IETF Logo Mail Archive

Re: [TLS] TLS, PKI,

Bruno Harbulot <Bruno.Harbulot@manchester.ac.uk> Wed, 14 July 2010 11:38 UTC

Return-Path: <Bruno.Harbulot@manchester.ac.uk>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 351333A6898 for <tls@core3.amsl.com>; Wed, 14 Jul 2010 04:38:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.999
X-Spam-Level:
X-Spam-Status: No, score=-5.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_33=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kbTLogcSvtsT for <tls@core3.amsl.com>; Wed, 14 Jul 2010 04:38:39 -0700 (PDT)
Received: from clarity.mcc.ac.uk (clarity.mcc.ac.uk [130.88.200.144]) by core3.amsl.com (Postfix) with ESMTP id 41BAE3A680E for <tls@ietf.org>; Wed, 14 Jul 2010 04:38:37 -0700 (PDT)
Received: from rankine.its.manchester.ac.uk ([130.88.25.196]) by clarity.mcc.ac.uk with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <Bruno.Harbulot@manchester.ac.uk>) id 1OZ0IY-000Cvy-3x for tls@ietf.org; Wed, 14 Jul 2010 12:38:46 +0100
Received: from pulsar.rcs.manchester.ac.uk ([130.88.1.47]:43676 helo=mymachine) by rankine.its.manchester.ac.uk with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <Bruno.Harbulot@manchester.ac.uk>) id 1OZ0IY-0000kR-0I for tls@ietf.org; Wed, 14 Jul 2010 12:38:46 +0100
Message-ID: <4C3DA1C5.1030406@manchester.ac.uk>
Date: Wed, 14 Jul 2010 12:38:45 +0100
From: Bruno Harbulot <Bruno.Harbulot@manchester.ac.uk>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.10) Gecko/20100528 Lightning/1.0b1 Thunderbird/3.0.5
MIME-Version: 1.0
To: tls@ietf.org
References: <E1OYuFO-0007XU-L1@wintermute02.cs.auckland.ac.nz>
In-Reply-To: <E1OYuFO-0007XU-L1@wintermute02.cs.auckland.ac.nz>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Authenticated-Sender: Bruno Harbulot from pulsar.rcs.manchester.ac.uk (mymachine) [130.88.1.47]:43676
X-Authenticated-From: Bruno.Harbulot@manchester.ac.uk
Subject: Re: [TLS] TLS, PKI,
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jul 2010 11:38:40 -0000

On 14/07/10 06:11, Peter Gutmann wrote:
> Martin Rex<mrex@sap.com>  writes:
>
>> Being able to easily network a small number of computers and network-attached
>> devices at home without involvement of outside third parties is a pretty
>> common use case.  It is where SSH started and excels in.  It is where TLS
>> hardly worked from the beginning and where it has become much worse since due
>> to the Scare-Consumers-Away-From-This-Technology pages in recent Browsers.
>
> +1.

Agreed, but that's comparing two different things: one is SSH, the other 
is the combination of TLS and PKIs.

I wonder how many people really check the fingerprint of the SSH server 
key when they connect to a server they haven't connected to before.

I've had warnings of key-changes by a server, for which I hadn't been 
notified of the change by the provider. After asking the technical 
customer service, it seemed that they weren't aware of the implications 
of changing the keys (I asked them what the new fingerprint was supposed 
to be but all I got was a confirmation that the key had changed, not the 
actual new fingerprint). Maybe services (for which you can't know the 
key in advance) should be encouraged to publish the fingerprints on 
their HTTPS website (whose identity will be asserted by PKIs...)

I think SSH clients do a bit better than browsers for TLS+PKI in that 
respect because the client remembers the fingerprint after the first 
connection, but apart from that, there's little to check the identity of 
the server.

PKIs aim to provide a yes/no binary answer to "can I trust this to be 
what it says it is?" (or ternary if you consider green/blue bars), only 
to abstract away the fact it's a matter of probabilities and 
risk-assessment that will end up somewhere between 0 and 1.
I'm not sure how it's possible to go further than that without providing 
users with better security education (which they don't necessarily want 
or have time to receive).


Best wishes,

Bruno.

v2.23.0 | Report a Bug | By Email