IETF Logo Mail Archive

Re: [TLS] New version of Multiple OCSP mode of Certificate Status

Marsh Ray <marsh@extendedsubset.com> Wed, 04 August 2010 18:30 UTC

Return-Path: <marsh@extendedsubset.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 01CC53A68DB; Wed, 4 Aug 2010 11:30:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.941
X-Spam-Level:
X-Spam-Status: No, score=-1.941 tagged_above=-999 required=5 tests=[AWL=0.658, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nEhpuc61JaTd; Wed, 4 Aug 2010 11:30:23 -0700 (PDT)
Received: from mho-01-ewr.mailhop.org (mho-01-ewr.mailhop.org [204.13.248.71]) by core3.amsl.com (Postfix) with ESMTP id DFF3B3A691B; Wed, 4 Aug 2010 11:30:22 -0700 (PDT)
Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-01-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from <marsh@extendedsubset.com>) id 1Ogijs-000GLa-9V; Wed, 04 Aug 2010 18:30:52 +0000
Received: from [192.168.1.15] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id 06EDE6084; Wed, 4 Aug 2010 18:30:51 +0000 (UTC)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 69.164.193.58
X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX1/eWaLq3ctLwTMNu0nG6eAy8cMdeTIN0k4=
Message-ID: <4C59B1DB.9010306@extendedsubset.com>
Date: Wed, 04 Aug 2010 13:30:51 -0500
From: Marsh Ray <marsh@extendedsubset.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.11) Gecko/20100713 Thunderbird/3.0.6
MIME-Version: 1.0
To: Adam Langley <agl@imperialviolet.org>
References: <op.vgw4c5afvqd7e2@killashandra.oslo.osa> <201008041747.o74HlmWa004600@fs4113.wdf.sap.corp> <AANLkTik-p__N7mCE2ARwV=C3GD99ahOjZEYFR84zUTiG@mail.gmail.com>
In-Reply-To: <AANLkTik-p__N7mCE2ARwV=C3GD99ahOjZEYFR84zUTiG@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: pkix@ietf.org, tls@ietf.org
Subject: Re: [TLS] New version of Multiple OCSP mode of Certificate Status
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Aug 2010 18:30:25 -0000

On 08/04/2010 01:01 PM, Adam Langley wrote:
> On Wed, Aug 4, 2010 at 1:47 PM, Martin Rex<mrex@sap.com>  wrote:
>> Using any information in certificates that have not been verified to
>> perform resource-intensive operations is a security problem.  But
>> accessing an arbitrary URL presented in an completely unverified
>> End-Entity certificate is a "Freddy Krueger" waiting for his next victim.
>
> That seems a little hyperbolic. Accessing completely unverified URLs
> is something that browsers do for every single web page.

So if someone sent you a list of every known attack site you'd see no 
problem with visiting them all?

What if the attacker got to choose just one for you to visit?

Just got back from Defcon, the "top tweet" was "I strongly recommend 
against hitting jailbreakme.com from the #defcon wifi. Modifying that 
payload for malicious pwnage is not hard."
https://twitter.com/esizkur/status/20089522350

This is where the "in theory/practice there is/is not a difference 
between practice/theory" gets real. Probably the best approximation of 
the truth is somewhere in between.

Retrieving a cert via HTTP as part of the validation process is surely 
not as risky as running a web page with all types of active content and 
3rd party plugins, and if there's an exploitable bug in those lower HTTP 
or X509 layers, you're probably already owned.

But this isn't the kind of risk that's statistical, like earthquakes or 
meteors. The attacker gets to choose nearly all of the inputs to the 
transaction. He can thus select the tiniest, most vulnerable, part of 
the possible parameter space and only needs to be right once.

So is seems to me the best design principle is to avoid unnecessary 
interactions with unverified servers and handling unverified data as 
much as practical. When it's done, it should be with at least some 
justification and an acknowledgement it's a risk/benefit tradeoff.

- Marsh

v2.23.0 | Report a Bug | By Email