Re: [TLS] TLS or HTTP issue?

Dean Anderson <dean@av8.com> Fri, 06 November 2009 22:29 UTC

Return-Path: <dean@av8.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 341B43A67FA for <tls@core3.amsl.com>; Fri, 6 Nov 2009 14:29:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LV6RbX4t5+SV for <tls@core3.amsl.com>; Fri, 6 Nov 2009 14:29:13 -0800 (PST)
Received: from cirrus.av8.net (cirrus.av8.net [130.105.36.66]) by core3.amsl.com (Postfix) with ESMTP id 1E6AB3A67AD for <tls@ietf.org>; Fri, 6 Nov 2009 14:29:13 -0800 (PST)
Received: from citation2.av8.net (citation2.av8.net [130.105.12.10]) (authenticated bits=0) by cirrus.av8.net (8.12.11/8.12.11) with ESMTP id nA6MTNGm006860 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Fri, 6 Nov 2009 17:29:24 -0500
Date: Fri, 6 Nov 2009 17:29:23 -0500 (EST)
From: Dean Anderson <dean@av8.com>
X-X-Sender: dean@citation2.av8.net
To: Florian Weimer <fweimer@bfk.de>
In-Reply-To: <82639ongwg.fsf@mid.bfk.de>
Message-ID: <Pine.LNX.4.44.0911061713270.5276-100000@citation2.av8.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: Eric Rescorla <ekr@rtfm.com>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS or HTTP issue?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2009 22:29:14 -0000

On Fri, 6 Nov 2009, Florian Weimer wrote:

> * Nikos Mavrogiannopoulos:
> 
> > I'll become a bit pedantic and note here that this isn't really a TLS
> > issue.

Its a TLS issue.  However I don't think we should worry too much about
https.  I've used client certificates on some websites, and let me tell
you, its really a non-starter to use renegotation because most
webservers have a 250k buffer (On apache this is a compile-time
constant) for renegotiation, which isn't big enough to complete a lot of
http transactions, anyway. As a result, one usually winds up breaking up
websites into two or more sites, with one site completely client
certificate controlled so that no renegotation necessary on that site,
and the rest of the content is on another site that also needs no
renegotiation.

> Theoretically, this attack can be detected by the server,

Theoretically, I think not. The problem (inherent to every MITM attack)
is that there is some plaintext the MITM can change or otherwise use.  
The solution is the same in every case: Eliminate the plaintext or
encrypt it in a (e.g public key) cipher so that the MITM can't alter or
read it.

That's what should happen here. We should not worry about whether this
is hard to program or not.  It simply shouldn't be plaintext.  I don't
think it ought to be too difficult to program, as the client and server
have already public exchanged keys that could be used to encrypt the
renegotiation.  

Of course, https is still as screwed as before, but like I said above,
it is of no consequence as there are already problems with renegotation
that cause renegotiation to be avoided. So we need not worry about
https.  But renegotiation should be made to work in TLS, as other
protocols that rely on TLS don't have the large, essentially unlimited
transaction size problems that https has.

		--Dean


-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 256 5494