IETF Logo Mail Archive

Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)

Nicolas Williams <Nicolas.Williams@oracle.com> Tue, 09 November 2010 17:27 UTC

Return-Path: <Nicolas.Williams@oracle.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D1A033A69FB for <tls@core3.amsl.com>; Tue, 9 Nov 2010 09:27:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.168
X-Spam-Level:
X-Spam-Status: No, score=-6.168 tagged_above=-999 required=5 tests=[AWL=-0.170, BAYES_00=-2.599, J_CHICKENPOX_15=0.6, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4E5xp2kORIxC for <tls@core3.amsl.com>; Tue, 9 Nov 2010 09:27:01 -0800 (PST)
Received: from rcsinet10.oracle.com (rcsinet10.oracle.com [148.87.113.121]) by core3.amsl.com (Postfix) with ESMTP id D2D4D28C0D9 for <tls@ietf.org>; Tue, 9 Nov 2010 09:27:01 -0800 (PST)
Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227]) by rcsinet10.oracle.com (Switch-3.4.2/Switch-3.4.2) with ESMTP id oA9HRNHG017325 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 9 Nov 2010 17:27:25 GMT
Received: from acsmt353.oracle.com (acsmt353.oracle.com [141.146.40.153]) by acsinet15.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id oA9HRKEb024210; Tue, 9 Nov 2010 17:27:21 GMT
Received: from abhmt017.oracle.com by acsmt353.oracle.com with ESMTP id 763210141289323609; Tue, 09 Nov 2010 09:26:49 -0800
Received: from oracle.com (/129.153.128.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 09 Nov 2010 09:26:48 -0800
Date: Tue, 09 Nov 2010 11:26:44 -0600
From: Nicolas Williams <Nicolas.Williams@oracle.com>
To: Michael D'Errico <mike-list@pobox.com>
Message-ID: <20101109172643.GD6536@oracle.com>
References: <4CD76B1B.5030308@ericsson.com> <4CD78027.6090004@pobox.com> <000501cb8001$a441f620$4001a8c0@gateway.2wire.net> <4CD97EA5.3000305@pobox.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <4CD97EA5.3000305@pobox.com>
User-Agent: Mutt/1.5.20 (2010-03-02)
Cc: tls@ietf.org
Subject: Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2010 17:27:02 -0000

On Tue, Nov 09, 2010 at 09:02:29AM -0800, Michael D'Errico wrote:
> t.petch wrote:
> >...
> 
> Since you put a smiley at the end, it seems you're kidding, but just to be
> clear....
> 
>   - the most important requirement for protocols is integrity; I don't
>     know how to achieve that without TLS.

There's the GSS-API...  There's IPsec...  The whole world isn't TLS...
though I think most apps from here on out will trend to using TLS.

(There's also SASL, though the SASL community has decided that new
mechanisms shouldn't have security layers, instead relying on channel
binding to TLS, so SASL doesn't really count :)

>   - personally I also want privacy; not because I'm doing anything wrong,
>     but because it's-none-of-your-business what I buy online and what I
>     discuss with people through email, etc.  I don't know how to achieve
>     this without encryption, thus TLS is an important tool.

And also because most web stuff uses cookies to track sessions (the web
app has no visibility into TLS sessions, so it needs its own method for
tracking what connections make up a session), and doesn't use TLS to
authenticate users.  Those cookies need confidentiality protection, even
if you thought that what you do on the web doesn't.

>   - what do you mean by expensive?  Google has published research results
>     showing that enabling TLS on their services required no more/different
>     hardware than they were using prior to switching on TLS.

Mostly this is a perception issue.  But also it helps to have decent TLS
and HTTP/1.1 implementations, so you can get session resumption, and
pipeline HTTP to amortize the cost of TLS session setup.  Also, not
everyone is Google; I'm not at all surprised that TLS didn't cost them
much, but I'd also not be surprised if TLS-all-the-time cost
significantly more than $0 for most online services not run by Google.

Nico
--

v2.23.0 | Report a Bug | By Email