IETF Logo Mail Archive

Re: [TLS] Deployment ... Re: This working group has failed

Andy Lutomirski <luto@amacapital.net> Wed, 27 November 2013 19:56 UTC

Return-Path: <luto@amacapital.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B45DA1ADFA3 for <tls@ietfa.amsl.com>; Wed, 27 Nov 2013 11:56:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nvCxoruqDN8x for <tls@ietfa.amsl.com>; Wed, 27 Nov 2013 11:56:30 -0800 (PST)
Received: from mail-pd0-f182.google.com (mail-pd0-f182.google.com [209.85.192.182]) by ietfa.amsl.com (Postfix) with ESMTP id BABE31ADFA7 for <tls@ietf.org>; Wed, 27 Nov 2013 11:55:57 -0800 (PST)
Received: by mail-pd0-f182.google.com with SMTP id v10so10618203pde.27 for <tls@ietf.org>; Wed, 27 Nov 2013 11:55:57 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=o/D5KhgmMvSxcixMPq6QxlLlkP9yFKIQsqoSi3zTcig=; b=BKE4sHXGUMN+ylXjxSbYxTs/t9/legHANHhmbrlZRCRQtdXfY88dfmCxq6lf08Q3/y u4tOknNBXdeqdr0NMV4+6JZ2Y5+MaEiI9AsRYBky8aFkmiEFpl7G7tqdTrGpQxnwSxGB q92owom00zEU28S1RkEuFm6OuNbUMDS9+20JquzTFQ/jP9bvU7OAA5XU2JVN7UBe0T+d ZVuFfW1xzXSn8sPRj97Z8oU7aut2kOke5cC0aJ4L4nNnoqFMTnPPF8/qwaO+QOc8Ponq vZ+CN8QnoANrNG1gIk5upDzkDr6nIs5JhEbyD9A0l4yqHNo1e3LYXE30wOuwBe6thiuD IObA==
X-Gm-Message-State: ALoCoQmeTpAHQJQljXaWI9f8c3Xjs4N87iN0so0jzrOQZ3XG0SrFrPcItghTscaPLhOe3yQ00NnD
X-Received: by 10.68.25.229 with SMTP id f5mr6747941pbg.6.1385582157195; Wed, 27 Nov 2013 11:55:57 -0800 (PST)
Received: from amaluto.corp.amacapital.net (50-76-60-73-ip-static.hfc.comcastbusiness.net. [50.76.60.73]) by mx.google.com with ESMTPSA id iu7sm89846651pbc.45.2013.11.27.11.55.55 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 27 Nov 2013 11:55:56 -0800 (PST)
Message-ID: <52964E4B.5010208@mit.edu>
Date: Wed, 27 Nov 2013 11:55:55 -0800
From: Andy Lutomirski <luto@amacapital.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: Yoav Nir <synp71@live.com>, Andy Lutomirski <luto@amacapital.net>, Peter Gutmann <p.gutmann@auckland.ac.nz>
References: <9A043F3CF02CD34C8E74AC1594475C736541CBFC@uxcn10-tdc06.UoA.auckland.ac.nz> <CALCETrVeBHqckreYHmaiNONZ8Yj-om5+yQv+ZOfs0Qpj7xXOUA@mail.gmail.com> <BLU0-SMTP2032BA7A56EA05E1C2679F7B1EF0@phx.gbl>
In-Reply-To: <BLU0-SMTP2032BA7A56EA05E1C2679F7B1EF0@phx.gbl>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Deployment ... Re: This working group has failed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Nov 2013 19:56:51 -0000
X-List-Received-Date: Wed, 27 Nov 2013 19:56:51 -0000

On 11/26/2013 10:56 PM, Yoav Nir wrote:
> On 27/11/13 1:51 AM, Andy Lutomirski wrote:
>> On Tue, Nov 26, 2013 at 3:28 PM, Peter Gutmann
>> <p.gutmann@auckland.ac.nz> wrote:
>>> Andy Lutomirski <luto@amacapital.net> writes:
>>>
>>>> - When in client mode, implementations MUST refuse to connect to a
>>>> server
>>>> unless an explicitly chosen set of trust roots (or other mechanism
>>>> such as
>>>> DANE) authenticates that server (hello, everything).
>>> Translated: "TLS implementations MUST refuse to connect to any
>>> computer or
>>> device that isn't a public web server with a commercial CA-issued
>>> certificate".  You may as well mandate that "TLS implementations MUST
>>> NOT
>>> allow the tide to come in".
>> Not at all.  I didn't say "bundled set of trust roots;" I said
>> "explicitly chosen".  This would ban, for example:
>>
>>   - stunnel in client mode with verify = 0 or verify = 1
>>   - OpenSSL's SSL_VERIFY_NONE mode
>>   - The default behavior of Python's urllib2 module
>>
>> etc.  If an implementation wanted to offer a scary opt-in way to say
>> "make me completely insecure", I have no problem with that.  It's
>> unacceptable, though, that the default behavior of a lot of libraries
>> is to skip verification.
>>
>> I personally use TLS with private trust roots -- lots of people do
>> this.  The problem is when people use TLS with no trust roots at all.
> If by "lots" you mean too many to get them all together for beer night
> -- yes. But the kind of technical know-how is in short supply, and
> caring about this even among those with technical know-how is also thin
> on the ground.
> 
> I'm sure there are thousands of people who use TLS with private trust
> roots, as well as thousands of companies. But that's a small portion of
> people and companies, and the rest of us also need stuff that works.

Do you mean that the rest of us need to write mobile apps that appear to
work but are, in fact, insecure?  I really don't think that TLS is
supposed to serve the purpose of making people feel good about using it
-- it's supposed to provide some form of security.

I think that the rest of us actually need a TLS library that doesn't
suck and an easy and foolproof way to create and use a CA key, CA cert,
and server keypair.

--Andy

v2.23.0 | Report a Bug | By Email