Re: [TLS] TLS, PKI, and web security. Was: Eleven out of every ten SSL certs aren't valid
Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 21 July 2010 13:12 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 366033A679C for <tls@core3.amsl.com>; Wed, 21 Jul 2010 06:12:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.757
X-Spam-Level:
X-Spam-Status: No, score=-1.757 tagged_above=-999 required=5 tests=[AWL=-0.617, BAYES_20=-0.74, J_CHICKENPOX_41=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KCSJlyuQWuqC for <tls@core3.amsl.com>; Wed, 21 Jul 2010 06:12:08 -0700 (PDT)
Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) by core3.amsl.com (Postfix) with ESMTP id 7AB423A69DB for <tls@ietf.org>; Wed, 21 Jul 2010 06:12:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1279717945; x=1311253945; h=from:to:subject:cc:in-reply-to:message-id:date; z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz> |To:=20marsh@extendedsubset.com,=20tls@ietf.org|Subject: =20Re:=20TLS,=20PKI,=20and=20web=20security.=20Was:=20[TL S]=20Eleven=20out=20of=20every=20ten=20SSL=20certs=20aren 't=20valid|Cc:=20pgut001@cs.auckland.ac.nz|In-Reply-To: =20<4C44CDBF.1060403@extendedsubset.com>|Message-Id:=20<E 1ObZ5o-0007KC-RJ@wintermute02.cs.auckland.ac.nz>|Date:=20 Thu,=2022=20Jul=202010=2001:12:12=20+1200; bh=aB2TYO09g87+uWTn1jPt6QZucbpecVY+BAW6BE1IUiU=; b=FFH7vY5X6CV5UoZWn1bX9rivgUrLEigiNSa/IvqhJUojDSziRZg5mkNq +3+qH0G9Fy5SaXTax/DqLWDwqSuXoF6e+uihkLpFAB8cE5QeuZUFYCPzr QNb3PSLgrXG7SDnShRW8kQiVHNwnfhTfADn20ZF5hulVWjSohywOH2yqy E=;
X-IronPort-AV: E=Sophos;i="4.55,238,1278244800"; d="scan'208";a="16665048"
X-Ironport-HAT: UNIVERSITY - $RELAY-THROTTLE
X-Ironport-Source: 130.216.207.92 - Outgoing - Outgoing
Received: from wintermute02.cs.auckland.ac.nz ([130.216.207.92]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 22 Jul 2010 01:12:13 +1200
Received: from pgut001 by wintermute02.cs.auckland.ac.nz with local (Exim 4.69) (envelope-from <pgut001@cs.auckland.ac.nz>) id 1ObZ5o-0007KC-RJ; Thu, 22 Jul 2010 01:12:12 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: marsh@extendedsubset.com, tls@ietf.org
In-Reply-To: <4C44CDBF.1060403@extendedsubset.com>
Message-Id: <E1ObZ5o-0007KC-RJ@wintermute02.cs.auckland.ac.nz>
Date: Thu, 22 Jul 2010 01:12:12 +1200
Subject: Re: [TLS] TLS, PKI, and web security. Was: Eleven out of every ten SSL certs aren't valid
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jul 2010 13:12:12 -0000
Marsh Ray <marsh@extendedsubset.com> writes: >This sounds like an endeavor of great merit. Phew, that's better than "OK, you write it then" :-). (This would also be useful for the rest of the big 5, IPsec, SSH, S/MIME, and PGP, for which the threat model is mostly "here's what we defend against, if that's what you want then use it"). >Is this the type of project that any other [TLS] members would be interested >in collaborating on? Count me in. >Ivan Ristic started addressing it from a pretty high level: >http://blog.ivanristic.com/2009/09/ssl-threat-model.html That's a good start, I was thinking of something vaguely similar but built more around services that people require, so providing a shopping list like confidentiality, integrity, dispute (what's incorrectly referred to as "nonrepudiation" most of the time), availability, and so on, and then listing under which conditions TLS does and doesn't provide this. It depends on what the target audience is, Ivan's attack tree is for people worried about how TLS might fail while the services-provided categorisation is for people who need a particular service from TLS and want to know whether they're getting it. >Firstly, we'd need agreement on which RFCs were in scope for the project. Is >this already documented somewhere for the list charter? > >Since TLS has so many negotiable parameters and extensions, it might be a >little difficult to structure it as a flat document. Does anyone have >suggestions on how to organize it considering all the cipher suites, >authentication modes, extensions, etc.? I think for the services-provided approach it might be feasible, so you could say, for example, that "basic TLS doesn't provide this, but with the XYZ capability present it provides a subset of this", that sort of thing. Actually this works for the attack-tree approach as well, a particular arc would be "unmitigated by basic TLS, mitigated by XYZ". (I'm not saying the services-provided view is the best one, it could quite well be terrible, I'm just throwing it out there as a possibility). >What would be really great is when the next big "reverse quadrangle padding >interpolation attack" is published, we had something ready which could help >enumerate all the design features which had built on the specific properties >that had been violated. Yup. What I'd be aiming at is, cheating a bit and using some secure logging text I have lying around as an example, that a user reading the document wouldn't end up with a generic "audit data is stored in a secure manner" (secure relative to what?) but more something like "audit data is stored in a file only writeable by the system-audit user. It should be secure from tampering provided that the operating system file protection mechanisms are functioning as intended, that the system-audit user account hasn.t been compromised, and that the security of the operating system itself hasn.t been compromised, for example through a rootkit that can override the security mechanisms of less-privileged system components". Peter.
- Re: [TLS] Eleven out of every ten SSL certs aren'… aerowolf
- [TLS] Eleven out of every ten SSL certs aren't va… Peter Gutmann
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
- Re: [TLS] Eleven out of every ten SSL certs aren'… Adam Langley
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Tim Dierks
- Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
- Re: [TLS] Eleven out of every ten SSL certs aren'… Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] Eleven out of every ten SSL certs aren'… Rob P Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Joshua Davies
- Re: [TLS] Eleven out of every ten SSL certs aren'… Yoav Nir
- Re: [TLS] Eleven out of every ten SSL certs aren'… aerowolf
- Re: [TLS] Eleven out of every ten SSL certs aren'… Rob P Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Nikos Mavrogiannopoulos
- Re: [TLS] Eleven out of every ten SSL certs aren'… Bill Daskaluk
- Re: [TLS] Eleven out of every ten SSL certs aren'… Tim Dierks
- Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Marsh Ray
- Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Tim Dierks
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Tim Dierks
- Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Marsh Ray
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Marsh Ray
- Re: [TLS] Eleven out of every ten SSL certs aren'… aerowolf
- Re: [TLS] Eleven out of every ten SSL certs aren'… Jeffrey A. Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Bruno Harbulot
- Re: [TLS] Eleven out of every ten SSL certs aren'… Bill Frantz
- Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Bruno Harbulot
- Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
- Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
- Re: [TLS] Eleven out of every ten SSL certs aren'… Marsh Ray
- Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
- Re: [TLS] Eleven out of every ten SSL certs aren'… Florian Weimer
- Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
- Re: [TLS] Eleven out of every ten SSL certs aren'… Bruno Harbulot
- Re: [TLS] Eleven out of every ten SSL certs aren'… Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
- Re: [TLS] Eleven out of every ten SSL certs aren'… Steffen Schulz
- Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
- Re: [TLS] Eleven out of every ten SSL certs aren'… aerowolf
- Re: [TLS] Eleven out of every ten SSL certs aren'… aerowolf
- Re: [TLS] Eleven out of every ten SSL certs aren'… Marsh Ray
- Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Seth David Schoen
- Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
- Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
- Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
- Re: [TLS] Eleven out of every ten SSL certs aren'… =JeffH
- Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
- Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
- Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
- Re: [TLS] Eleven out of every ten SSL certs aren'… Steingruebl, Andy
- Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
- Re: [TLS] Eleven out of every ten SSL certs aren'… Steingruebl, Andy
- [TLS] TLS, PKI, and web security. Was: Eleven out… Marsh Ray
- Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Peter Gutmann
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Marsh Ray
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Robert Relyea
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Bruno Harbulot
- Re: [TLS] TLS, PKI, Martin Rex
- Re: [TLS] TLS, PKI, Robert Relyea
- Re: [TLS] TLS, PKI, Marsh Ray
- Re: [TLS] TLS, PKI, Martin Rex
- Re: [TLS] TLS, PKI, Peter Gutmann
- Re: [TLS] TLS, PKI, Peter Gutmann
- Re: [TLS] TLS, PKI, Marsh Ray
- Re: [TLS] TLS, PKI, Bruno Harbulot
- Re: [TLS] TLS, PKI, Peter Gutmann
- Re: [TLS] TLS, PKI, Yoav Nir
- Re: [TLS] TLS, PKI, Yoav Nir
- Re: [TLS] TLS, PKI, Peter Gutmann
- Re: [TLS] TLS, PKI, Peter Gutmann
- Re: [TLS] TLS, PKI, Bruno Harbulot
- Re: [TLS] TLS, PKI, Robert Relyea
- Re: [TLS] TLS, PKI, Marsh Ray
- Re: [TLS] TLS, PKI, Martin Rex
- Re: [TLS] TLS, PKI, Steingruebl, Andy
- Re: [TLS] TLS, PKI, Kyle Hamilton
- Re: [TLS] TLS, PKI, Marsh Ray
- Re: [TLS] TLS, PKI, Peter Gutmann
- Re: [TLS] TLS, PKI, Bruno Harbulot
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Peter Gutmann
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Marsh Ray
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Peter Gutmann
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Ralph Holz
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Yoav Nir
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Nasko Oskov
- Re: [TLS] TLS, PKI, Martin Rex
- Re: [TLS] TLS, PKI, Martin Rex
- Re: [TLS] TLS, PKI, Peter Gutmann
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Kyle Hamilton