IETF Logo Mail Archive

Re: [certid] review of draft-saintandre-tls-server-id-check-09

Martin Rex <mrex@sap.com> Fri, 24 September 2010 15:11 UTC

Return-Path: <mrex@sap.com>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 644B63A6A94 for <certid@core3.amsl.com>; Fri, 24 Sep 2010 08:11:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.812
X-Spam-Level:
X-Spam-Status: No, score=-9.812 tagged_above=-999 required=5 tests=[AWL=0.437, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0N9FErdgoHno for <certid@core3.amsl.com>; Fri, 24 Sep 2010 08:10:52 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.170]) by core3.amsl.com (Postfix) with ESMTP id 5A2993A6AAD for <certid@ietf.org>; Fri, 24 Sep 2010 08:10:50 -0700 (PDT)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id o8OFBG3O006274 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 24 Sep 2010 17:11:21 +0200 (MEST)
From: Martin Rex <mrex@sap.com>
Message-Id: <201009241511.o8OFBFO9005613@fs4113.wdf.sap.corp>
To: matt@mattmccutchen.net (Matt McCutchen)
Date: Fri, 24 Sep 2010 17:11:14 +0200 (MEST)
In-Reply-To: <1285305244.1939.353.camel@mattlaptop2.local> from "Matt McCutchen" at Sep 24, 10 01:14:04 am
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal08
X-SAP: out
Cc: certid@ietf.org
Subject: Re: [certid] review of draft-saintandre-tls-server-id-check-09
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: Representation and verification of identity in certificates <certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Sep 2010 15:11:00 -0000

Matt McCutchen wrote:
> 
> On Thu, 2010-09-23 at 03:48 +0200, Martin Rex wrote:
> > 
> > Thinking about it, I feel slightly uneasy about some redirects, such as
> > https://gmail.com  -> 301 ->  https://mail.google.com/mail
> 
> The point from the draft was about a service that maps source domains to
> target domains.  A HTTP redirect is different: it is an instruction to
> restart the process with a new source domain.


Admittedly, the processing of redirects happens at application software
layers higher up the stack and for seperate TLS handshakes, whereas
server endpoint identification is performed for a single TLS-Handshake
directly above TLS.  But that does not mean that there is no security
problem.


I'm trying to describe this behaviour in real world terms, maybe
it becomes clearer that way.


The current "server endpoint identification" would mean for the
real world that you perform the matching when you enter the
building (a store, gov. agency, bank, hotel, ...), and from
that point on, blindly trust everything what happens to you.

Now imagine a subsidiary of Western Union on an exceptionally
busy time of the day with several people waiting in line
waiting to arrage for a money order with cash they're carrying.

Someone approaches a customer waiting in line and tells him
that they've set up an additional teller in a camping truck
across the street where they can place their money order.
The browser behaviour, to blindly following 301 to other
servers without second thoughts is a serious security problem.


The problem arises because of the complete disconnect between the
authentication (or its weak server identification substitute) of
an area (or building) on entrance and the expectation what kind
of protection this actually provides on the valuable/sensitive/confidential
data of the end user.


This is much less an issue of vulnerabilities in terms of probabilistic
infeasibility, but instead a matter of sensible risk management.
Server endpoint identification performed by current browsers,
even when performed technically as described in the current draft,
provides an extremely false sense of security to the end user.

The "secure link" between the end users intention (who supplied
https://gmail.com) and what the browser actually does
(blindly follow the redirect to https://mail.google.com) is missing.
The reference identifier that is passed into the server endpoint
identification for the TLS handshake performed with https://mail.google.com
results from an untrusted name transformation, and this
is very relevant for the security considerations of this I-D.


Getting trust decisions right is *much* harder than encrypting and
integrity protecting communication data or performing certificate
path validations.


-Martin

v2.8.7 | Report a Bug | By Email