On 04/07/2016 06:36 AM, Alex Bligh wrote:
> On 7 Apr 2016, at 13:13, Alex Bligh <a...@alex.org.uk> wrote:
>> I guess it's worth documenting
>> this, though I thought it was obvious.
> The next version will have this section:
> ### Downgrade attacks
> A danger inherent in any scheme       relying on the negotiation

too much space

> of whether TLS should be employed is downgrade attacks.
> There are two main dangers:
> * A Man-in-the-Middle (MitM) hijacks a session and impersonates
>   the server (possibly by proxying it) claiming       not to support
>   TLS. In this manner, the client is confused into operating
>   in a plain-text manner with the MitM (with the session possibly
>   being       proxied in plain-text to the server using the method
>   below).

looks like too much space is a problem in general in this rough draft;
I'll quit pointing it out and assume you will reflow before final

> * The MitM hijacks a session and impersonates the client
>   (possibly by proxying       it) claiming not to support TLS. In
>   this manner the server is confused into oeprating in a plain-text


>   manner with the MitM (with the session being possibly
>   proxied to the server with the method above).


> With regard to the first, any client that does not wish
> to be subject to potential downgrade attack SHOULD ensure
> that if       a TLS endpoint is specified by the client, it
> ensures       that TLS is negotiated prior to sending or
> requesting sensitive data. To recap, yhe client MAY send


> `NBD_OPT_STARTTLS` at any point       during option haggling,
> and MAY       disconnect the session if `NBD_REP_ACK` is not
> provided.

Probably want to add: "but the client SHOULD strongly consider sending
`NBD_OPT_STARTTLS` as its first option"

> With regard to the second, any server that does       not wish
> to be subject to a potential downgrade attack SHOULD either
> used FORCEDTLS mode, or       should force TLS on those exports
> it is concerned about using SELECTIVE mode and TLS-only
> exports. It is not possible to avoid downgrade attacks
> on exports which are may be served either via TLS or
> in plain text.

Probably want to add: "OPTIONALTLS mode SHOULD NOT be used if there is a
potential for man-in-the-middle attacks"

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to