Re: [Syslog] Fingerprint/handshake
"Rainer Gerhards" <rgerhards@hq.adiscon.com> Mon, 26 May 2008 06:46 UTC
Return-Path: <syslog-bounces@ietf.org>
X-Original-To: syslog-archive@megatron.ietf.org
Delivered-To: ietfarch-syslog-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 27FF83A6B3A; Sun, 25 May 2008 23:46:01 -0700 (PDT)
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C20193A6859 for <syslog@core3.amsl.com>; Sun, 25 May 2008 23:45:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.289
X-Spam-Level:
X-Spam-Status: No, score=-2.289 tagged_above=-999 required=5 tests=[AWL=0.310, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NM6M732A-BEl for <syslog@core3.amsl.com>; Sun, 25 May 2008 23:45:57 -0700 (PDT)
Received: from mailin.adiscon.com (hetzner.adiscon.com [85.10.198.18]) by core3.amsl.com (Postfix) with ESMTP id 2B26D3A6B4D for <syslog@ietf.org>; Sun, 25 May 2008 23:45:56 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailin.adiscon.com (Postfix) with ESMTP id EC77E7AE2BC; Mon, 26 May 2008 08:45:53 +0200 (CEST)
Received: from mailin.adiscon.com ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xq4VKS0EKz0M; Mon, 26 May 2008 08:45:53 +0200 (CEST)
Received: from grfint2.intern.adiscon.com (p50989a7c.dip0.t-ipconnect.de [80.152.154.124]) by mailin.adiscon.com (Postfix) with ESMTP id A8DA57AE284; Mon, 26 May 2008 08:45:53 +0200 (CEST)
Content-class: urn:content-classes:message
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Mon, 26 May 2008 08:45:54 +0200
Message-ID: <577465F99B41C842AAFBE9ED71E70ABA309090@grfint2.intern.adiscon.com>
In-Reply-To: <AC1CFD94F59A264488DC2BEC3E890DE505DFD8E5@xmb-sjc-225.amer.cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Syslog] Fingerprint/handshake
Thread-Index: Aci597ZxZLhWgaMcSke8NLzWgHaUOAABInCQAT9t6xA=
References: <003901c8b9f7$b671959d$060013ac@intern.adiscon.com> <AC1CFD94F59A264488DC2BEC3E890DE505DFD8E5@xmb-sjc-225.amer.cisco.com>
From: Rainer Gerhards <rgerhards@hq.adiscon.com>
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>, syslog@ietf.org
Subject: Re: [Syslog] Fingerprint/handshake
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: syslog-bounces@ietf.org
Errors-To: syslog-bounces@ietf.org
Hi Joe, inline > -----Original Message----- > From: Joseph Salowey (jsalowey) [mailto:jsalowey@cisco.com] > Sent: Friday, May 23, 2008 8:21 PM > To: Rainer Gerhards; syslog@ietf.org > Subject: RE: [Syslog] Fingerprint/handshake > > The fingerprint check should be done where certificate validation would > be done. This is typically done within the handshake itself, I agree to this, but have found this to be problematic with some TLS libraries. Of course, that doesn't mean the standard needs to change, but I would still like to provide some implementation feedback. With GnuTLS, for example, you can do the final authentication only after the handshake [1]. With NSS, it can be done during the handshake. As of my understanding, OpenSSL does support it after the handshake only (but I have not actually used OpenSSL, this is based on my understanding after reading doc). This brings me to the conclusion that, at least in some environments I may be forced to delay the authentication check to after the handshake. > because if > the validation fails you do not want to send or receive data on the > connection. I suppose you could implement the check after the > handshake, but you need to make sure you do not send or receive > application before successful validation has occurred. This is where it gets really problematic. We get into a race condition here. Remember that syslog is simplex and works without any app-level acks (in -transport-tls). If the client authenticates the server, everything is fine. Authentication fails, client never sends data and the session is terminated. Everything is fine. But if the server authenticates the client (and authentication fails), the client will still receive the server's TLS Finished message. After that, the server drop connection. HOWEVER, the client blindly sending data doesn't know this until at least the second message sent (due to local buffering at the client). *After* some messages, the client gets a connection broken indication, but at this point it is too late to react intelligently. In essence, those messages sent after the initial handshake are lost. Even worse, the client "gets the impression" that the remote server is accepting its connection requests. This is because there is no failure indication after the handshake. This can lead to more frequent retries. This problem is rooted in the underlying plain tcp transport. I have described it in [2]. It's inherent to all plain tcp syslog implementations. RFC3195 is a cure for it. With TLS auth, it just gets to a new magnitude as it will now happen every time during a failed authentication. This is not a theoretic issue but one I can reliable reproduce in my lab with actual software. Actually, I am unable to NOT reproduce it - there is no work-around for this problem (at least I have found none). Again, I am not trying to say we need to change anything. I am providing real world feedback. It may be worth, however, adding a note or two to the I-D describing these issues. Rainer [1] http://lists.gnu.org/archive/html/help-gnutls/2008-05/msg00017.html (full conversation, long) [2] http://blog.gerhards.net/2008/04/on-unreliability-of-plain-tcp-syslog.ht ml _______________________________________________ Syslog mailing list Syslog@ietf.org https://www.ietf.org/mailman/listinfo/syslog
- [Syslog] Fingerprint/handshake Rainer Gerhards
- Re: [Syslog] Fingerprint/handshake Joseph Salowey (jsalowey)
- Re: [Syslog] Fingerprint/handshake Rainer Gerhards
- Re: [Syslog] Fingerprint/handshake Joseph Salowey (jsalowey)
- Re: [Syslog] Fingerprint/handshake Rainer Gerhards
- Re: [Syslog] Fingerprint/handshake Balazs Scheidler
- Re: [Syslog] Fingerprint/handshake Rainer Gerhards
- Re: [Syslog] Fingerprint/handshake tom.petch
- Re: [Syslog] Fingerprint/handshake Balazs Scheidler