Re: [TLS] TLS, PKI,
Kyle Hamilton <aerowolf@gmail.com> Fri, 16 July 2010 01:52 UTC
Return-Path: <aerowolf@gmail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2F82D3A67EE for <tls@core3.amsl.com>; Thu, 15 Jul 2010 18:52:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.74
X-Spam-Level:
X-Spam-Status: No, score=-0.74 tagged_above=-999 required=5 tests=[BAYES_20=-0.74]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x8IbrmjM35Vy for <tls@core3.amsl.com>; Thu, 15 Jul 2010 18:52:22 -0700 (PDT)
Received: from mail-pv0-f172.google.com (mail-pv0-f172.google.com [74.125.83.172]) by core3.amsl.com (Postfix) with ESMTP id D44453A63D3 for <tls@ietf.org>; Thu, 15 Jul 2010 18:52:22 -0700 (PDT)
Received: by pvd12 with SMTP id 12so780989pvd.31 for <tls@ietf.org>; Thu, 15 Jul 2010 18:52:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type; bh=BBhMJQZG5Dg6uhG77CmTw6E2I4LpfD4NikrGHCpoR2c=; b=i9qh7dahoq9aQV3/VCagfkVkFdCFqpT/kgOFbCOiyqlx1H4V/426RWgXgkW3lXB50F ZewVL4Y7ctCWGLn0AtEwllPy9juA9TsUTqYXklIJBK/tTRlmLmb9UsQG/50VpYF+ix3+ 6p7mvGUoekMPjS9GIrNxiqUKF14/1qguINy2I=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type; b=SqVh3N/kMKH9bkBosRbE+ptWVDKFbEj8sJxN44TS5tyS9WwJ4NsGlPMVNyUHgWBRk7 hg8fMNd99FnvzWn+pk8h2n+mytIt5UdFD3ddUIu9P3U8TAJ2OxbpvB2MNUABaxE9+hGw wpfW3hNcCQzd6i0z5kijupi82Hy8w4Liw7Tvk=
Received: by 10.114.112.18 with SMTP id k18mr464246wac.133.1279245150993; Thu, 15 Jul 2010 18:52:30 -0700 (PDT)
Received: from [192.168.1.165] (c-76-103-146-6.hsd1.ca.comcast.net [76.103.146.6]) by mx.google.com with ESMTPS id s5sm13523033wak.12.2010.07.15.18.52.29 (version=SSLv3 cipher=RC4-MD5); Thu, 15 Jul 2010 18:52:30 -0700 (PDT)
Message-ID: <4C3FBB5C.2020401@gmail.com>
Date: Thu, 15 Jul 2010 18:52:28 -0700
From: Kyle Hamilton <aerowolf@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.4) Gecko/20100608 Lightning/1.0b2 Thunderbird/3.1 ThunderBrowse/3.3
MIME-Version: 1.0
To: tls@ietf.org
References: <201007140006.o6E06JUx017259@fs4113.wdf.sap.corp> <4C3D15C5.1090307@REDHAT.COM>
In-Reply-To: <4C3D15C5.1090307@REDHAT.COM>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms080805050309050702050207"
Subject: Re: [TLS] TLS, PKI,
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jul 2010 01:52:24 -0000
On 7/13/10 6:41 PM, Robert Relyea wrote: > On 07/13/2010 05:06 PM, Martin Rex wrote: >> Robert Relyea wrote: >> >>> It seems these are complaining about yesterday's UI. Most browsers no >>> longer use pop-up menus. You have to be quite aggressive to get through >>> the current screens. >>> >>> The real problem, of course, is those sites that don't have valid certs. >>> Continuing to ratched down the ability to get to those sites is good for >>> the internet as a whole. Sites with invalid certs are just as dangerous >>> for the internet as MITM sites. >>> >> If SSHv1 would have required CA-signed X.509 certs in its initial >> shipment, it would have taken MUCH longer to become popular, if at all. >> > Compared to SSL, SSH is still not popular, which sort of negates your point. > > SSL is designed to allow you to make secure connections for the masses. >> -Martin >> Note that I'm writing this as a reply to Martin, but not directly *to* Martin. This is a major issue that I'm seeing, going through the archives. TLS has several modes which are unsupported by the members of this list: 1) A supported (by the standard) mode of "unauthenticated TLS" (neither the server nor the client offer or demand certificates). 2) Mutual Authentication -- it's supported by this group in the protocol, *except* that very few clients who actually have certificates typically don't have the marketing acumen to show just why they might be useful. 3) The classic "server authenticates, client doesn't" issue -- which relates to the massive "secure renegotiation" effort which could have been avoided had the TLS group coordinated with the PKIX group to figure out how to increase the use of initial-mutual-authentication -- and which would, at the least, require the PKIX group to realize that the adoption rate for publicly-useful (i.e., issued by publicly-recognized CAs) identity certificates is so low that their specification for them just happens to be useless for the Internet PKI, instead being useful only for the Corporate PKI. 4) There is a mode which is starkly, abjectly forbidden by the TLS specification (if the 'server' does not authenticate to the 'client', then any request by the 'server' for the 'client's certificate is closed with an unexpected_message alert.) I find it telling that the last time I brought this issue up, someone had the gall to suggest "well, in your application, just tell the connecting process that it's the server." I shouldn't have to, and the fact that a programmer must initiate a workaround means that it's a bug in the protocol. (Among other things, Nelson Bolyard said, when I mentioned implementing it, "That wouldn't be TLS, that'd be "Kyle Hamilton's TLS-like protocol".) You can place the blame for the failures of PKIX on the PKIX Working Group -- but you can't shift the blame for fact that you're forcing implementors to essentially create "the TLS-based protocol that has the property that the connector sends its certificate first" if they want to have their software use the same semantics that ipsec has had since its inception. Robert, you're right -- today's browsers no longer raise pop-up windows. Instead, they take you to a scary page that gives options to either "get me out of here" or "pop up the scarier window". This is a step *backwards* in usability. From my NPOV over the last 5 years that I have archives I can reach only a trio of conclusions: TLS WG has failed. PKIX WG has failed. IPsec WG has failed. And the reason for the failures has nothing to do with the quality of the work put out -- TLS WG, in particular, has done amazing things with what it's been given -- but because a system cannot be put together without a holistic, full-system integration of security, according to the policies which must be implemented (and which are *NOT* the purview of the protocol working group to pretend to know about ahead of time). These three WGs have failed to work together, and have failed to come up with a useful, usable, and interoperable infrastructure that grants maximum choice to the actual end-administration implementor. (Preferably with preconfigured "best practices" options, for different environments.) There's few, if any, "Best Practices" that have come out of any of these three groups -- all that have come out have been either Informational or Standards-Track RFCs. The last time I saw anything informational come out of the PKIX group, it was in order to put out a framework for guiding the creation and auditability of Certification Practice Statements and Certificate Policies -- which, by the way, doesn't provide ANY guidance to any sysadmin. I'll note, just for reference, and only because I did the count: X.509:08/2005 is 174 pages long, including 39 pages of text that is not characterized as being contained within any RFC ('non-normative annexes' and the roman-numeral pages at the beginning, a blank page, and the title page). That's 135 pages of actual normative content. RFC 5280, on the other hand, is 152 pages. This means... THE NORMATIVE INTERNET PROFILE FOR X.509 IS LARGER THAN NORMATIVE X.509 ITSELF. This is as close to 'insane' as I can find myself thinking about standards bodies (in this case, the PKIX WG). Please. Find a way to interact more with the other working groups that also use PKIX. Find a way to create a less-haphazard security infrastructure. Find a way to let either end "elect" to provide its certificate first, regardless of what role (listener/server or connector/client) it thinks it is. And find a way to let either end "elect" to request a certificate first. VNC paved the way for a new connection paradigm: let the server contact the client, and then the client acts as a client and the server acts as a server. This was typically useful for situations where there's no outbound firewall but there is an inbound firewall. So why can't we set something up like that? This would create something like the "push server" concept (remember 1995, how that was going to be the next big thing? It got supplanted by RSS, then ATOM), but we also have teredo IP NAT traversal nowadays so we can have peers behind firewalls talking with each other. (Granted, I'd rather teredo wasn't necessary, and I'd prefer that everyone move to IPv6. But still, we need to convince the US ISPs that IPv6 is actually necessary.) -Kyle H
- Re: [TLS] Eleven out of every ten SSL certs aren'… aerowolf
- [TLS] Eleven out of every ten SSL certs aren't va… Peter Gutmann
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
- Re: [TLS] Eleven out of every ten SSL certs aren'… Adam Langley
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Tim Dierks
- Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
- Re: [TLS] Eleven out of every ten SSL certs aren'… Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] Eleven out of every ten SSL certs aren'… Rob P Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Joshua Davies
- Re: [TLS] Eleven out of every ten SSL certs aren'… Yoav Nir
- Re: [TLS] Eleven out of every ten SSL certs aren'… aerowolf
- Re: [TLS] Eleven out of every ten SSL certs aren'… Rob P Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Nikos Mavrogiannopoulos
- Re: [TLS] Eleven out of every ten SSL certs aren'… Bill Daskaluk
- Re: [TLS] Eleven out of every ten SSL certs aren'… Tim Dierks
- Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Marsh Ray
- Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Tim Dierks
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Tim Dierks
- Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Marsh Ray
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Marsh Ray
- Re: [TLS] Eleven out of every ten SSL certs aren'… aerowolf
- Re: [TLS] Eleven out of every ten SSL certs aren'… Jeffrey A. Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Bruno Harbulot
- Re: [TLS] Eleven out of every ten SSL certs aren'… Bill Frantz
- Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Bruno Harbulot
- Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
- Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
- Re: [TLS] Eleven out of every ten SSL certs aren'… Marsh Ray
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Florian Weimer
- Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
- Re: [TLS] Eleven out of every ten SSL certs aren'… Bruno Harbulot
- Re: [TLS] Eleven out of every ten SSL certs aren'… Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
- Re: [TLS] Eleven out of every ten SSL certs aren'… Steffen Schulz
- Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
- Re: [TLS] Eleven out of every ten SSL certs aren'… aerowolf
- Re: [TLS] Eleven out of every ten SSL certs aren'… aerowolf
- Re: [TLS] Eleven out of every ten SSL certs aren'… Marsh Ray
- Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Seth David Schoen
- Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
- Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
- Re: [TLS] Eleven out of every ten SSL certs aren'… =JeffH
- Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
- Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
- Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
- Re: [TLS] Eleven out of every ten SSL certs aren'… Steingruebl, Andy
- Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
- Re: [TLS] Eleven out of every ten SSL certs aren'… Steingruebl, Andy
- [TLS] TLS, PKI, and web security. Was: Eleven out… Marsh Ray
- Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Peter Gutmann
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Marsh Ray
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Robert Relyea
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Bruno Harbulot
- Re: [TLS] TLS, PKI, Martin Rex
- Re: [TLS] TLS, PKI, Robert Relyea
- Re: [TLS] TLS, PKI, Marsh Ray
- Re: [TLS] TLS, PKI, Martin Rex
- Re: [TLS] TLS, PKI, Peter Gutmann
- Re: [TLS] TLS, PKI, Peter Gutmann
- Re: [TLS] TLS, PKI, Marsh Ray
- Re: [TLS] TLS, PKI, Bruno Harbulot
- Re: [TLS] TLS, PKI, Peter Gutmann
- Re: [TLS] TLS, PKI, Yoav Nir
- Re: [TLS] TLS, PKI, Yoav Nir
- Re: [TLS] TLS, PKI, Peter Gutmann
- Re: [TLS] TLS, PKI, Peter Gutmann
- Re: [TLS] TLS, PKI, Bruno Harbulot
- Re: [TLS] TLS, PKI, Robert Relyea
- Re: [TLS] TLS, PKI, Marsh Ray
- Re: [TLS] TLS, PKI, Martin Rex
- Re: [TLS] TLS, PKI, Steingruebl, Andy
- Re: [TLS] TLS, PKI, Kyle Hamilton
- Re: [TLS] TLS, PKI, Marsh Ray
- Re: [TLS] TLS, PKI, Peter Gutmann
- Re: [TLS] TLS, PKI, Bruno Harbulot
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Peter Gutmann
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Marsh Ray
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Peter Gutmann
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Ralph Holz
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Yoav Nir
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Nasko Oskov
- Re: [TLS] TLS, PKI, Martin Rex
- Re: [TLS] TLS, PKI, Martin Rex
- Re: [TLS] TLS, PKI, Peter Gutmann
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Kyle Hamilton