Re: [hybi] Why not just use ssh?

Adam Barth <ietf@adambarth.com> Wed, 01 September 2010 20:49 UTC

Return-Path: <ietf@adambarth.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B8D7E3A6846 for <hybi@core3.amsl.com>; Wed, 1 Sep 2010 13:49:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.801
X-Spam-Level:
X-Spam-Status: No, score=-1.801 tagged_above=-999 required=5 tests=[AWL=-0.424, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_33=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ET1PfBJvmm-W for <hybi@core3.amsl.com>; Wed, 1 Sep 2010 13:49:01 -0700 (PDT)
Received: from mail-qw0-f44.google.com (mail-qw0-f44.google.com [209.85.216.44]) by core3.amsl.com (Postfix) with ESMTP id 666953A6880 for <hybi@ietf.org>; Wed, 1 Sep 2010 13:49:01 -0700 (PDT)
Received: by qwc9 with SMTP id 9so7415913qwc.31 for <hybi@ietf.org>; Wed, 01 Sep 2010 13:49:31 -0700 (PDT)
Received: by 10.224.54.13 with SMTP id o13mr5515216qag.228.1283374170776; Wed, 01 Sep 2010 13:49:30 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by mx.google.com with ESMTPS id t4sm11553155qcs.40.2010.09.01.13.49.29 (version=SSLv3 cipher=RC4-MD5); Wed, 01 Sep 2010 13:49:29 -0700 (PDT)
Received: by ywk9 with SMTP id 9so3864921ywk.31 for <hybi@ietf.org>; Wed, 01 Sep 2010 13:49:29 -0700 (PDT)
Received: by 10.151.49.1 with SMTP id b1mr4316508ybk.53.1283374168946; Wed, 01 Sep 2010 13:49:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.187.218 with HTTP; Wed, 1 Sep 2010 13:48:58 -0700 (PDT)
In-Reply-To: <CA566BAEAD6B3F4E8B5C5C4F61710C110FAFBEF4@TK5EX14MBXW605.wingroup.windeploy.ntdev.microsoft.com>
References: <d48398080b610405d982ffd924f58e27.squirrel@sm.webmail.pair.com> <AANLkTin8CiHFoOSFdcRPern5YY-FdODC4GST+BrP3t_j@mail.gmail.com> <AANLkTi=fn2JE7a0b_0KFFLwq3eG_-xnaRazXAMPGi0N3@mail.gmail.com> <CA566BAEAD6B3F4E8B5C5C4F61710C110FAFBCBD@TK5EX14MBXW605.wingroup.windeploy.ntdev.microsoft.com> <AANLkTinE1MB10nUhpnU-SC+aLjPmFyu3NhjLC1-wMmW7@mail.gmail.com> <CA566BAEAD6B3F4E8B5C5C4F61710C110FAFBEF4@TK5EX14MBXW605.wingroup.windeploy.ntdev.microsoft.com>
From: Adam Barth <ietf@adambarth.com>
Date: Wed, 01 Sep 2010 13:48:58 -0700
Message-ID: <AANLkTim5Wsfohbn2S0jpm6CDkq+xFcpzDTRWJ0YXWbcg@mail.gmail.com>
To: Gabriel Montenegro <gmonte@microsoft.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "hybi@ietf.org" <hybi@ietf.org>
Subject: Re: [hybi] Why not just use ssh?
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Sep 2010 20:49:03 -0000

On Wed, Sep 1, 2010 at 1:17 PM, Gabriel Montenegro <gmonte@microsoft.com> wrote:
>> > I might have missed that part of the discussion, but, if the server is replying to
>> an Upgrade (perhaps over HTTPS) with a 101, and with a random nonce sent by
>> the client, how is this vulnerable to a cross-protocol attack?
>>
>> Cross-protocol attacks are quite subtle and generally take years to uncover.
>> Your statement is roughly equivalent to "protocol XYZ uses encryption, it might
>> be secure against man-in-the-middle attacks, right?"
>
> Not sure how you made that jump. Along the lines of the above, your statement then could be claimed to be "roughly equivalent" to:
>
> "protocol XYZ uses TLS-NPN, obviously it will be impervious to as yet unknown and undiscovered attacks"
>
> Neither statement makes much sense, but luckily nobody's said either of the above. We design protocols based on plausible threat models. If we don't know all the attacks, then increased complexity is not necessarily the answer. Often times it has the opposite effect.

I claim that the TLS+NPN protocol that I sent to the list earlier
resists cross-protocol attacks, which are a clear and plausible threat
model.  The security argument is fairly straightforward.

As for complexity, the TLS-only model is less complex than the
existing handshake, as evidenced by the fact that I would describe it
completely simply by deleting text from the current draft.

Adam