IETF Logo Mail Archive

Re: [TLS] TLS, PKI,

Yoav Nir <ynir@checkpoint.com> Wed, 14 July 2010 12:07 UTC

Return-Path: <ynir@checkpoint.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 38BFB3A6825 for <tls@core3.amsl.com>; Wed, 14 Jul 2010 05:07:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.088
X-Spam-Level:
X-Spam-Status: No, score=-2.088 tagged_above=-999 required=5 tests=[AWL=-0.089, BAYES_00=-2.599, J_CHICKENPOX_33=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tzffi7hdlbzu for <tls@core3.amsl.com>; Wed, 14 Jul 2010 05:07:47 -0700 (PDT)
Received: from michael.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by core3.amsl.com (Postfix) with ESMTP id A70453A6A2E for <tls@ietf.org>; Wed, 14 Jul 2010 05:07:46 -0700 (PDT)
X-CheckPoint: {4C3DB4ED-0-1B221DC2-2FFFF}
Received: from il-ex01.ad.checkpoint.com (il-ex01.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id o6EC7tDq015823; Wed, 14 Jul 2010 15:07:55 +0300 (IDT)
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Wed, 14 Jul 2010 15:08:27 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: Bruno Harbulot <Bruno.Harbulot@manchester.ac.uk>
Date: Wed, 14 Jul 2010 15:07:51 +0300
Thread-Topic: [TLS] TLS, PKI,
Thread-Index: AcsjTUOCfZEANOw6T62ycxHUPlcAmQ==
Message-ID: <A00ABF7A-3C17-42F3-ADA4-E22C75452540@checkpoint.com>
References: <E1OYuFO-0007XU-L1@wintermute02.cs.auckland.ac.nz> <4C3DA1C5.1030406@manchester.ac.uk>
In-Reply-To: <4C3DA1C5.1030406@manchester.ac.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS, PKI,
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jul 2010 12:07:48 -0000

On Jul 14, 2010, at 2:38 PM, Bruno Harbulot wrote:

> 
> 
> On 14/07/10 06:11, Peter Gutmann wrote:
>> Martin Rex<mrex@sap.com>  writes:
>> 
>>> Being able to easily network a small number of computers and network-attached
>>> devices at home without involvement of outside third parties is a pretty
>>> common use case.  It is where SSH started and excels in.  It is where TLS
>>> hardly worked from the beginning and where it has become much worse since due
>>> to the Scare-Consumers-Away-From-This-Technology pages in recent Browsers.
>> 
>> +1.
> 
> Agreed, but that's comparing two different things: one is SSH, the other 
> is the combination of TLS and PKIs.
> 
> I wonder how many people really check the fingerprint of the SSH server 
> key when they connect to a server they haven't connected to before.

I would guess that the answer is "none". But usually, you first connect to the SSH server through a trusted connection (in the workplace, or you set it up and then connect). After that, you're good to go, and you can connect remotely.

> I've had warnings of key-changes by a server, for which I hadn't been 
> notified of the change by the provider. After asking the technical 
> customer service, it seemed that they weren't aware of the implications 
> of changing the keys (I asked them what the new fingerprint was supposed 
> to be but all I got was a confirmation that the key had changed, not the 
> actual new fingerprint). Maybe services (for which you can't know the 
> key in advance) should be encouraged to publish the fingerprints on 
> their HTTPS website (whose identity will be asserted by PKIs...)

Or maybe in a DNS record. And now that DNSSEC is deployed, you can use that
http://www.ietf.org/mail-archive/web/ietf/current/msg62449.html

> I think SSH clients do a bit better than browsers for TLS+PKI in that 
> respect because the client remembers the fingerprint after the first 
> connection, but apart from that, there's little to check the identity of 
> the server.

If browsers accepted private CAs for domain (after a one-time dialog), and self-signed certificates for a particular server only, they would get to the same level of usability and security as SSH clients. As it is, they're better if you have no way to verify the server fingerprint, and worse if you can.

v2.23.0 | Report a Bug | By Email