IETF Logo Mail Archive

Re: [TLS] Fingerprinting weaknesses (was: The risk of misconfiguration)

Watson Ladd <watsonbladd@gmail.com> Wed, 07 May 2014 23:12 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94C0A1A0427 for <tls@ietfa.amsl.com>; Wed, 7 May 2014 16:12:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QGB2KKTnjkpg for <tls@ietfa.amsl.com>; Wed, 7 May 2014 16:12:45 -0700 (PDT)
Received: from mail-yk0-x236.google.com (mail-yk0-x236.google.com [IPv6:2607:f8b0:4002:c07::236]) by ietfa.amsl.com (Postfix) with ESMTP id 125141A03F4 for <tls@ietf.org>; Wed, 7 May 2014 16:12:45 -0700 (PDT)
Received: by mail-yk0-f182.google.com with SMTP id 9so1472393ykp.13 for <tls@ietf.org>; Wed, 07 May 2014 16:12:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Owm5h9FXccj9YsbtcbojggsnXl+tZkKwy0PxWQIMo6g=; b=Hxv8lhxIHukU2kysZzXl1xpJrUk8F+puwo8l4QzhYrK0Yyas6sGQQMtxqUWB3y3ZK3 /Jj/U7FeuD35iK9M9p0ipgj1ElA9w1KE4sC24EcYJpS+UmuoDpP32BTRdnel+AsXmwcv ISLCFTXdfM8yxflzxftUo4DMv0S4O5ECRtiktvNQkvJS0ckUFEr729QCt4op8zxKsEwa vCZNSfsa8wt8Y8ncWqqr4SDqWXN0xZC5VUquxBMR1hnCtsrlWbPEXvMuzn9N/Y7/yvHq J4CGQWBLjHE8L766TtBzt7ZYnFBX8P8Kp+Ucg1Mu8U9n3fVmoBp2q+Aawbhk9MQyJchE RUSA==
MIME-Version: 1.0
X-Received: by 10.236.137.8 with SMTP id x8mr153297yhi.4.1399504360775; Wed, 07 May 2014 16:12:40 -0700 (PDT)
Received: by 10.170.63.197 with HTTP; Wed, 7 May 2014 16:12:40 -0700 (PDT)
In-Reply-To: <CAK3OfOhOPi1a=rxKZAcwpFNtiBKAUnBRjnNUkw3y0buBm4vg8w@mail.gmail.com>
References: <CACsn0cnvV9c5aH5p8cD1fJEzF4dmNXBaEaHCfkX82AZqKOUYaQ@mail.gmail.com> <CAK3OfOgYr7d88iuxhXZcos55ymg0i_Q_GHNcXB+w7GRUaEj0bw@mail.gmail.com> <536A67D9.2070302@pobox.com> <CAK3OfOjTehkbKMg40_ZXGXOVjyHHY7UrxLmpyr7Mz00rRo+RLQ@mail.gmail.com> <536A6F8C.7020702@akr.io> <20140507181651.GX27883@mournblade.imrryr.org> <536A7AAE.9030801@akr.io> <20140507184748.GY27883@mournblade.imrryr.org> <536A83A2.3070701@akr.io> <CAK3OfOhOPi1a=rxKZAcwpFNtiBKAUnBRjnNUkw3y0buBm4vg8w@mail.gmail.com>
Date: Wed, 07 May 2014 16:12:40 -0700
Message-ID: <CACsn0cm+YQfAUArGgQTpeNHCv7toW7hQ+Q77J0GNKbo6ZzsN3Q@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Nico Williams <nico@cryptonector.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/BCh4OU1FDQXzLf4TjSvicOWTdRk
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Fingerprinting weaknesses (was: The risk of misconfiguration)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 May 2014 23:12:46 -0000

On Wed, May 7, 2014 at 3:07 PM, Nico Williams <nico@cryptonector.com> wrote:
> On Wed, May 7, 2014 at 2:04 PM, Alyssa Rowan <akr@akr.io> wrote:
>> On 07/05/2014 19:47, Viktor Dukhovni wrote:
>>
>>> This is not a compelling reason to remove protocol capabilities.
>>
>> I think that they are insecure _is_ a compelling reason: we seem
>> simply to disagree on that point.
>
> I disagree with your characterization.
>
>> More interestingly:
>>
>>> Cipher-suite signalling is just one of many ways that Mallory can
>>> determine which clients she can attack undetected.
>
> No.  Mallory can only see that anon ciphersuites where offered.
> Mallory cannot conclude from this that anon ciphersuites will be
> accepted (the peer might disconnect if an anon ciphersuite is
> negotiated) nor can Mallory conclude that channel binding (or renengo)
> won't be used in that session.  It's always a risk for Mallory to
> attempt an MITM attack.

So they do the MITM, see that SASL is being used, the connection
breaks, and then what?

Or they do the MITM, the peer disconnects because they didn't really
mean it anyway, and then what?

Sincerely,
Watson Ladd

>
> Nico
> --
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin

v2.23.0 | Report a Bug | By Email