Re: [TLS] Deployment ... Re: This working group has failed
Andy Lutomirski <luto@amacapital.net> Tue, 19 November 2013 19:35 UTC
Return-Path: <luto@amacapital.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E47B1AE159 for <tls@ietfa.amsl.com>; Tue, 19 Nov 2013 11:35:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FUZZY_CPILL=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lHuKq7t9YRgv for <tls@ietfa.amsl.com>; Tue, 19 Nov 2013 11:35:40 -0800 (PST)
Received: from mail-pd0-f173.google.com (mail-pd0-f173.google.com [209.85.192.173]) by ietfa.amsl.com (Postfix) with ESMTP id 9F5A11AE1A0 for <tls@ietf.org>; Tue, 19 Nov 2013 11:35:40 -0800 (PST)
Received: by mail-pd0-f173.google.com with SMTP id p10so895439pdj.4 for <tls@ietf.org>; Tue, 19 Nov 2013 11:35:34 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=UgYXcWmh2HUtLn6IUZAvEgMPVMKe1WJ/+/ls0ewn3QM=; b=g8zukDpQ/RGIkIYT2DqP4ckF0BPsXySBBi0mATNVJ0UCKXT6rIMM9fsY6fI8yh+rLn cJD5Po9Vb8IedRxrKt8pn5AIrZ7kAXpvCuoFMxZE3vVZjvT1PBaE8ZK46Dt6NXVbws4D Usx/qRWWnszykfwyt12dQfH0Y18thaumDmbkNHG5IKTj/H4QXNW1+Z2cGNVuVVPNaA7n xgNmG0eC7jVdFnb7SmA27K4ljUSRSorhm4BYJRNZguTkA22nxGWsgyIDKVOKOj9r+gvt 6Scn9IxZAX3Y2oYzGjOHbv+5F26VOjZSCiil5Fyl8cPWZxM1zP59vCm7dvwJAwq+NnRN Yu1Q==
X-Gm-Message-State: ALoCoQkMaz6+gKOigZev2yBNvCEVPbC8fn6icbv+dYhK0wMrI6oUTW66sAtsxMlOajF9NFRWq6Fg
X-Received: by 10.66.129.169 with SMTP id nx9mr9617519pab.130.1384889734449; Tue, 19 Nov 2013 11:35:34 -0800 (PST)
Received: from amaluto.corp.amacapital.net (50-76-60-73-ip-static.hfc.comcastbusiness.net. [50.76.60.73]) by mx.google.com with ESMTPSA id er3sm32304928pbb.40.2013.11.19.11.35.33 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 19 Nov 2013 11:35:33 -0800 (PST)
Message-ID: <528BBD84.60700@amacapital.net>
Date: Tue, 19 Nov 2013 11:35:32 -0800
From: Andy Lutomirski <luto@amacapital.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: Zooko Wilcox-OHearn <zooko@leastauthority.com>, tls@ietf.org
References: <CACsn0c=i2NX2CZ=Md2X+WM=RM8jAysaenz6oCxmoPt+LC5wvjA@mail.gmail.com> <52874576.9000708@gmx.net> <CAPMEXDbgp5+Gg6mkMWNrcOzmAbSpv3kjftGV0cjpqvMnRxpw=A@mail.gmail.com> <44D7624E-75D8-47D3-93BF-97427206E800@iki.fi> <CACsn0c=9GrO21ECZczB2zft3bVODcc=1ZRp3pG22c-rrDfTPXQ@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C711DAEEE373@USMBX1.msg.corp.akamai.com> <528AD194.9060003@amacapital.net> <528AD326.8080908@kirils.com> <CAM_a8Jy_x-qZFdpxsLMnFjuYeAJBwqNqQLrnsAcf05GU5PuJfw@mail.gmail.com>
In-Reply-To: <CAM_a8Jy_x-qZFdpxsLMnFjuYeAJBwqNqQLrnsAcf05GU5PuJfw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Subject: Re: [TLS] Deployment ... Re: This working group has failed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Nov 2013 19:35:42 -0000
On 11/19/2013 06:44 AM, Zooko Wilcox-OHearn wrote: > On Tue, Nov 19, 2013 at 2:55 AM, Kirils Solovjovs > <kirils.solovjovs@kirils.com> wrote: >> >>> The world needs a good, permissively licensed, >>> hard-or-impossible-to-misuse TLS API. GnuTLS is probably the closest >>> there is, and it has its set of issues, too. >> >> Fully seconded, Andy! >> >> Still.. what do you think should be done to alleviate this step by step? There may be some benefit to having a real specification of what an implementation should provide. On the other hand, getting this right may be impossible. >> >> Are you proposing to scrap openssl and start from scratch? > > There are many alternatives to openssl. Wikipedia has a table: > > https://en.wikipedia.org/wiki/Comparison_of_TLS_Implementations > > That list is not complete — for example it omits Botan: > > http://botan.randombit.net/tls.html > > Oh, you require a permissive licence? Judging from the "Overview" > table on that wikipedia page, that narrows it down to NSS or Botan for > you. I don't personally require it, but many people probably do. I think the real issue is that the world seems to have standardized on an awful implementation, and that said awful implementation probably gets the most careful review. I also doubt that this can be solved by policy. Perhaps, though, IETF could publish a small list of features that TLS implementation SHOULD offer. For example: - Support any legal combination of ciphers, key exchange mechanisms, etc. out of the box, without additional configuration, unless disabled by the user, for security reasons, or for IP reasons. For example, failure to support non-P-256 curves because no curve was selected or because P-256 was selected should violate this rule (hello, OpenSSL). - Support multiple clients in the same process linked against the same library without causing those clients to interfere with each other (hello, GnuTLS). - When in client mode, implementations MUST refuse to connect to a server unless an explicitly chosen set of trust roots (or other mechanism such as DANE) authenticates that server (hello, everything). - Standardize on an (abstract) representation of a certificate chain and standardize an API for doing PKIX verification. (There's lots of freedom here, but I guarantee that OpenSSL's approach is wrong.) There could also be an official (or semi-official) list, updated from time to time, of what a TLS implementation must do to be considered secure. For example, right now I'd want to check that the implementation I use does 1/n-1 record splitting, uses a true constant-time CBC MAC implementation, gets GCM right, etc., and I probably don't know the full list. Still, creating good software by fiat is hard. --Andy
- [TLS] This working group has failed Watson Ladd
- [TLS] Deployment ... Re: This working group has f… Hannes Tschofenig
- Re: [TLS] Deployment ... Re: This working group h… Taylor Hornby
- Re: [TLS] This working group has failed SM
- Re: [TLS] This working group has failed Ralph Holz
- Re: [TLS] Deployment ... Re: This working group h… Hannes Tschofenig
- Re: [TLS] Deployment ... Re: This working group h… Yoav Nir
- Re: [TLS] Deployment ... Re: This working group h… Hannes Tschofenig
- Re: [TLS] This working group has failed Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Mark Nottingham
- Re: [TLS] Deployment ... Re: This working group h… Kyle Hamilton
- Re: [TLS] Deployment ... Re: This working group h… Juho Vähä-Herttua
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Andrei Popov
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Geoffrey Keating
- Re: [TLS] Deployment ... Re: This working group h… Michael Staubermann
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Joshua Davies
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Andy Lutomirski
- Re: [TLS] Deployment ... Re: This working group h… Kirils Solovjovs
- Re: [TLS] Deployment ... Re: This working group h… Andy Wilson
- Re: [TLS] Deployment ... Re: This working group h… Marsh Ray
- Re: [TLS] Deployment ... Re: This working group h… Ralf Skyper Kaiser
- Re: [TLS] Deployment ... Re: This working group h… Ben Laurie
- [TLS] TLS protocol version intolerance [Was: Re: … Ivan Ristić
- Re: [TLS] Deployment ... Re: This working group h… Zooko Wilcox-OHearn
- Re: [TLS] TLS protocol version intolerance [Was: … Michael Sweet
- Re: [TLS] TLS protocol version intolerance [Was: … Eric Rescorla
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Andy Lutomirski
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- [TLS] multiple clients in one process (was: Re: D… Patrick Pelletier
- Re: [TLS] multiple clients in one process (was: R… Andy Lutomirski
- Re: [TLS] multiple clients in one process (was: R… Daniel Kahn Gillmor
- Re: [TLS] multiple clients in one process (was: R… Nico Williams
- Re: [TLS] multiple clients in one process (was: R… Nikos Mavrogiannopoulos
- Re: [TLS] multiple clients in one process (was: R… Andy Lutomirski