IETF Logo Mail Archive

Re: [TLS] Broken browser behaviour with SCADA TLS

Hubert Kario <hkario@redhat.com> Mon, 09 July 2018 10:58 UTC

Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2549130E3C for <tls@ietfa.amsl.com>; Mon, 9 Jul 2018 03:58:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oc38tXTAoYii for <tls@ietfa.amsl.com>; Mon, 9 Jul 2018 03:58:41 -0700 (PDT)
Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B59B012D7F8 for <tls@ietf.org>; Mon, 9 Jul 2018 03:58:41 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C455C857AB; Mon, 9 Jul 2018 10:58:40 +0000 (UTC)
Received: from pintsize.usersys.redhat.com (ovpn-200-16.brq.redhat.com [10.40.200.16]) by smtp.corp.redhat.com (Postfix) with ESMTP id 005122166BA2; Mon, 9 Jul 2018 10:58:38 +0000 (UTC)
From: Hubert Kario <hkario@redhat.com>
To: tls@ietf.org
Date: Mon, 09 Jul 2018 12:58:33 +0200
Message-ID: <8417187.FtxZZQNsAt@pintsize.usersys.redhat.com>
In-Reply-To: <1530757910178.45400@cs.auckland.ac.nz>
References: <1530687136897.97792@cs.auckland.ac.nz> <CAF8qwaBTHfn7iBEaZ9QQ2ueP09Qn4J2s1sBWhqopTzq7eLF6ww@mail.gmail.com> <1530757910178.45400@cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart5302405.CUEPRHvGVM"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Mon, 09 Jul 2018 10:58:40 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Mon, 09 Jul 2018 10:58:40 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'hkario@redhat.com' RCPT:''
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/w84t_kjOoUmr6u-3lk1BNqYVQH0>
Subject: Re: [TLS] Broken browser behaviour with SCADA TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jul 2018 10:58:44 -0000

On Thursday, 5 July 2018 04:32:08 CEST Peter Gutmann wrote:
> David Benjamin <davidben@chromium.org>​ writes:
> >The bad feedback was not even at a 2048-bit minimum, but a mere 1024-bit
> >minimum. (Chrome enabled far more DHE ciphers than others, so we
> >encountered a lot of this.) 2048-bit was completely hopeless. At the time
> >of removal, 95% of DHE negotiations made by Chrome used a 1024-bit
> >minimum.
> 
> How does Google, rather than the people running the systems being connected
> to, know that 1024-bit DH isn't secure enough for a given environment?  The
> majority of this stuff is running on isolated, private networks or inside
> VPN tunnels for which pretty much anything, including 512-bit keys, are
> fine.

There Is No Such Thing As A Trusted Network

and there wasn't for half a decade at least

If the IPsec is used for p2p security, then the TLS is useless in the first 
place. If there is "last leg" that goes over regular copper or fibre, then TLS 
is providing the security, so 512 big keys are NOT secure

https://cloud.google.com/beyondcorp/
https://blog.cloudpassage.com/2015/10/06/the-end-of-trusted-networks/
and dozens of other articles on the topic

I'll just ignore the fact that no browser has ability to tell if it is 
connecting over such "secure" network or not, let alone making it 
unexploitable for regular Internet connections...

-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

v2.23.0 | Report a Bug | By Email