Re: [TLS] The risk of misconfiguration
Watson Ladd <watsonbladd@gmail.com> Wed, 07 May 2014 01:08 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90DCD1A045F for <tls@ietfa.amsl.com>; Tue, 6 May 2014 18:08:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZrgAXPc2MRVL for <tls@ietfa.amsl.com>; Tue, 6 May 2014 18:08:57 -0700 (PDT)
Received: from mail-yh0-x236.google.com (mail-yh0-x236.google.com [IPv6:2607:f8b0:4002:c01::236]) by ietfa.amsl.com (Postfix) with ESMTP id E46781A03F8 for <tls@ietf.org>; Tue, 6 May 2014 18:08:56 -0700 (PDT)
Received: by mail-yh0-f54.google.com with SMTP id i57so272947yha.13 for <tls@ietf.org>; Tue, 06 May 2014 18:08:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=jCt8/K0JFeKHpXOsrmJLWYprLTNIl79pPfu3SKmhv4I=; b=eBg0DwomjGx0wdBT9jvkjr40sq42/Kf3YIM2oMf0aFxp0WKu1EMeLpAvpCe3zSwC+V yTX9pNX3V3bbo5ZSsWM4OAwf7uz4LcB+8EzhsgyaiBNPFuy2c+yPGmMyHZfLYrbtp4Ky DbWqLhM1QagzMUxX9FONNRdkHz6foRFa0pjPA6fSP0ltgF5ATfUUZ6UAJ3itq8u4rQEx fhLxHOfA+xpjvx0JzI5MhGqaVUZpshYnhJ34PI/viJTRQIb4WmJiR7l0CqB0M9yvkELd lixHGOU/amFVWWPjRMzfgmuh2bMkC7vLpR0/tawzYXgVaqEKWF0bGiumEf49uyhChSrI J81g==
MIME-Version: 1.0
X-Received: by 10.236.137.8 with SMTP id x8mr61821389yhi.4.1399424932898; Tue, 06 May 2014 18:08:52 -0700 (PDT)
Received: by 10.170.63.197 with HTTP; Tue, 6 May 2014 18:08:52 -0700 (PDT)
In-Reply-To: <20140507002452.GH27883@mournblade.imrryr.org>
References: <CACsn0cnvV9c5aH5p8cD1fJEzF4dmNXBaEaHCfkX82AZqKOUYaQ@mail.gmail.com> <53692FC2.1060009@akr.io> <20140506221344.GB27883@mournblade.imrryr.org> <536977E3.3000608@akr.io> <20140507002452.GH27883@mournblade.imrryr.org>
Date: Tue, 06 May 2014 18:08:52 -0700
Message-ID: <CACsn0ck5UtC9T1ktgAiWimWAxBPNoANfOEB8MOF9CfQLCMgSHw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/xul6CP7xo_yR6yEYGrH80GLi5dg
Subject: Re: [TLS] The risk of misconfiguration
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 May 2014 01:08:59 -0000
On Tue, May 6, 2014 at 5:24 PM, Viktor Dukhovni <viktor1dane@dukhovni.org> wrote: > On Wed, May 07, 2014 at 01:01:39AM +0100, Alyssa Rowan wrote: > >> > The OpenSSL cipherlist is >> >> ...um. The word I'd use would be: hairy. >> >> In practice, unfortunately way too hairy for the average developer; >> whence passing the buck to the average end-user; whence the average >> end-user taking the cipherlist as copypasta from the first Google >> result they found that actually worked. >> >> We've all seen the end results. > > We must not confuse implementation user-interface issues with > protocol issues. The protocol supports many different use-cases. > Interfaces for cipher selection in implementations are not protocol > issues. The OpenSSL cipherlist interface is beginning to get some > attention. That issue belongs on openssl-dev@openssl.org, not > tls@ietf.org. Agreed, but it's an example of the hazard that insecure modes present. OpenSSL is not an outlier: with 100+ possible ciphersuites, with strange omissions and inclusions, and completely lacking information about which curve to use, designing a good configuration system to pick TLS ciphersuites is hard. PolarSSL takes the exact opposite tack, forcing users to subset a single preference order. It is entirely possible that legitimately desired ciphersuites cannot be chosen in PolarSSL: I know they cannot be reordered. No matter how the choice is presented to end-users or application developers, so long as it is possible to misconfigure TLS, it will be misconfigured. You can blame the end user or the programmer or the library writer all you want, but unless a library is willing to forgo supporting null ciphers, they will be used inadvertently. Why include something that should virtually never be used, when using it has bad consequences? We've recognized the need for guidance on how to use TLS, hence formation of UTA. We're punting on implementation, although I recently got an email about the C standards body wanting to standardize APIs for networks, which, if they included TLS with a sane API would be wonderful. But the complexity that OpenSSL reveals is real: there is no way to support all possible combinations of ciphersuites without something this nasty to pick between them. Sincerely, Watson Ladd > -- > Viktor. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Watson Ladd
- [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Alyssa Rowan
- Re: [TLS] The risk of misconfiguration James Cloos
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Andrei Popov
- Re: [TLS] The risk of misconfiguration Alyssa Rowan
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Ralph Holz
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Fedor Brunner
- Re: [TLS] The risk of misconfiguration Nikos Mavrogiannopoulos
- Re: [TLS] The risk of misconfiguration Warren Kumari
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Michael D'Errico
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Michael D'Errico
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Alyssa Rowan
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] Fingerprinting weaknesses (was: The ris… Alyssa Rowan
- Re: [TLS] Fingerprinting weaknesses (was: The ris… Salz, Rich
- Re: [TLS] The risk of misconfiguration Alyssa Rowan
- Re: [TLS] Fingerprinting weaknesses (was: The ris… Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] Fingerprinting weaknesses (was: The ris… Nico Williams
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] Fingerprinting weaknesses (was: The ris… Watson Ladd
- Re: [TLS] The risk of misconfiguration Nico Williams
- Re: [TLS] Fingerprinting weaknesses (was: The ris… Nico Williams
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Salz, Rich
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Manuel Pégourié-Gonnard
- Re: [TLS] The risk of misconfiguration Yoav Nir
- Re: [TLS] The risk of misconfiguration Salz, Rich
- Re: [TLS] The risk of misconfiguration Martin Rex
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Martin Thomson
- Re: [TLS] The risk of misconfiguration Stephen Farrell
- Re: [TLS] The risk of misconfiguration Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] The risk of misconfiguration Manuel Pégourié-Gonnard
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Russ Housley
- Re: [TLS] The risk of misconfiguration Bill Frantz
- Re: [TLS] The risk of misconfiguration Michael D'Errico
- Re: [TLS] The risk of misconfiguration Daniel Kahn Gillmor
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration (Muphry's … Viktor Dukhovni
- Re: [TLS] The risk of misconfiguration Watson Ladd
- Re: [TLS] The risk of misconfiguration Stephen Farrell
- Re: [TLS] The risk of misconfiguration Viktor Dukhovni