Re: [TLS] The risk of misconfiguration
Watson Ladd <watsonbladd@gmail.com> Wed, 07 May 2014 05:33 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C53AF1A065B for <tls@ietfa.amsl.com>; Tue, 6 May 2014 22:33:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, J_CHICKENPOX_48=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dMlnZ6NwZXXB for <tls@ietfa.amsl.com>; Tue, 6 May 2014 22:32:59 -0700 (PDT)
Received: from mail-yh0-x22f.google.com (mail-yh0-x22f.google.com [IPv6:2607:f8b0:4002:c01::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 32BD91A0656 for <tls@ietf.org>; Tue, 6 May 2014 22:32:59 -0700 (PDT)
Received: by mail-yh0-f47.google.com with SMTP id z6so66793yhz.20 for <tls@ietf.org>; Tue, 06 May 2014 22:32:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=rUVFAxHVRPso1o9lax7L9eiuUxGcpPV80HhKalaEb8M=; b=EXdeqSYeCSs6vIi+0m2s45FQXQzFhONbqZT+RBr5Vf3ZDK8bwGDmfB9xCJyNMXaXCl T6HJG2WFCpfzUpNva7cbtXIoA6lesLwOhGpkYUhqZkdRGJkVDpNATfOVDa65BQDxHEUM nNRjJ9x0jtdxq41U+un7x0cyPmAfbqyn3XARqBga845gEQiPIsfeVSGlm8qJb7hsFnbq VMu3Q3EE6SLtZ7tt3t4zmxjdHuwnFTdA/3zEvk4c6XmYPqJO3Qx9G7ZBNvcfWt7wd9TJ bGWmvTkgTVbCvXHjeCTRObsXz8vEenfKd7Qchw5GnRv0/sJ8gUmymBKqjxEs6pM8zgfL Im/g==
MIME-Version: 1.0
X-Received: by 10.236.137.8 with SMTP id x8mr63162910yhi.4.1399440775074; Tue, 06 May 2014 22:32:55 -0700 (PDT)
Received: by 10.170.63.197 with HTTP; Tue, 6 May 2014 22:32:54 -0700 (PDT)
In-Reply-To: <20140507035957.GM27883@mournblade.imrryr.org>
References: <CACsn0cnvV9c5aH5p8cD1fJEzF4dmNXBaEaHCfkX82AZqKOUYaQ@mail.gmail.com> <53692FC2.1060009@akr.io> <20140506221344.GB27883@mournblade.imrryr.org> <536977E3.3000608@akr.io> <20140507002452.GH27883@mournblade.imrryr.org> <CACsn0ck5UtC9T1ktgAiWimWAxBPNoANfOEB8MOF9CfQLCMgSHw@mail.gmail.com> <20140507020023.GI27883@mournblade.imrryr.org> <CACsn0c=GqGGTs1maA-hkA641mvnuOy+pgT6imhuA+kpP5eX+pQ@mail.gmail.com> <20140507035957.GM27883@mournblade.imrryr.org>
Date: Tue, 06 May 2014 22:32:54 -0700
Message-ID: <CACsn0ckkOORzh2v-n2K=fHuoJtg8g1ykNHbCbybYp78pUceTfw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/UA3XRy-X2_WLHHMM0Z7Ewh0BdUc
Subject: Re: [TLS] The risk of misconfiguration
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 May 2014 05:33:00 -0000
On Tue, May 6, 2014 at 8:59 PM, Viktor Dukhovni <viktor1dane@dukhovni.org> wrote: > On Tue, May 06, 2014 at 08:32:43PM -0700, Watson Ladd wrote: > >> > In Postfix the user chooses a "cipher-grade" that sets the floor >> > on the set of enabled cipher-suites. The levels are monotone. >> > This is a simple interface that is rather difficult to mess up. >> >> Actually, it makes the same mistake as OpenSSL does:enabling anonymous >> ciphers even when configured to send a server certificate and use 128 >> bit encryption, without an additional option set. (Source: >> http://www.postfix.org/TLS_README.html, search for the Server-Side >> Cipher Controls section) > > What you say is mistake in Postfix is actually a mistake in your > problem analysis. > > http://tools.ietf.org/html/draft-ietf-dane-smtp-with-dane-09#section-8.2 > > use of anonymous ciphers in Postfix is not an accident, it is rather > deliberate. > >> Of course, the sad state of TLS for email prevents this from being a >> problem in practice. > > Actually TLS for email is not in such sorry shape as you might > think. I bet a larger share of SMTP traffic is encrypted than with > HTTP. Opportunistic TLS has a simpler deployment model. > Go walk outside. Ask someone "When you send email to someone, who can read it?". Compare their answer to the reality. So long as there is a difference between those two, you have a problem. At least with the web, we have a (somewhat) functioning PKI, and it's the protocol and implementations that are the real problem. (Interestingly DKIM ensures all email is signed, even without DANE, yet we've not been able to turn that into encrypting the connections between mail servers in 9 years of work. XMPP has a flag day in 13 days in which encryption will be on. Most servers will be using certificates.) Furthermore, in TLS 1.3 we've made changes to the protocol that have the side effect of removing everything but AES and Camellia. Yes, if you want to saturate a gigabit Ethernet cable using a 1.3 GHz processor, you may have a problem with encryption slowing things down. Is that worth the hazard null encryption presents? I'm not sure: I agree that (some) of the misconfiguration hazards are a result of the deplorable state of a major implementation, that is going to get massively changed, and so maybe we shouldn't worry too much. On the other hand people have turned them on by accident. Sincerely, Watson Ladd > > -- > Viktor. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Watson Ladd
- [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Alyssa Rowan
- Re: [TLS] The risk of misconfiguration James Cloos
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Andrei Popov
- Re: [TLS] The risk of misconfiguration Alyssa Rowan
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Ralph Holz
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Fedor Brunner
- Re: [TLS] The risk of misconfiguration Nikos Mavrogiannopoulos
- Re: [TLS] The risk of misconfiguration Warren Kumari
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Michael D'Errico
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Michael D'Errico
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Alyssa Rowan
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] Fingerprinting weaknesses (was: The ris… Alyssa Rowan
- Re: [TLS] Fingerprinting weaknesses (was: The ris… Salz, Rich
- Re: [TLS] The risk of misconfiguration Alyssa Rowan
- Re: [TLS] Fingerprinting weaknesses (was: The ris… Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] Fingerprinting weaknesses (was: The ris… Nico Williams
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] Fingerprinting weaknesses (was: The ris… Watson Ladd
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] Fingerprinting weaknesses (was: The ris… Nico Williams
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Salz, Rich
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Manuel Pégourié-Gonnard
- Re: [TLS] The risk of misconfiguration Yoav Nir
- Re: [TLS] The risk of misconfiguration Salz, Rich
- Re: [TLS] The risk of misconfiguration Martin Rex
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Martin Thomson
- Re: [TLS] The risk of misconfiguration Stephen Farrell
- Re: [TLS] The risk of misconfiguration Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] The risk of misconfiguration Manuel Pégourié-Gonnard
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Russ Housley
- Re: [TLS] The risk of misconfiguration Bill Frantz
- Re: [TLS] The risk of misconfiguration Michael D'Errico
- Re: [TLS] The risk of misconfiguration Daniel Kahn Gillmor
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration (Muphry's … Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Stephen Farrell
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni