IETF Logo Mail Archive

Re: [TLS] The risk of misconfiguration

Yoav Nir <ynir.ietf@gmail.com> Thu, 08 May 2014 06:41 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B98371A0574 for <tls@ietfa.amsl.com>; Wed, 7 May 2014 23:41:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ooyvQHY6vvLe for <tls@ietfa.amsl.com>; Wed, 7 May 2014 23:41:09 -0700 (PDT)
Received: from mail-wi0-x230.google.com (mail-wi0-x230.google.com [IPv6:2a00:1450:400c:c05::230]) by ietfa.amsl.com (Postfix) with ESMTP id 0B89C1A04DC for <tls@ietf.org>; Wed, 7 May 2014 23:41:08 -0700 (PDT)
Received: by mail-wi0-f176.google.com with SMTP id n15so7546337wiw.15 for <tls@ietf.org>; Wed, 07 May 2014 23:41:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=SHaXX7hVihjrHWYFl4Q+v/+e8L8mj6d2oMjguuJrqt8=; b=c9CyASUcLeLDaJYvTxdAhgUkmlAeAucGvp8VhoLR/0HxfyUCA7K2jPcJU+zV3dRs4W UaOuEY2Z3I678GG6l7OTUMLcFo9W4XKmVymp3974PPRbPqE8HY+KVnl6iW2E8pvWmk6r 0i3e4LaOSOlAGX0LXgEsj68CZy1nASmqWYs3R2yRKje403/gpEBAdBXEesBUvrUedqjW OZmjPEKSKD8pZ9GlPQKBXqnxYfVrZBQLDUegQbqpPbzHz+T3Ew2aV2ih0FPa/wzH0gCU Mj4k66+wdK1Hijc6l3V/CA2t2GUb938hD9cHTKtlmdkpKhZKDmry5C5XuR7ylqK+GXE7 Ezqw==
X-Received: by 10.180.11.239 with SMTP id t15mr1893033wib.25.1399531264199; Wed, 07 May 2014 23:41:04 -0700 (PDT)
Received: from [172.24.249.242] (dyn32-131.checkpoint.com. [194.29.32.131]) by mx.google.com with ESMTPSA id fw13sm2103531wic.6.2014.05.07.23.41.03 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 07 May 2014 23:41:03 -0700 (PDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <2A0EFB9C05D0164E98F19BB0AF3708C7130A13E47E@USMBX1.msg.corp.akamai.com>
Date: Thu, 08 May 2014 09:40:57 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <E78496F5-0992-4286-927C-B92FB788D8AE@gmail.com>
References: <2A0EFB9C05D0164E98F19BB0AF3708C7130A13E3A2@USMBX1.msg.corp.akamai.com> <536A8804.8000207@akr.io> <CAK3OfOgVAg8MLSmRVLe-6vVVzX361xYo4uma3-GQQmn=qoWWbQ@mail.gmail.com> <CACsn0ckrnbQbz-KCEY6u-WU7ULPTQv46g3noz44jMjW5HmFU0g@mail.gmail.com> <CAK3OfOiSKkeknHMwS-a90rR4hF9J9HaNn_XL_b75Mrx3o_wVMQ@mail.gmail.com> <CACsn0cksBt3Mj587cG-U5O5=Kc2p5T1NCP_-LrMRBv1V2hR2wQ@mail.gmail.com> <CAK3OfOibPMSriPsgO286PEZ=N+sdnuDpPyJ_xDr9KdATA_QjLQ@mail.gmail.com> <CACsn0cmB3TQVzsCthYCuY1q-z10wPbmat32Ys9ABT361fYNZLQ@mail.gmail.com> <CAK3OfOgan_JvsuwGNgpzk4tUfoo+JhxbNaHkbZCtAs7DHufr-w@mail.gmail.com> <CACsn0cmeq66S8LS38FmooWpOf534Gda5t09Ro1F3anLb-fJMMQ@mail.gmail.com> <20140508001532.GG27883@mournblade.imrryr.org> <CACsn0ck4mq3LnUwmBwBTgtuA+tHW9_FLHi1zdkz-ApkmtZs7eg@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7130A13E47E@USMBX1.msg.corp.akamai.com>
To: Watson Ladd <watsonbladd@gmail.com>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/6IvkI2W2vMy0JDCZBvcKwkmYk3Q
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] The risk of misconfiguration
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 May 2014 06:41:10 -0000

On May 8, 2014, at 4:06 AM, Salz, Rich <rsalz@akamai.com> wrote:

>>> The solution to avoid accidental use of NULL ciphers is in the client 
>>> API, no client HELLO should ever include a mixture of NULL and 
>>> non-NULL ciphers-suites.
> 
>> Why not make that a MUST in the RFC, and the same for anonymous DH?
>> I think this solves most of the configuration issues without making any uses impossible.
> 
> I think this is worth serious consideration.

I agree that it’s worth consideration, but we have to be clear on what we’re making a MUST here.

We can mandate that clients don’t mix NULL and non-NULL ciphersuites in the ClientHello. In that case, if some client does send a mixture of NULL and non-NULL, we can point to the implementers and say “your client is not compliant with the RFC”. And they could reply that it’s possible to configure their client to comply. I don’t know how much that helps security, but it seems like a strange way to force something that is basically a  UI/API issue. BTW: does 40-bit export level DES go with the NULL or the non-NULL? Don’t answer that. That’s just me being facetious.

The other thing we could mandate is that servers validate the ClientHello, to make sure that it doesn’t contain ciphersuites of both kinds. That would actually help, because it would drive misconfigured clients off the Internet rather than into potentially insecure modes, but that’s one reason server makers would resist having this change.

Regarding ADH I’m not sure. It makes sense that clients that don’t require server identity should not be blocked just because the server insists on authenticating itself. OTOH you could make the same argument for clients that don’t require confidentiality. So I don’t know where I stand on this.

Yoav

v2.23.0 | Report a Bug | By Email