Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)
Bill Frantz <frantz@pwpconsult.com> Tue, 09 November 2010 05:23 UTC
Return-Path: <frantz@pwpconsult.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CDF0D3A68BE for <tls@core3.amsl.com>; Mon, 8 Nov 2010 21:23:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.599
X-Spam-Level:
X-Spam-Status: No, score=-4.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, GB_I_LETTER=-2]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3ebiXtwtXwvt for <tls@core3.amsl.com>; Mon, 8 Nov 2010 21:23:44 -0800 (PST)
Received: from elasmtp-scoter.atl.sa.earthlink.net (elasmtp-scoter.atl.sa.earthlink.net [209.86.89.67]) by core3.amsl.com (Postfix) with ESMTP id 596853A68B7 for <tls@ietf.org>; Mon, 8 Nov 2010 21:23:44 -0800 (PST)
Received: from [173.75.83.134] (helo=Bill-Frantzs-MacBook-Pro.local) by elasmtp-scoter.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <frantz@pwpconsult.com>) id 1PFggg-00029r-NF; Tue, 09 Nov 2010 00:24:06 -0500
Date: Mon, 08 Nov 2010 21:24:06 -0800
From: Bill Frantz <frantz@pwpconsult.com>
To: Marsh Ray <marsh@extendedsubset.com>
X-Priority: 3
In-Reply-To: <4CD8B412.2070402@extendedsubset.com>
Message-ID: <r314ps-1064i-D51EC846197943E9A42B2326D660B8B1@Bill-Frantzs-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.2.5
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec79afe6d780abdf492e514bcfd6e1679e7e350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 173.75.83.134
Cc: tls@ietf.org
Subject: Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2010 05:23:45 -0000
On 11/8/10 at 6:38 PM, marsh@extendedsubset.com (Marsh Ray) wrote: >Marsh Ray <marsh@extendedsubset.com> writes: >On 11/08/2010 06:58 PM, Bill Frantz wrote: >> >>Don't underestimate the value of protection from passive >>eavesdropping. >... >>It buys you quite a bit in the mobile WiFi world, >>where trusting the network providers is not an unreasonable level of >>trust compared with trusting anyone who can hear your radio >>connection. > >Which did you mean: > >Mobile, i.e. GSM and CDMA? - varying degrees of pwned. > >Or "mobile" WiFi hotspots? - pwned. Is my home WiFi router pwned? How about the one at the airport? The one at the coffee shop where I know the owner? The one set up by the conference committee? While any of these entry points can be pwned by exploitation of flaws in their implementation, I don't think the people/organizations that set them up have an incentive to install MITM attacks in them. I think there is little incentive for the more backbone network providers to install MITM attacks. (But see the comment about three letter agencies below.) Now I think it requires an active attack to install a MITM. Just being able to eavesdrop the bits won't do it. (Please tell me if I am wrong.) >>As an exercise for the student: Do you trust your network provider >>more than you trust our current version of PKI? > >Yeah good question. > >My answer is that it's meaningless to talk about "trusting" my >network provider, other than having expectation that they will >deliver my packets with high probability and low latency (and >bill me for it accurately). No security properties per se are >guaranteed by the design of the Internet. This was an >intentional decision on the part of its designers. There were >plenty of other networks back then that tried to build in all >sorts of properties like that, but use the net we have today >because it just works better this way. My reaction is, there are no guarantees in life. Given the frequency of security patches in all major software, doubly so. However you can get a useful level of confidence by looking at peoples incentives. >>My answer might depend on how the three letter agencies active where >>my packets may flow fit into my threat model. > >You don't know the route your packets will take across the >public net. Every packet may take a different route. Really. > >Or alternatively, an attacker could arrange for your data to be >transmitted from a geosynchronous satellite over an unencrypted >downlink where they could be received anonymously by consumer >equipment anywhere on the entire continent: >http://www.blackhat.com/presentations/bh-dc-10/Nve_Leonardo/BlackHat-DC-2010-Nve-Playing-with-SAT-1.2-wp.pdf Unless there are nodes in the network over which my packets pass which are pwned, this attack does not seem possible. Once I have set up an encrypted session with the mail server, I don't care if the bits are read. Now I fully agree that a system with authentication would be better than just anon-DH. However, such a system has costs as well, and in many practical situations you get real value from anon-DH. My own taste would be to know when the public key of the mail server changed. I really can afford to store the public keys of all the mail servers I use. I can erase one of the 500+ megabyte photos I have to make room. :-) I checked what my email provider (Earthlink) does. When I set SSL in my mail agent to "disabled", I can pick up mail. When I set it to "negotiated", the connection is quickly dropped and I can't pick up mail. When I set it to "Required" connection setup hangs. YMMV. Cheers - Bill --------------------------------------------------------------------------- Bill Frantz |"Web security is like medicine - trying to do good for 408-356-8506 |an evolved body of kludges" - Mark Miller www.periwinkle.com |
- [TLS] Security concerns around co-locating TLS an… Magnus Westerlund
- Re: [TLS] Security concerns around co-locating TL… Michael D'Errico
- Re: [TLS] Security concerns around co-locating TL… Paul Hoffman
- Re: [TLS] Security concerns around co-locating TL… Magnus Westerlund
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Geoffrey Keating
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Richard Hartmann
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Richard Hartmann
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Bill Frantz
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Bill Frantz
- Re: [TLS] Security concerns around co-locating TL… Steingruebl, Andy
- Re: [TLS] Security concerns around co-locating TL… t.petch
- Re: [TLS] Security concerns around co-locating TL… Michael D'Errico
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… t.petch
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Michael D'Errico
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Yoav Nir
- Re: [TLS] Security concerns around co-locating TL… Nelson B Bolyard
- Re: [TLS] Security concerns around co-locating TL… Peter Saint-Andre
- Re: [TLS] Security concerns around co-locating TL… Bill Frantz
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Michael D'Errico
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Juho Vähä-Herttua
- Re: [TLS] Security concerns around co-locating TL… Juho Vähä-Herttua
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Michael D'Errico
- Re: [TLS] Security concerns around co-locating TL… Nikos Mavrogiannopoulos
- Re: [TLS] Security concerns around co-locating TL… t.petch
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Michael D'Errico
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Chris Newman
- Re: [TLS] Security concerns around co-locating TL… Nico Williams
- Re: [TLS] Security concerns around co-locating TL… Matt DeMoss
- Re: [TLS] Security concerns around co-locating TL… Yoav Nir
- Re: [TLS] Security concerns around co-locating TL… Joe Touch