192.18.43.133]) by core3.amsl.com (Postfix) with ESMTP id 5C3AB3A6A6F for <tls@ietf.org>; Fri, 4 Dec 2009 15:54:28 -0800 (PST)
Received: from fe-sfbay-10.sun.com ([192.18.43.129]) by sca-es-mail-2.sun.com (8.13.7+Sun/8.12.9) with ESMTP id nB4NsJHw014337 for <tls@ietf.org>; Fri, 4 Dec 2009 15:54:19 -0800 (PST)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-disposition: inline
Content-type: text/plain; CHARSET="US-ASCII"; format="flowed"
Received: from conversion-daemon.fe-sfbay-10.sun.com by fe-sfbay-10.sun.com (Sun Java(tm) System Messaging Server 7u2-7.04 64bit (built Jul 2 2009)) id <0KU500D00JIPT700@fe-sfbay-10.sun.com> for tls@ietf.org; Fri, 04 Dec 2009 15:54:19 -0800 (PST)
Received: from [10.1.110.5] ([unknown] [10.1.110.5]) by fe-sfbay-10.sun.com (Sun Java(tm) System Messaging Server 7u2-7.04 64bit (built Jul 2 2009)) with ESMTPSA id <0KU500ASVJQG6QB0@fe-sfbay-10.sun.com>; Fri, 04 Dec 2009 15:54:18 -0800 (PST)
Date: Fri, 04 Dec 2009 15:54:16 -0800
From: Chris Newman <Chris.Newman@Sun.COM>
Sender: Chris.Newman@Sun.COM
To: mrex@sap.com
Message-id: <5B460507C5B45BE8C29D4E33@446E7922C82D299DB29D899F>
X-Mailer: Mulberry/4.0.8 (Mac OS X)
Cc: tls@ietf.org
Subject: [TLS] backwards compatiblity philosophy and MCSV (was Re: Last Call: draft-ietf-tls-renegotiation)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2009 23:54:33 -0000
--On December 2, 2009 20:30:09 +0100 Martin Rex <mrex@sap.com> wrote: > I wrote up my proposal after realizing that some people just did > not care about the obvious and serious disruptive nature for the > interoperability in productive environments and existing usage scenarios > of the original proposal which contained this: > > 4.3. SSLv3 > > SSLv3 does not support extensions and thus it is not possible to > securely renegotiate with SSLv3. The crux of the philosophical difference we are having is how we treat backwards compatibility. My position: 1. Backwards compatibility with IETF standards track RFCs is important. 2. Backwards compatibility with widely deployed critical software is important, although there are caveats if that software/maker demonstrated bad faith or if the accommodation mechanism is too expensive or heuristic. 3. Other forms of backwards compatibility are usually a bad thing. They create code bloat and specification complexity that increases maintenance cost, necessary domain expertise training costs, and allows the standard to drift away from a clean architecture into a jumble of special cases. Also rewarding vendors that ship incompliant implementations by accommodating them by default simply leads to more incompliant implementations and standards drift which is bad for consumers and the industry. I'm now convinced there's enough SSLv3 out there that it falls into category 2, so the old section 4.3 was not acceptable -- we at least need to allow the RI extension to be added to SSLv3 implementations. But extensions-intolerant servers fall into category 3 in my estimation unless I see compelling evidence they fall in category 2. I used to be more willing to move things to category 2 when doing design work. But after experiencing staff contractions during the tech bubble burst and recent recession, the cost of backwards compatibility baggage has become so clear to me that I set a high bar to put anything in category 2. Also I place a high value on extension mechanisms as every successful IETF protocol that lacked one eventually had to add it as a core protocol feature (POP, SMTP, TLS, LDAP, etc). A protocol without clean extensibility is at best mis-designed and the sooner that is fixed, the better for all consumers of the protocol. You seem to believe backwards compatibility is unquestionably a good thing, at least when fixing a security vulnerability. We disagree on that point and I'm not likely to change my philosophy given my experience. Right now I oppose MCSV but can live with the compromise in draft-ietf-tls-renegotiation-01 because I can choose not to generate that special case in my software and believe it will eventually go away. If you want my support for MCSV, provide sufficient evidence to convince me that extensions-intolerant SSLv3 servers fall into category 2. Otherwise we simply hold different positions and further discussion is pointless. - Chris
- [TLS] backwards compatiblity philosophy and MCSV … Chris Newman
- Re: [TLS] backwards compatiblity philosophy and M… Marsh Ray
- Re: [TLS] backwards compatiblity philosophy and M… Nelson B Bolyard