IETF Logo Mail Archive

Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)

Chris Newman <chris.newman@oracle.com> Thu, 10 February 2011 02:12 UTC

Return-Path: <chris.newman@oracle.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A8DBD3A682D; Wed, 9 Feb 2011 18:12:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.05
X-Spam-Level:
X-Spam-Status: No, score=-104.05 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, J_CHICKENPOX_34=0.6, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rVW+bn-t9ZdI; Wed, 9 Feb 2011 18:12:14 -0800 (PST)
Received: from brmea-mail-1.sun.com (brmea-mail-1.Sun.COM [192.18.98.31]) by core3.amsl.com (Postfix) with ESMTP id 5756C3A6826; Wed, 9 Feb 2011 18:12:14 -0800 (PST)
Received: from dm-sfbay-01.sfbay.sun.com ([129.145.155.118]) by brmea-mail-1.sun.com (8.13.6+Sun/8.12.9) with ESMTP id p1A2CNED010121; Thu, 10 Feb 2011 02:12:24 GMT
Received: from gotmail.us.oracle.com (gotmail.us.oracle.com [10.133.152.174]) by dm-sfbay-01.sfbay.sun.com (8.13.8+Sun/8.13.8/ENSMAIL,v2.4) with ESMTP id p1A2CNAY002395; Wed, 9 Feb 2011 18:12:23 -0800 (PST)
MIME-version: 1.0
Content-disposition: inline
Content-type: text/plain; charset="utf-8"; format="flowed"
Received: from [10.145.239.205] (nifty-silver.us.oracle.com [10.145.239.205]) by gotmail.sfbay.sun.com (Oracle Communications Messaging Exchange Server 7u5-2.03 64bit (built Feb 6 2011)) with ESMTPSA id <0LGD00C4NQ4JD700@gotmail.sfbay.sun.com>; Wed, 09 Feb 2011 18:12:22 -0800 (PST)
Date: Wed, 09 Feb 2011 18:12:18 -0800
From: Chris Newman <chris.newman@oracle.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>, tls@ietf.org
Message-id: <D8B3FDB7A62612A570324BEB@nifty-silver.us.oracle.com>
In-reply-to: <4CD76B1B.5030308@ericsson.com>
References: <4CD76B1B.5030308@ericsson.com>
X-Mailer: Mulberry/4.0.8 (Mac OS X)
Content-transfer-encoding: quoted-printable
Cc: tsvwg <tsvwg@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Feb 2011 02:12:15 -0000

I know I'm very late on this topic, but my position differs from others so 
I'll comment.

I can not deny that separate-port for SSL is simpler to implement on the 
server side (having done both). Since the odds of security bugs increases 
with the amount of code, I must conclude that separate-port SSL is more 
secure for _implementers_ and _implementations_ for that reason alone.

However, I believe STARTTLS is more secure for _operators_ and 
_administrators_. The separate port model creates an illusion that there is 
a "secure" and "insecure" variant of the protocol and that a single 
firewall setting magically makes the application secure. In general, this 
is not true. Most servers have several security settings and the default 
settings have to compromise between common practice, secure-by-default 
practice, deployability, management complexity and usability. There is, in 
general, no way to make a server installation secure for a given site other 
than to understand the security settings that server provides and set them 
properly.

A protocol that uses STARTTLS thus has the advantage of forcing the 
administrator/operator to look at the server's security settings to make 
the installation secure, thus increasing the odds of success relative to 
the separate-port model where an administrator might falsely assume they're 
done after blocking the non-SSL port.

While I think the judgment call is close for separate-port-SSL-vs-STARTTLS, 
I prefer STARTTLS weighing all the factors.

And for the record I'm responsible for TLS integration into a server 
product and maintain all the relevant code and find STARTTLS maintenance 
annoying. I'm also author of RFC 2595, so perhaps that balances out my bias 
as an implementer. ;-)

It's also my opinion that a high quality client should use a "latched" 
model by default. If the client ever sees "STARTTLS" advertised and 
negotiates it successfully, the client records the fact in a local 
operations file that it used STARTTLS with server X. Subsequent to that it 
will require STARTTLS with server X and not back off. I will note that 
implementation strategy is simpler with the STARTTLS model than with the 
separate port model.

As an aside, there is no interoperable specification for use of TLS client 
certificate authentication with the "pops" protocol (does it start in 
not-authenticated state and require an AUTH EXTERNAL, or does it start in 
authenticated state -- no way to distinguish the two cases). However, use 
of TLS client certificate authentication with POP+STLS according to written 
rules in RFC 2595 does interoperate.

		- Chris

--On November 8, 2010 11:14:35 +0800 Magnus Westerlund 
<magnus.westerlund@ericsson.com> wrote:

> TLS experts,
>
> There currently a WG last call ongoing in on the IANA Procedures for the
> Management of the Service Name and Transport Protocol Port Number
> Registry update document.
> https://datatracker.ietf.org/doc/draft-ietf-tsvwg-iana-ports/
>
> A WG last call comment on this document was raised by Paul Hoffman:
> http://www.ietf.org/mail-archive/web/tsvwg/current/msg10305.html
>
> My summary of that comment is that STARTTLS for SMTP (RFC 3207) has
> shown to have some security issues, be complexer to implement than using
> two ports and thus less popular. Thus the registration rules should be
> less restrictive in assigning an additional port for TLS version of
> services/applications/protocols.
>
> The downside of less restrictive port allocation rules is that the port
> space will be consumed at a higher rate. Thus there is need to determine
> what is the most suitable trade-off here.
>
> Clearly if the security issues are serious when one multiplex TLS and
> non-secured version of the protocol on the same port we must allow such
> port allocations. However if the issues are minor and the primarily
> issue is implementation complexity then saving the limited port space is
> probably more important.
>
> Your input into these questions would be very appreciated.
>
> Thanks
>
> Magnus Westerlund
>
> ----------------------------------------------------------------------
> Multimedia Technologies, Ericsson Research EAB/TVM
> ----------------------------------------------------------------------
> Ericsson AB                | Phone  +46 10 7148287
> Färögatan 6                | Mobile +46 73 0949079
> SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com
> ----------------------------------------------------------------------
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email