On 07/12/13 17:55, Adam Langley wrote: > On Sat, Dec 07, 2013 at 02:31:29PM +0000, Ralf Skyper Kaiser wrote: >> To let old browsers connect to a host most hosts will support >> weak or broken ciphers for the forseable future. >> >> A feature to pin the CIPHER SUITE would be desirable. > What attacks do you believe will be prevented by this? TLS has cipher > suite negotiation so weak ciphersuites will only be used if it's the > best that the client and server support. > > TLS negotiation can be somewhat subverted by version fallback, as > implemented in browsers, because certain cipher suites depend on a > minimal TLS version. (I.e. AES-GCM needs 1.2 and ECDHE suites need 1.0.) > > However the solution to that is to solve fallback issues. We've tried > just requiring certain TLS versions for servers that we know support it > and that didn't work because there are lots of buggy MITM boxes. So I'm > trying an SCSV now: > https://tools.ietf.org/html/draft-bmoeller-tls-downgrade-scsv-01
Hm, just a quick thought: I am not sure that the main mechanism of the ID of merely "the client indicating that the current connection attempt is only a fallback" is sufficient to protect against downgrading. It could help a little, but is potentially limited, as evil MitM boxes can potentially strip out parameters from the requests. E.g. Moxie's SSL strip tool does already strip out various http headers, secure cookie flags, etc. Having said that, I can still see that scsv could be useful. Just my 5cents, Tobias Ps.: IMHO the benefit of pinning would be that once you have the pin, your browser is resistant to downgrading as it _knows_ that stronger versions/algorithms are in fact available. It might actually even be worthwhile considering to have both scsv and pinning in tandem. > > Cheers > > AGL > _______________________________________________ > websec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/websec _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
