IETF Logo Mail Archive

Re: [TLS] Heartbleed / protocol complexity

Geoffrey Keating <geoffk@geoffk.org> Wed, 09 April 2014 22:43 UTC

Return-Path: <geoffk@geoffk.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69FA71A02D8 for <tls@ietfa.amsl.com>; Wed, 9 Apr 2014 15:43:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.398
X-Spam-Level: ***
X-Spam-Status: No, score=3.398 tagged_above=-999 required=5 tests=[BAYES_50=0.8, MANGLED_BACK=2.3, MIME_8BIT_HEADER=0.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GfBzerJ68UBy for <tls@ietfa.amsl.com>; Wed, 9 Apr 2014 15:43:11 -0700 (PDT)
Received: from dragaera.releasedominatrix.com (dragaera.releasedominatrix.com [216.129.105.14]) by ietfa.amsl.com (Postfix) with ESMTP id B3A4E1A03F9 for <tls@ietf.org>; Wed, 9 Apr 2014 15:43:04 -0700 (PDT)
Received: by dragaera.releasedominatrix.com (Postfix, from userid 501) id 1C75633D076; Wed, 9 Apr 2014 22:43:04 +0000 (UTC)
Sender: geoffk@localhost.localdomain
To: Hanno Böck <hanno@hboeck.de>
References: <20140409232505.0d6e02b8@hboeck.de>
From: Geoffrey Keating <geoffk@geoffk.org>
Date: Wed, 09 Apr 2014 15:43:03 -0700
In-Reply-To: <20140409232505.0d6e02b8@hboeck.de>
Message-ID: <m2k3ayxgy0.fsf@localhost.localdomain>
Lines: 29
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.4
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/SLuqgmzr88DORIJ1LsaWfM9ZAOk
Cc: tls@ietf.org
Subject: Re: [TLS] Heartbleed / protocol complexity
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Apr 2014 22:43:15 -0000

Hanno Böck <hanno@hboeck.de> writes:

> Hi,
> 
> It's kinda surprising that nobody yet started a thread on the biggest
> issue in TLS these days on the TLS WG list. So I make a start.
> 
> First thought might be "no protocol issue, software bug, not an issue
> for the TLS standardization process". But I think there is an issue at
> hand here: We have a severe bug in a rarely used TLS extension.
> 
> And: This is the second time in just a few days a TLS extension gives
> headache. We just had the Dual EC paper exposing possible security
> issues with the Extended Random extension (which luckily never came to
> life).

I can add a few more examples: compression and client-initiated
renegotiation are two things that were optional to implement, and
that some implementations didn't implement and were saved security
vulnerabilities by not doing so.

I seem to remember that there have also been bugs with NULL or
'export' cipher suites being unexpectedly enabled.

I think perhaps the lesson to learn from this is that implementations
should probably not aim to be 'complete' or 'full-featured' TLS
implementations, but rather only implement what is needed for their
target audience; and if they do implement features that only some users
will need, disable them by default.

v2.23.0 | Report a Bug | By Email