IETF Logo Mail Archive

Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-renegotation: next steps

"Kemp, David P." <DPKemp@missi.ncsc.mil> Wed, 16 December 2009 20:01 UTC

Return-Path: <DPKemp@missi.ncsc.mil>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B11953A6900 for <tls@core3.amsl.com>; Wed, 16 Dec 2009 12:01:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.799
X-Spam-Level:
X-Spam-Status: No, score=-5.799 tagged_above=-999 required=5 tests=[AWL=0.800, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mhZgWe0bPvSN for <tls@core3.amsl.com>; Wed, 16 Dec 2009 12:01:34 -0800 (PST)
Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.50.20]) by core3.amsl.com (Postfix) with ESMTP id C15893A67F3 for <tls@ietf.org>; Wed, 16 Dec 2009 12:01:34 -0800 (PST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 16 Dec 2009 15:00:39 -0500
Message-ID: <200912162001.nBGK1K4I028293@stingray.missi.ncsc.mil>
In-Reply-To: <4B292A00.5020901@extendedsubset.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [POSSIBLE SPAM] Re: [TLS] draft-ietf-tls-renegotation: next steps
Thread-Index: Acp+f7COvwxtpENISPu5YWrLxwi2EQAArVJw
References: <200912161658.nBGGwZDb003213@fs4113.wdf.sap.corp> <4B292A00.5020901@extendedsubset.com>
From: "Kemp, David P." <DPKemp@missi.ncsc.mil>
To: tls@ietf.org
X-OriginalArrivalTime: 16 Dec 2009 20:01:42.0578 (UTC) FILETIME=[964E4920:01CA7E8A]
Subject: Re: [TLS] [POSSIBLE SPAM] Re: draft-ietf-tls-renegotation: next steps
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Dec 2009 20:01:35 -0000

Martin's text contradicts the AD's decision ...

Pasi wrote:
> - There was some discussion on whether to add the magic cipher suite
> to patched renegotiation ClientHellos (in addition to the extension),
> too. I believe rough consensus is not to do this.

In addition, the logic of not permitting RI unless some other extension
is used is dubious.  A client with no need to cater to servers that are
both broken and unpatched should not be forced to gin up some other
extension just so it will be allowed to send an empty RI.

Put me down in favor of the existing text:

>    TLS clients which support this draft MUST generate either the
>    "renegotiation_info" extension or the TLS_RENEGO_PROTECTION_REQUEST
>    cipher suite with every ClientHello.

... with possible addition of "or both" just to be perfectly clear that
"either" means or, not exclusive-or.

Dave


-----Original Message-----
From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of
Marsh Ray
Sent: Wednesday, December 16, 2009 1:42 PM
To: mrex@sap.com
Cc: tls@ietf.org
Subject: [POSSIBLE SPAM] Re: [TLS] draft-ietf-tls-renegotation: next
steps
Importance: Low

Martin Rex wrote:
> 
> One possible semantic that would address my technical issues
> would be along these lines:
> 
>    All conforming Clients MUST include the cipher suite value
>    TLS_RENEGO_PROTECTION_REQUEST in the cipher_suites list of _every_
>    ClientHello handshake message they send.  This includes clients
that
>    do not implement renegotiation or have it disabled.  This cipher
>    suite value MAY appear anywhere in the cipher_suites list.
> 
>    Conforming clients that compose an initial ClientHello handshake
>    messages with other TLS extensions, MAY additionally include
>    an empty TLS extension "renegotiation_info".

Current wording
http://tools.ietf.org/html/draft-ietf-tls-renegotiation-01
>    TLS clients which support this draft MUST generate either the
>    "renegotiation_info" extension or the TLS_RENEGO_PROTECTION_REQUEST
>    cipher suite with every ClientHello.

I expect it will be reiterated in the next revision.

How does this not address the fundamental issue?

(Other than it doesn't provide assistance to an implementation which
chooses to conduct an insecure negotiation and subsequent insecure
renegotiation with an old unpatched extensions-intolerant server).

And if not, does anyone propose wording that substantially improves it
without changing the current cryptographic computations (e.g., the PRF
inputs)?

Short and to the point please!

- Marsh

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email