Re: [TLS] Metadiscussion on changes in draft-ietf-tls-renegotiation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Jan 29, 2010, at 3:54 PM, Stefan Santesson wrote:

> The key is though that being liberal is only an option when this does not
> hurt security, and that is a tricky balance act.

I'm not sure why you say that. Marsh's example of HTML shows interop issues that came from being liberal that had nothing to do with security. Allowing SCSV + RI doesn't hurt security, but that's not an argument for allowing it.

> I totally agree in principle. However, if a renegotiating client sends a
> full RI extension with valid data AND the client also sends SCSV, then what
> security problem is introduced by allowing the renegotiation (i.e. Not
> aborting)

None.

> Hence, the "MUST abort" requirement seems like an unmotivated restriction.
> I'm not saying that we have to change the current draft, I'm just curious to
> understand the real benefits of this requirement.

I'm not convinced that there is a real benefit one way or the other. People have been disagreeing about which is better, but none of the arguments on either side have been very convincing.

> 
> 
>>> So This "MUST NOT" requirement will likely be
>>> ignored by some implementations.
>> 
>> They should expect the market to hold them accountable if problems result.
>> 
>> The implementers on this list have indicated they could produce
>> interoperable implementations of this spec. And they appear to have
>> proven it by demonstrating implementations which actually interoperate.
>> 
> 
> Again, based on what I have seen, I would not be surprised.
> I don't think being accountable to the market is a very strong threat if a
> safe adjustment to a more liberal processing helps customers to avoid
> interop problems while maintaining the security of the protocol.

It seems rather unlikely that disallowing SCSV + RI is going to cause interop problems. An implementor who hasn't bothered to read the 1700+ emails about this is going to determine pretty quickly that SCSV + RI is not in spec during normal testing if the MUST NOT was overlooked in the spec.

Given that there are no security concerns and the interop concerns seem pretty minor at best, it makes sense to me to publish and get the fix out sooner rather than spending another month arguing about something, that in the end, doesn't change the security guarantees of TLS.

-- 
Steve Checkoway




_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]