Re: [secdir] [TLS] secdir review of

"Jeffrey A. Williams" <jwkckid1@ix.netcom.com> Fri, 24 September 2010 22:15 UTC

Return-Path: <jwkckid1@ix.netcom.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8D3283A6AC0; Fri, 24 Sep 2010 15:15:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.464
X-Spam-Level:
X-Spam-Status: No, score=-1.464 tagged_above=-999 required=5 tests=[AWL=0.820, BAYES_00=-2.599, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A0--0CpZLpnt; Fri, 24 Sep 2010 15:15:16 -0700 (PDT)
Received: from elasmtp-galgo.atl.sa.earthlink.net (elasmtp-galgo.atl.sa.earthlink.net [209.86.89.61]) by core3.amsl.com (Postfix) with ESMTP id 345863A6A91; Fri, 24 Sep 2010 15:15:05 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=ix.netcom.com; b=I8hsuBhNeUkoFqFeoP9Fn9By1K3xWOzCmQYrq/KFrNqN8WxY8PuGYwHceJsKTpWE; h=Message-ID:Date:From:Reply-To:To:Subject:Cc:Mime-Version:Content-Type:Content-Transfer-Encoding:X-Mailer:X-ELNK-Trace:X-Originating-IP;
Received: from [209.86.224.42] (helo=elwamui-muscovy.atl.sa.earthlink.net) by elasmtp-galgo.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <jwkckid1@ix.netcom.com>) id 1OzGYK-00071t-8I; Fri, 24 Sep 2010 18:15:36 -0400
Received: from 99.93.224.206 by webmail.earthlink.net with HTTP; Fri, 24 Sep 2010 18:15:35 -0400
Message-ID: <7248432.1285366536103.JavaMail.root@elwamui-muscovy.atl.sa.earthlink.net>
Date: Fri, 24 Sep 2010 17:15:35 -0500 (GMT-05:00)
From: "Jeffrey A. Williams" <jwkckid1@ix.netcom.com>
To: Robert Relyea <rrelyea@redhat.com>, mrex@sap.com
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Mailer: EarthLink Zoo Mail 1.0
X-ELNK-Trace: c8e3929e1e9c87a874cfc7ce3b1ad11381c87f5e51960688c2c6bf9cb4ca647aad8afc34653425aa350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 209.86.224.42
X-Mailman-Approved-At: Fri, 24 Sep 2010 18:36:44 -0700
Cc: tls@ietf.org, secdir@ietf.org, certid@ietf.org, iesg@ietf.org
Subject: Re: [secdir] [TLS] secdir review of
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: "Jeffrey A. Williams" <jwkckid1@ix.netcom.com>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Sep 2010 22:15:22 -0000

bob and all,

  I think Bob's exactly right here.  Thanks bob for being
so concise.  >:)


-----Original Message-----
>From: Robert Relyea <rrelyea@redhat.com>;
>Sent: Sep 24, 2010 5:00 PM
>To: mrex@sap.com
>Cc: tls@ietf.org, secdir@ietf.org, certid@ietf.org, iesg@ietf.org, barryleiba@computer.org, jhutz@cmu.edu
>Subject: Re: [TLS] [secdir] secdir review of
>
>On 09/24/2010 01:29 PM, Martin Rex wrote:
>> Peter Saint-Andre wrote:
>>   
>>> For context, the "quoted advice" is mostly a description of current
>>> usage in some existing user agents. Incorporating Barry's suggestions,
>>> that text currently reads as follows in our working copy:
>>>
>>>       Security Note: Some existing interactive user agents give advanced
>>>       users the option of proceeding despite an identity mismatch.
>>>       Although this behavior can be appropriate in certain specialized
>>>       circumstances, in general it ought to be exposed only to advanced
>>>       users and even then needs to be handled with extreme caution, for
>>>       example by first encouraging even an advanced user to terminate
>>>       the connection and, if the advanced user chooses to proceed
>>>       anyway, by forcing the user to view the entire certification path
>>>       and only then allowing the user to accept the certificate on a
>>>       temporary basis (i.e., for this connection attempt and all
>>>       subsequent connection attempts for the life of the application
>>>       session, but not for connection attempts during future application
>>>       sessions).
>>>     
>> This whole paragraph is evil and completely wrong.
>>
>> It's bad enough that the web browser crowds replaced a useful option
>> and important security feature with an extremely evil scary page.
>>   
>
>No, this paragraph is exactly what should happen. Click through dialogs
>are demonsterably useless. They train users to ignore them. The only
>place for them is if you decide that validation is not necessary.
>> Offering to end-users, in a single-time-only leap-of-faith approach similar
>> to what SSH has been successfully doing since its invention to memorize
>> the peers certificate is magnitudes more secure than the endpoint
>> identification linking to one of a hundred trust anchors, provisionally
>> preconfigured by your software supplier.
>>   
>SSH is good for small numbers of point to point connections where the
>user controls both sides. SSH model is not appropriate for the general
>population connection to millions of webservers. That is why SSH is used
>extensively in admin deployments (where the admin controls both
>machines) and is not used for e-commerce. If you want that semantic use
>SSH. If you want security for the masses, use SSL (with full PKI).
>
>
>[ case where SSL is being used for an SSH use case deleted]
>
>bob
>

Regards,
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 300k members/stakeholders and growing, strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is very
often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B; liability
depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of
Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com
Phone: 214-244-4827