IETF Logo Mail Archive

Re: [TLS] The risk of misconfiguration

Viktor Dukhovni <viktor1dane@dukhovni.org> Wed, 07 May 2014 02:00 UTC

Return-Path: <viktor1dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BDF51A02E3 for <tls@ietfa.amsl.com>; Tue, 6 May 2014 19:00:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QaA1oN7Gyg-w for <tls@ietfa.amsl.com>; Tue, 6 May 2014 19:00:29 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) by ietfa.amsl.com (Postfix) with ESMTP id 3D4311A02F2 for <tls@ietf.org>; Tue, 6 May 2014 19:00:29 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id EDE612AA9FF; Wed, 7 May 2014 02:00:23 +0000 (UTC)
Date: Wed, 07 May 2014 02:00:23 +0000
From: Viktor Dukhovni <viktor1dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20140507020023.GI27883@mournblade.imrryr.org>
References: <CACsn0cnvV9c5aH5p8cD1fJEzF4dmNXBaEaHCfkX82AZqKOUYaQ@mail.gmail.com> <53692FC2.1060009@akr.io> <20140506221344.GB27883@mournblade.imrryr.org> <536977E3.3000608@akr.io> <20140507002452.GH27883@mournblade.imrryr.org> <CACsn0ck5UtC9T1ktgAiWimWAxBPNoANfOEB8MOF9CfQLCMgSHw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CACsn0ck5UtC9T1ktgAiWimWAxBPNoANfOEB8MOF9CfQLCMgSHw@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/KDnR75SH5j7fb060UIEHtbnVDXs
Subject: Re: [TLS] The risk of misconfiguration
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 May 2014 02:00:33 -0000

On Tue, May 06, 2014 at 06:08:52PM -0700, Watson Ladd wrote:

> > We must not confuse implementation user-interface issues with
> > protocol issues.  The protocol supports many different use-cases.
> > Interfaces for cipher selection in implementations are not protocol
> > issues.  The OpenSSL cipherlist interface is beginning to get some
> > attention.  That issue belongs on openssl-dev@openssl.org, not
> > tls@ietf.org.
> 
> Agreed, but it's an example of the hazard that insecure modes present.

> No matter how the choice is presented to end-users or application
> developers, so long as it is possible to misconfigure TLS, it will be
> misconfigured.

In Postfix the user chooses a "cipher-grade" that sets the floor
on the set of enabled cipher-suites.  The levels are monotone.
This is a simple interface that is rather difficult to mess up.

The underlying definitions of these grades is also configurable,
but I strongly discourage users from attempting to touch these
without expert advice.

This has worked well for nearly a decade with no evidence of
significant user confusion or misguided misconfiguration.

User interfaces need to make the simple things easy and the
complicated things possible.

> You can blame the end user or the programmer or the
> library writer all you want, but unless a library is willing to forgo
> supporting null ciphers, they will be used inadvertently. Why include
> something that should virtually never be used, when using it has bad
> consequences?

The above is just a rhetorical rant.  Risk cannot be banned out of
existence, but systems can be designed with greater safety in mind.

> We've recognized the need for guidance on how to use TLS, hence
> formation of UTA.  We're punting on implementation, although I recently
> got an email about the C standards body wanting to standardize APIs
> for networks, which, if they included TLS with a sane API would be
> wonderful. But the complexity that OpenSSL reveals is real: there is
> no way to support all possible combinations of ciphersuites without
> something this nasty to pick between them.

The above is plainly false.  Good systems offer many layers of
controls, some for naive users some for experts.  They have high
and low level APIs, with the latter offering more fine-grained
control when needed.  OpenSSL should be improved not neutered.

Software that only dumbs everything down is not progress, we need
software that is both usable and flexible.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email