IETF Logo Mail Archive

Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)

"Steingruebl, Andy" <asteingruebl@paypal-inc.com> Tue, 09 November 2010 05:30 UTC

Return-Path: <asteingruebl@paypal-inc.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9755D3A6905 for <tls@core3.amsl.com>; Mon, 8 Nov 2010 21:30:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.117
X-Spam-Level:
X-Spam-Status: No, score=-5.117 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_RFC_BOGUSMX=1.482, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id prgswhUoNFCb for <tls@core3.amsl.com>; Mon, 8 Nov 2010 21:30:14 -0800 (PST)
Received: from den-mipot-002.corp.ebay.com (den-mipot-002.corp.ebay.com [216.113.175.153]) by core3.amsl.com (Postfix) with ESMTP id 83EF93A68EC for <tls@ietf.org>; Mon, 8 Nov 2010 21:30:08 -0800 (PST)
DomainKey-Signature: s=ppinc; d=paypal-inc.com; c=nofws; q=dns; h=X-EBay-Corp:X-IronPort-AV:Received:Received:From:To:CC: Date:Subject:Thread-Topic:Thread-Index:Message-ID: References:In-Reply-To:Accept-Language:Content-Language: X-MS-Has-Attach:X-MS-TNEF-Correlator:acceptlanguage: x-ems-proccessed:x-ems-stamp:Content-Type: Content-Transfer-Encoding:MIME-Version:X-CFilter; b=ru14XfU7dMT5Ztn1yZWg2TA253gXJapDSdvmGF5NAWFiiFnP82RlWqAe 3uKPIZxYGc/WtbSEK6qYbASkHDnROSV/954kpoSB7wf2Zga2nUWL9RIly zZPFOe0BwTrHnfl;
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=paypal-inc.com; i=asteingruebl@paypal-inc.com; q=dns/txt; s=ppinc; t=1289280637; x=1320816637; h=from:to:cc:date:subject:message-id:references: in-reply-to:content-transfer-encoding:mime-version; z=From:=20"Steingruebl,=20Andy"=20<asteingruebl@paypal-inc .com>|To:=20Bill=20Frantz=20<frantz@pwpconsult.com>,=20Ma rsh=20Ray=20<marsh@extendedsubset.com>|CC:=20"tls@ietf.or g"=20<tls@ietf.org>|Date:=20Mon,=208=20Nov=202010=2022:30 :28=20-0700|Subject:=20RE:=20[TLS]=20Security=20concerns =20around=20co-locating=20TLS=20and=20non-secure=0D=0A=09 on=20same=20port=20(WGLC:=20draft-ietf-tsvwg-iana-ports-0 8)|Message-ID:=20<5EE049BA3C6538409BBE6F1760F328ABEB184BD 192@DEN-MEXMS-001.corp.ebay.com>|References:=20<4CD8B412. 2070402@extendedsubset.com>=0D=0A=20<r314ps-1064i-D51EC84 6197943E9A42B2326D660B8B1@Bill-Frantzs-MacBook-Pro.local> |In-Reply-To:=20<r314ps-1064i-D51EC846197943E9A42B2326D66 0B8B1@Bill-Frantzs-MacBook-Pro.local> |Content-Transfer-Encoding:=20quoted-printable |MIME-Version:=201.0; bh=2Zfq8k0GWUZn6cBawrwbLcQRI+TWxQVUP5IKvdwf5d4=; b=Ie4fY18Csak/G4FiI7R0NbkWvn2Kw1Fkhxa1oTKFzllZ23vYEAlGmV6l gl+k9Lcco+w37i7kzUlWqG9Twa1/C2F8P8OGdrqurcEUq94c1mnOFJwE3 GMtkO6Ri1PuIbTz;
X-EBay-Corp: Yes
X-IronPort-AV: E=Sophos;i="4.59,173,1288594800"; d="scan'208";a="72967725"
Received: from den-vtenf-001.corp.ebay.com (HELO DEN-MEXHT-002.corp.ebay.com) ([10.101.112.212]) by den-mipot-002.corp.ebay.com with ESMTP; 08 Nov 2010 21:30:28 -0800
Received: from DEN-MEXMS-001.corp.ebay.com ([10.241.16.225]) by DEN-MEXHT-002.corp.ebay.com ([10.241.17.53]) with mapi; Mon, 8 Nov 2010 22:30:28 -0700
From: "Steingruebl, Andy" <asteingruebl@paypal-inc.com>
To: Bill Frantz <frantz@pwpconsult.com>, Marsh Ray <marsh@extendedsubset.com>
Date: Mon, 08 Nov 2010 22:30:28 -0700
Thread-Topic: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)
Thread-Index: Act/zlknQ6cT62/HRSObquiZgZWPSQAAI4HA
Message-ID: <5EE049BA3C6538409BBE6F1760F328ABEB184BD192@DEN-MEXMS-001.corp.ebay.com>
References: <4CD8B412.2070402@extendedsubset.com> <r314ps-1064i-D51EC846197943E9A42B2326D660B8B1@Bill-Frantzs-MacBook-Pro.local>
In-Reply-To: <r314ps-1064i-D51EC846197943E9A42B2326D660B8B1@Bill-Frantzs-MacBook-Pro.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
x-ems-proccessed: 10SqDH0iR7ekR7SRpKqm5A==
x-ems-stamp: dEIUcEEH7d3Q4rECJcVEcw==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter: Scanned
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2010 05:30:16 -0000

> -----Original Message-----
> From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of Bill
> Frantz
> 
> Is my home WiFi router pwned? How about the one at the airport?
> The one at the coffee shop where I know the owner? The one set up by the
> conference committee?

Some of us are actually trying to get some real stats on that.  We have existence proofs, but I don't have a likelihood measure.  

Anyone else working on getting those statistics?  Perhaps we can share data...

- Andy

v2.23.0 | Report a Bug | By Email