Re: [TLS] The risk of misconfiguration

Andrei Popov <Andrei.Popov@microsoft.com> Tue, 06 May 2014 22:48 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37ED11A0660 for <tls@ietfa.amsl.com>; Tue, 6 May 2014 15:48:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R038ZiFgZa3I for <tls@ietfa.amsl.com>; Tue, 6 May 2014 15:48:51 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0239.outbound.protection.outlook.com [207.46.163.239]) by ietfa.amsl.com (Postfix) with ESMTP id 9A8C31A0650 for <tls@ietf.org>; Tue, 6 May 2014 15:48:51 -0700 (PDT)
Received: from BL2PR03MB419.namprd03.prod.outlook.com (10.141.92.18) by BL2PR03MB418.namprd03.prod.outlook.com (10.141.92.13) with Microsoft SMTP Server (TLS) id 15.0.934.12; Tue, 6 May 2014 22:48:47 +0000
Received: from BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) by BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) with mapi id 15.00.0939.000; Tue, 6 May 2014 22:48:46 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Alyssa Rowan <akr@akr.io>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] The risk of misconfiguration
Thread-Index: AQHPaVw1+uUO+uu4GEGictF7fUtCx5sz5lUAgAA88mA=
Date: Tue, 6 May 2014 22:48:46 +0000
Message-ID: <8b505f49d3f846ddac8b26964e330622@BL2PR03MB419.namprd03.prod.outlook.com>
References: <CACsn0cnvV9c5aH5p8cD1fJEzF4dmNXBaEaHCfkX82AZqKOUYaQ@mail.gmail.com> <53692FC2.1060009@akr.io>
In-Reply-To: <53692FC2.1060009@akr.io>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e0:ee43::3]
x-forefront-prvs: 0203C93D51
x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(6009001)(428001)(24454002)(189002)(199002)(479174003)(377454003)(13464003)(15975445006)(33646001)(92566001)(74662001)(31966008)(77096999)(74502001)(50986999)(99396002)(99286001)(19580395003)(19580405001)(85852003)(575784001)(83322001)(83072002)(86362001)(81542001)(54356999)(76576001)(81342001)(76482001)(79102001)(77982001)(101416001)(20776003)(64706001)(4396001)(76176999)(21056001)(2656002)(74316001)(46102001)(86612001)(80022001)(87936001)(3826001)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BL2PR03MB418; H:BL2PR03MB419.namprd03.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/GSwuTDPrSfgF5zaf8JobOeZzt1Y
Subject: Re: [TLS] The risk of misconfiguration
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 May 2014 22:48:54 -0000

Here are a couple scenarios I'm aware of that require NULL ciphers:
1. Protocols that implement their own encryption, but run within TLS channels (to get through middle boxes). Double encryption is wasteful, therefore NULL ciphers can be negotiated in this case.
2. Various cases where confidentiality is not required, or is not achievable by means of encryption (e.g. constrained devices sending out periodic pings).

However, it seems reasonable to disable NULL ciphers in the default configuration.

I have nothing to say in support of the EXPORT ciphers:)

Cheers,

Andrei

-----Original Message-----
From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Alyssa Rowan
Sent: Tuesday, May 6, 2014 11:54 AM
To: tls@ietf.org
Subject: Re: [TLS] The risk of misconfiguration

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 06/05/2014 19:48, Watson Ladd wrote:

> I think the number of people who accidentally enabled ADH is an order 
> of magnitude more than those who actually wanted it.

+1. I never saw anyone enable ADH, NULL or EXPORT cipher suites
actually on purpose. I have definitely seen people do it by accident.

The mere presence of NULL ciphersuites is dangerous: someone might actually use them, and that's basically never a good idea.

Take them out; keep them out; don't put them back in.

- --
/akr
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTaS/CAAoJEOyEjtkWi2t6q34P/j5QX4BBRJLusLx3cevVdxmM
JXHnhPDY+ovbHSs1XkASJAS4x/k40IN2maj+8E47Me/ZsTriJd8659vq9jxQeTT4
f04TBYGphcBQupZg136CVcsA1WSFiWo1UfXffW8oRAQfU2CpVdeKb/0IFLgQ64sa
G37UAxFtKTnFVtrec1Q5tdwfSdc6nEP2zbzpaAVB96vqJuel/bNtOFQM44CriPQ3
LbtIX3MMh0qfBAxwmTwe9+YahzGuCxIAStHwJl4JD3ReTJHlo/lxlDNIVt46nkzv
HYB3moJ1tDlzpFn0xWNQHrKcN5GtotktsV12Uyq91DvAd6U/CHQD13h9cO5OmCDT
Sb+S+0OmHeXah6A0zBe7DSJS+yf4pqjQazFaQyP6z0SLdh4krhvKP2hGiuDvTMyf
b2WVOmd1ThitIqoFYfS8VhpbEOFrUDl4y6LYAEJgqCET20BK5Qal0doENrsTE260
57oFR7wygJpc4Y5yGZ4sWfOqRuowbJm7ZSdYguMv2VuS84M3BdhFHaitYyrEbZRR
9r6uuZR7d+VIR9nhLYXTFK9I4B2DDr6joLaVTzDB4W2tf6xHL2RsIRXnwCj3UdAQ
XOHKtnQ+RCsHCUUetKsOx8Arc7IQb5R4f/qPF3bvhWWc4Q7dJevXcViz7eWaJ9MZ
BK5q7JpBLXskyfIpToPR
=DOKC
-----END PGP SIGNATURE-----

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls