IETF Logo Mail Archive

Re: [TLS] Fingerprinting weaknesses (was: The risk of misconfiguration)

Nico Williams <nico@cryptonector.com> Wed, 07 May 2014 23:16 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 041E31A0433 for <tls@ietfa.amsl.com>; Wed, 7 May 2014 16:16:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.044
X-Spam-Level:
X-Spam-Status: No, score=-1.044 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, IP_NOT_FRIENDLY=0.334] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8OLUxRZ_Q1rV for <tls@ietfa.amsl.com>; Wed, 7 May 2014 16:16:03 -0700 (PDT)
Received: from homiemail-a31.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 383CA1A03F4 for <tls@ietf.org>; Wed, 7 May 2014 16:16:03 -0700 (PDT)
Received: from homiemail-a31.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a31.g.dreamhost.com (Postfix) with ESMTP id 1FB9E20202C for <tls@ietf.org>; Wed, 7 May 2014 16:15:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=BHgzhXuk27sgv4ElWoH5 Tlw2pH4=; b=p+2kovpqEO2mG1/5dYu1r79L/tYvIYdunIjhyK8JWvr9p5OictX4 BaIC+PkfGdxyqKts5TsFHJhJeFGDCz+MyPgSw/4J8qpwcO1iq25FpZySSKV9kKGx r7/GnZoA8i+tCrBB/ecFPvVWYYJ5vlzICfOLDlN2RUX5MFDHy1lolhQ=
Received: from mail-oa0-f53.google.com (mail-oa0-f53.google.com [209.85.219.53]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a31.g.dreamhost.com (Postfix) with ESMTPSA id 00FAB202018 for <tls@ietf.org>; Wed, 7 May 2014 16:15:58 -0700 (PDT)
Received: by mail-oa0-f53.google.com with SMTP id m1so2091656oag.26 for <tls@ietf.org>; Wed, 07 May 2014 16:15:58 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.60.55.97 with SMTP id r1mr16237oep.5.1399504558649; Wed, 07 May 2014 16:15:58 -0700 (PDT)
Received: by 10.182.127.50 with HTTP; Wed, 7 May 2014 16:15:58 -0700 (PDT)
In-Reply-To: <CACsn0cm+YQfAUArGgQTpeNHCv7toW7hQ+Q77J0GNKbo6ZzsN3Q@mail.gmail.com>
References: <CACsn0cnvV9c5aH5p8cD1fJEzF4dmNXBaEaHCfkX82AZqKOUYaQ@mail.gmail.com> <CAK3OfOgYr7d88iuxhXZcos55ymg0i_Q_GHNcXB+w7GRUaEj0bw@mail.gmail.com> <536A67D9.2070302@pobox.com> <CAK3OfOjTehkbKMg40_ZXGXOVjyHHY7UrxLmpyr7Mz00rRo+RLQ@mail.gmail.com> <536A6F8C.7020702@akr.io> <20140507181651.GX27883@mournblade.imrryr.org> <536A7AAE.9030801@akr.io> <20140507184748.GY27883@mournblade.imrryr.org> <536A83A2.3070701@akr.io> <CAK3OfOhOPi1a=rxKZAcwpFNtiBKAUnBRjnNUkw3y0buBm4vg8w@mail.gmail.com> <CACsn0cm+YQfAUArGgQTpeNHCv7toW7hQ+Q77J0GNKbo6ZzsN3Q@mail.gmail.com>
Date: Wed, 07 May 2014 18:15:58 -0500
Message-ID: <CAK3OfOjZJauF=CvCjrA3RXwqrtDDQrKnbnf6iNt5mJwbwPRLPw@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/iIWyWdo2f69AB1sJQqpTLRUwr1M
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Fingerprinting weaknesses (was: The risk of misconfiguration)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 May 2014 23:16:04 -0000

On Wed, May 7, 2014 at 6:12 PM, Watson Ladd <watsonbladd@gmail.com> wrote:
> On Wed, May 7, 2014 at 3:07 PM, Nico Williams <nico@cryptonector.com> wrote:
>> On Wed, May 7, 2014 at 2:04 PM, Alyssa Rowan <akr@akr.io> wrote:
>>>> Cipher-suite signalling is just one of many ways that Mallory can
>>>> determine which clients she can attack undetected.
>>
>> No.  Mallory can only see that anon ciphersuites where offered.
>> Mallory cannot conclude from this that anon ciphersuites will be
>> accepted (the peer might disconnect if an anon ciphersuite is
>> negotiated) nor can Mallory conclude that channel binding (or renengo)
>> won't be used in that session.  It's always a risk for Mallory to
>> attempt an MITM attack.
>
> So they do the MITM, see that SASL is being used, the connection
> breaks, and then what?

And then the user only observes the re-connect or the failure.  Either
way the user did not fall to an MITM attack.

> Or they do the MITM, the peer disconnects because they didn't really
> mean it anyway, and then what?

The user doesn't get MITMed.

Alternative the client was trying to get opportunistic security, and
speaking to an MITM is better than sending cleartext (which would have
been the alternative).

Nico
--

v2.23.0 | Report a Bug | By Email