[saag] The real Heartbleed problem
Phillip Hallam-Baker <hallam@gmail.com> Fri, 11 April 2014 12:21 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05E431A0689 for <saag@ietfa.amsl.com>; Fri, 11 Apr 2014 05:21:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BHLuThNypZVx for <saag@ietfa.amsl.com>; Fri, 11 Apr 2014 05:21:11 -0700 (PDT)
Received: from mail-la0-x235.google.com (mail-la0-x235.google.com [IPv6:2a00:1450:4010:c03::235]) by ietfa.amsl.com (Postfix) with ESMTP id 3D0291A0235 for <saag@ietf.org>; Fri, 11 Apr 2014 05:21:11 -0700 (PDT)
Received: by mail-la0-f53.google.com with SMTP id b8so3457891lan.12 for <saag@ietf.org>; Fri, 11 Apr 2014 05:21:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=PcIXNGxw97/Mnu+PbI7XMZ6zPAm4ChM4trHJluvKxu4=; b=FEH4nn1w87TLrDWAjyw+ZmbHg6PUzYxa/WI2EXb00jJ4aMXZUnfhkhKESLRw0l3eoq /YlBRdBjN8blxibGHBhyDeDuvxHWyxfuvI97lYx/VskrlsMLAiE78OP1GLO1iVWvPsZQ JfFngawRkzuRjlRfouwmt0CnEzYFpTTXBafIIauvyXZDYA/+x+REAnH4aRLYkvMKWAA/ cxYectVtep1meQrrcdmqj+KwrWIZAEGZ9HRU1DR9Vz4TDeJpE7oVgmGjft4KidS3aiPM dO+s/lTp9ZgYoAcbauhekm2vRQQZMUtorcySNqAxQ3dQNqHs7p1yZ0wqpAvGz2kakObb m+Rw==
MIME-Version: 1.0
X-Received: by 10.153.11.163 with SMTP id ej3mr16486019lad.17.1397218869183; Fri, 11 Apr 2014 05:21:09 -0700 (PDT)
Received: by 10.112.234.229 with HTTP; Fri, 11 Apr 2014 05:21:09 -0700 (PDT)
Date: Fri, 11 Apr 2014 08:21:09 -0400
Message-ID: <CAMm+Lwi0th8yBk8bW8y3z7t4nY+1unHgMhrzP4wx_KgZYPXyQQ@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: "saag@ietf.org" <saag@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/saag/qjsw3Xlpq2_H9MtVFjgBFyg7eBA
Subject: [saag] The real Heartbleed problem
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Apr 2014 12:21:16 -0000
Right now we have two billion users being told to 'change their passwords' and it will do them absolutely no good because virtually none of the servers they are contacting with their new password will have been updated. The fundamental problem here is that we are using disclosure of bearer tokens as authentication. Passwords and cookies are both terrible ways to authenticate users. There are two parts to this problem, one of them is to get a password validation mechanism into HTML that does not disclose the password to the other side. The other is how to gradually end use of cookies for authentication. The way to do that is to offer an extension to cookies that allows a server to offer a challenge-response option to the client. If the client supports this option it will only present a proof of knowledge of the authentication secret and not the authentication secret itself. Combined with appropriate defenses against replay attacks, and TLS channel binding this can be made a very solid approach. But we are not going to get good security if people are relying on transport layer encryption to secure passwords. https://datatracker.ietf.org/doc/draft-hallambaker-httpsession/ -- Website: http://hallambaker.com/
- [saag] The real Heartbleed problem Phillip Hallam-Baker