Re: [TLS] Broken browser behaviour with SCADA TLS

Peter Gutmann <> Tue, 10 July 2018 00:33 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AB869130E70 for <>; Mon, 9 Jul 2018 17:33:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.8
X-Spam-Status: No, score=-2.8 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id l9w0vEMypuEP for <>; Mon, 9 Jul 2018 17:33:22 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 14DFD127148 for <>; Mon, 9 Jul 2018 17:33:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=mail; t=1531182802; x=1562718802; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=KzTNp6qjbkFF6b06zZxCZieyxbryvkT+28KYeyu5SDc=; b=1xOQfv52Bpa4auTkj5Xuvi4hIEwRkKsdkWd0bXbLYghx1HOCoIYraNns KogpBX1TFVK3drn7TlykhufHoio+wZ108st0ffIKekwyguvAqsqrfplhE Qd3eLNkL1B4MeRvEe47MWsyadXDvPoOrl87YcTlUKA/PyCCqSOcJzIkVz e3CZpyxbe1krQOKf+r4gJ6m4LyEWZSROMUcLQutaoTyJDiXVyM7MN+ldj 6bBSaGuDbg0RB5gL2ifujTwWGj8Q4r4y1z5Pz4PSlwA4FBgByhCSfhCcz dLMh5vfcteVjwIVy4IwKLPsJDrjoj1p9qUWLq11UFcjvYPFsA9nFwiij2 A==;
X-IronPort-AV: E=Sophos;i="5.51,332,1526299200"; d="scan'208";a="20452134"
X-Ironport-Source: - Outgoing - Outgoing
Received: from (HELO ([]) by with ESMTP/TLS/AES256-SHA; 10 Jul 2018 12:33:19 +1200
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 10 Jul 2018 12:33:19 +1200
Received: from ([]) by ([]) with mapi id 15.00.1263.000; Tue, 10 Jul 2018 12:33:19 +1200
From: Peter Gutmann <>
To: Hubert Kario <>, "" <>
Thread-Topic: [TLS] Broken browser behaviour with SCADA TLS
Date: Tue, 10 Jul 2018 00:33:19 +0000
Message-ID: <>
References: <> <> <>, <>
In-Reply-To: <>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [TLS] Broken browser behaviour with SCADA TLS
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 10 Jul 2018 00:33:25 -0000

Hubert Kario <> writes:

>There Is No Such Thing As A Trusted Network

I didn't say "trusted network", I said "isolated, private network".  The type
where, if an attacker has got to the point where they have physical access to
the area where the network is, they can do far more damage via any kind of
non-network attack than they could by hauling in computing equipment and
sitting there for hours or days trying to attack the crypto on a particular

In addition, the security doesn't have to be theoretically perfect, just good
enough.  An isolated network is frequently deemed secure enough, taking into
account the resources being protected, cost to an attacker, likelihood of an
attack via that channel, etc.  It's typically much easier to control access to
a network than to secure every single endpoint on that network, particularly
when half of them are a zoo of ethernet-to-something-else converters (if you
want to see a mess of interesting TLS, look at industrial
RS422/485/Profibus/Modbus/Fieldbus/etc to ethernet converters and TCP
gateways, some of those are examples I've used - anonymously - in previous

The best example of this, which I've mentioned in the past because it's nicely
illustrative, was a ventilator control that used a 512-bit key for its TLS
(16-bit device, and it took about 30s for the connection to be established,
the key size was chosen because it was all the hardware could handle).

This was perfectly adequate, to get access to it you'd need to break into the
facility, get to a network port, grab the key from the device, break out
again, go away and factor it, break in again, get to the network port, fire up
your attack device, and then... you could switch a ventilator on or off.

You could also do that by walking down the corridor and flipping a switch.

In either case, you've now turned a ventilator in an occasionally-used stock
room on or off.  Even the 512-bit key was overkill.