Re: [TLS] Security concerns around co-locating TLS and non-secure
Marsh Ray <marsh@extendedsubset.com> Tue, 09 November 2010 22:21 UTC
Return-Path: <marsh@extendedsubset.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5F7473A68B2; Tue, 9 Nov 2010 14:21:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.69
X-Spam-Level:
X-Spam-Status: No, score=-2.69 tagged_above=-999 required=5 tests=[AWL=-0.091, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EfnlxAjm76Hr; Tue, 9 Nov 2010 14:21:02 -0800 (PST)
Received: from mho-02-ewr.mailhop.org (mho-02-ewr.mailhop.org [204.13.248.72]) by core3.amsl.com (Postfix) with ESMTP id 5EDE03A6A08; Tue, 9 Nov 2010 14:21:00 -0800 (PST)
Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-02-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from <marsh@extendedsubset.com>) id 1PFwZB-0005Yf-9J; Tue, 09 Nov 2010 22:21:25 +0000
Received: from [192.168.1.15] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id F3E2E6019; Tue, 9 Nov 2010 22:21:22 +0000 (UTC)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 69.164.193.58
X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX19nsyo9ZH1uZTE5Pf6vG3GViGaqU/cH0Xw=
Message-ID: <4CD9C963.1030700@extendedsubset.com>
Date: Tue, 09 Nov 2010 16:21:23 -0600
From: Marsh Ray <marsh@extendedsubset.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.15) Gecko/20101027 Thunderbird/3.0.10
MIME-Version: 1.0
To: mrex@sap.com
References: <201011092131.oA9LVj4U000789@fs4113.wdf.sap.corp>
In-Reply-To: <201011092131.oA9LVj4U000789@fs4113.wdf.sap.corp>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: paul.hoffman@vpnc.org, tls@ietf.org, tsvwg@ietf.org
Subject: Re: [TLS] Security concerns around co-locating TLS and non-secure
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2010 22:21:04 -0000
On 11/09/2010 03:31 PM, Martin Rex wrote: > Marsh Ray wrote: >> >> Does it have implications for session resumption I wonder? > > I really do not think so. For a sensible implementation of > client-side TLS session caching, it is always necessary to > know the original target hostname&protocol/port, and not the > naked target IP address& port on the connected socket. > >> Not so much for the protocol itself, but for what you get with the >> straightforward use of a normal TLS library. > > I don't know what you mean by "normal TLS library". In the abstraction > that I provide to our application callers, I do not offer a connect > capability Yeah, that's not normal. :-) > -- it is the task of the application to provide a fully > connected socket that is ready for starting the SSL/TLS handshake. ... > Letting a TLS library do network reads and writes directly is a > completely seperate issue from how is a communication channel > established (and closed) and how to get to the exact point in > the communication where the TLS handshake can be started. In theory. In practice, most app developers seem to use an HTTP/HTTPS client library. Client apps making plain TLS connections seem to fall in to two classes: 1. Those that pass a hostname and port into the library and have the library handle DNS lookup and sockets. 2. Those that are vulnerable because nobody checks the CN on the cert. At this point, everybody in this group thinks to themselves: "well I've written a client or three that does it correctly". You are the exceptions to the rule. We would not let any of our friends make that mistake either, so we also end up not knowing anyone who writes class 2 apps. But look around online. There are far more SSL client apps than there are apps which parse names out of x509 certificates. For example searching for "openssl connect" vs "openssl x509": http://www.google.com/codesearch?hl=en&lr=&q=openssl+connect&sbtn=Search Results 1 - 10 of about 99,800 http://www.google.com/codesearch?hl=en&lr=&q=%22openssl%2Fx509%22&sbtn=Search Results 1 - 10 of 6,970. There are probably more accurate ways to search that, but they all indicated that calling SSL/TLS functions was significantly more popular than parsing x509. It's not their fault. Read the OpenSSL docs, there's hardly any explanation about the need to check x509 fields in the server's cert and your client still runs fine if you don't do it. > Since the application will usually implement/provide things like > HTTP proxy-traversal (with optional proxy password) Most apps use HTTPS libraries for that, or don't implement it at all. > Since a lot of applications includes support for non-TLS protocols, > it is much easier to have the application perform all select()/poll() > operations, including connect() and listen(), and in particular > when doing the latter asynchronously. This also facilitates > consistent error handling&visualizations for network errors. Right, these are the "class 2" apps. More often than not, they don't properly check the name on the server's cert. Don't even ask about cert revocation handling and such. Higher level APIs like to present SSL sockets and connection methods with the same interface as the plain sockets. This might work OK as long as the API sees the host and port names. Once the app grows a little in complexity, say by doing its own DNS resolution, then it may silently become vulnerable. This might make another argument against starttls, albeit a weak one. A raw TLS client app written by an non-TLS-expert developer that does everything perfectly is a rare bird indeed. - Marsh
- [TLS] Security concerns around co-locating TLS an… Magnus Westerlund
- Re: [TLS] Security concerns around co-locating TL… Michael D'Errico
- Re: [TLS] Security concerns around co-locating TL… Paul Hoffman
- Re: [TLS] Security concerns around co-locating TL… Magnus Westerlund
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Geoffrey Keating
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Richard Hartmann
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Richard Hartmann
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Bill Frantz
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Bill Frantz
- Re: [TLS] Security concerns around co-locating TL… Steingruebl, Andy
- Re: [TLS] Security concerns around co-locating TL… t.petch
- Re: [TLS] Security concerns around co-locating TL… Michael D'Errico
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… t.petch
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Michael D'Errico
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Yoav Nir
- Re: [TLS] Security concerns around co-locating TL… Nelson B Bolyard
- Re: [TLS] Security concerns around co-locating TL… Peter Saint-Andre
- Re: [TLS] Security concerns around co-locating TL… Bill Frantz
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Michael D'Errico
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Juho Vähä-Herttua
- Re: [TLS] Security concerns around co-locating TL… Juho Vähä-Herttua
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Michael D'Errico
- Re: [TLS] Security concerns around co-locating TL… Nikos Mavrogiannopoulos
- Re: [TLS] Security concerns around co-locating TL… t.petch
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Michael D'Errico
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Chris Newman
- Re: [TLS] Security concerns around co-locating TL… Nico Williams
- Re: [TLS] Security concerns around co-locating TL… Matt DeMoss
- Re: [TLS] Security concerns around co-locating TL… Yoav Nir
- Re: [TLS] Security concerns around co-locating TL… Joe Touch