Re: [TLS] tickets or sesssions or both (oh my)

"Richard Fussenegger, BSc" <richard@fussenegger.info> Thu, 04 September 2014 11:28 UTC

Return-Path: <richard@fussenegger.info>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F18D21A7033 for <tls@ietfa.amsl.com>; Thu, 4 Sep 2014 04:28:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fxbE79b2gIJ8 for <tls@ietfa.amsl.com>; Thu, 4 Sep 2014 04:28:32 -0700 (PDT)
Received: from mx205.easyname.com (mx205.easyname.com [212.232.28.126]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C822E1A702D for <tls@ietf.org>; Thu, 4 Sep 2014 04:28:31 -0700 (PDT)
Received: from 89-26-76-175.goll.dyn.salzburg-online.at ([89.26.76.175] helo=[192.168.0.11]) by mx.easyname.eu with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <richard@fussenegger.info>) id 1XPVDH-00007D-Q5; Thu, 04 Sep 2014 13:28:30 +0200
Message-ID: <54084CCD.3020307@fussenegger.info>
Date: Thu, 04 Sep 2014 13:28:13 +0200
From: "Richard Fussenegger, BSc" <richard@fussenegger.info>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.1.0
MIME-Version: 1.0
To: Hubert Kario <hkario@redhat.com>
References: <2A0EFB9C05D0164E98F19BB0AF3708C71D1204BE08@USMBX1.msg.corp.akamai.com> <540728CE.6080305@fussenegger.info> <1589581250.42632708.1409761318984.JavaMail.zimbra@redhat.com> <5407460F.1030707@fussenegger.info> <1474051094.43389347.1409763944473.JavaMail.zimbra@redhat.com> <5407543F.9020209@fussenegger.info> <15972987.43899141.1409770832774.JavaMail.zimbra@redhat.com> <54076BE7.7070500@fussenegger.info> <2001913258.501023.1409828249685.JavaMail.zimbra@redhat.com>
In-Reply-To: <2001913258.501023.1409828249685.JavaMail.zimbra@redhat.com>
Content-Type: multipart/alternative; boundary="------------020508090505030204060100"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/D9l3GJQ2OrJzTPmBtYRuf89-rC8
Cc: tls@ietf.org
Subject: Re: [TLS] tickets or sesssions or both (oh my)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Sep 2014 11:28:34 -0000

On 9/4/2014 12:57 PM, Hubert Kario wrote:
>
>
> ------------------------------------------------------------------------
>
>     *From: *"Richard Fussenegger, BSc" <richard@fussenegger.info>
>     *To: *"Hubert Kario" <hkario@redhat.com>
>     *Cc: *tls@ietf.org
>     *Sent: *Wednesday, September 3, 2014 9:28:39 PM
>     *Subject: *Re: [TLS] tickets or sesssions or both (oh my)
>
>     On 9/3/2014 9:00 PM, Hubert Kario wrote:
>
>
>         I haven't analysed the attack in detail, but wouldn't a
>         straight forward implementation of tickets have the same issue?
>
>     Yes, both approaches have the same issue and it's something that
>     developers have to fix in general. Just like the fail to implement
>     rotation, but at least a tech savvy admin can fix the rotation
>     problem (e.g. via a cron job that restarts the server, although
>     loosing decryption capability for the last used key). Only the
>     developers are able to fix the virtual host confusion problem. I
>     may look into this as well, but I'm not a dedicated C developer
>     and this looks like a bigger problem.
>
>
>
> actually, from what I read, current upstream Apache does save the 
> ticket encryption key to disk, so it is persistent across restarts of 
> service
>
I was of course mainly referring to nginx. I have absolutely no 
experience with Apache httpd in the last two years. I guess the Apache 
devs wanted the ability to decrypt old tickets upon restart. Something 
the nginx devs haven't given any thought as it seems. The complete nginx 
ticket system is fully built upon the provided OpenSSL functionality. 
Although a file based ticket key system found it's way to the mainline 
version.

Richard