IETF Logo Mail Archive

Re: [TLS] The risk of misconfiguration

Watson Ladd <watsonbladd@gmail.com> Wed, 07 May 2014 22:34 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C74DE1A0416 for <tls@ietfa.amsl.com>; Wed, 7 May 2014 15:34:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T7QFVLid95Yn for <tls@ietfa.amsl.com>; Wed, 7 May 2014 15:34:00 -0700 (PDT)
Received: from mail-yh0-x233.google.com (mail-yh0-x233.google.com [IPv6:2607:f8b0:4002:c01::233]) by ietfa.amsl.com (Postfix) with ESMTP id 80BCA1A041C for <tls@ietf.org>; Wed, 7 May 2014 15:34:00 -0700 (PDT)
Received: by mail-yh0-f51.google.com with SMTP id f10so1554682yha.24 for <tls@ietf.org>; Wed, 07 May 2014 15:33:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=zctx/OPRoMsK3MswdM2FLRHhRWsrrd+PYkwDm3+ezkM=; b=Uh7nNGvhaGETbKX9TisJeDwkJF6ONphiMn/l09zZXE8SNqdkDRpdU8rLQZ937ZrlOv CM8LpJJRwUASsYVHalILmOTsJi4cfR0X2ttp9Z88EJiXoBADUSYJL/pBtt1+z9I4l93L 0vQ5A300q1tLmI2MW7gJZD0Nffp9IGKGh09sJhyrUMzsHA8LvMmxOenEbZxxxuEiHDr2 GcLoR9MHuYum7VETM4UCNip6wt4oq0En4Jf2XF4KbYKn4Q/6UP3nHPf3ZcL+aiQywdAh yuDeHshnXKyXcL/SLHDgRuNQpRwT3PNDqfe5eQ77DOoJy7j0PxDQjJybeTQBaYFn0ZKU o1EA==
MIME-Version: 1.0
X-Received: by 10.236.46.225 with SMTP id r61mr34429694yhb.107.1399502036206; Wed, 07 May 2014 15:33:56 -0700 (PDT)
Received: by 10.170.63.197 with HTTP; Wed, 7 May 2014 15:33:56 -0700 (PDT)
In-Reply-To: <CAK3OfOgVAg8MLSmRVLe-6vVVzX361xYo4uma3-GQQmn=qoWWbQ@mail.gmail.com>
References: <CACsn0cnvV9c5aH5p8cD1fJEzF4dmNXBaEaHCfkX82AZqKOUYaQ@mail.gmail.com> <CAK3OfOgYr7d88iuxhXZcos55ymg0i_Q_GHNcXB+w7GRUaEj0bw@mail.gmail.com> <536A67D9.2070302@pobox.com> <CAK3OfOjTehkbKMg40_ZXGXOVjyHHY7UrxLmpyr7Mz00rRo+RLQ@mail.gmail.com> <536A6F8C.7020702@akr.io> <20140507181651.GX27883@mournblade.imrryr.org> <536A7AAE.9030801@akr.io> <20140507184748.GY27883@mournblade.imrryr.org> <536A83A2.3070701@akr.io> <2A0EFB9C05D0164E98F19BB0AF3708C7130A13E3A2@USMBX1.msg.corp.akamai.com> <536A8804.8000207@akr.io> <CAK3OfOgVAg8MLSmRVLe-6vVVzX361xYo4uma3-GQQmn=qoWWbQ@mail.gmail.com>
Date: Wed, 07 May 2014 15:33:56 -0700
Message-ID: <CACsn0ckrnbQbz-KCEY6u-WU7ULPTQv46g3noz44jMjW5HmFU0g@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Nico Williams <nico@cryptonector.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/o0Hqhj457ejgg5S7tUyaCzCRpRI
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] The risk of misconfiguration
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 May 2014 22:34:01 -0000

On Wed, May 7, 2014 at 1:24 PM, Nico Williams <nico@cryptonector.com> wrote:
> On Wed, May 7, 2014 at 2:22 PM, Alyssa Rowan <akr@akr.io> wrote:
>> On 07/05/2014 20:10, Salz, Rich wrote:
>>>> I think that they are insecure _is_ a compelling reason: we seem
>>>> simply to disagree on that point.
>>> No, I think there is disagreement as to whether or not they are
>>> insecure.
>>
>> Because the application layer provides all its own security?
>
> It provides its own authentication, but not its own security layer.
>
>> Then why would it need TLS; decoration for middleboxes¹?
>
> Because it's simpler this way.
>
> SASL used to provide a "security layer".  It's now deprecated because
> it only led to problems:
>
> a) double encryption in some cases (since SASL apps generally also use TLS)
> b) extra code in the application and the SASL mechanism, all variously
> duplicating TLS functionality, not always well done.
>
> With channel binding both of those go away.

But you get a new issue: channel binding doesn't work with all
ciphersuites because of the DHE validation issue. I think SASL is
important enough to support anonymous ECDH, and maybe anonymous DH if
we can fix it. However, using it without authenticating endpoints
isn't getting anything.

Sincerely,
Watson Ladd
>
> Nico
> --
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin

v2.23.0 | Report a Bug | By Email