Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)
Marsh Ray <marsh@extendedsubset.com> Mon, 08 November 2010 17:27 UTC
Return-Path: <marsh@extendedsubset.com>
X-Original-To: tsvwg@core3.amsl.com
Delivered-To: tsvwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0F68E3A695A; Mon, 8 Nov 2010 09:27:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2kiHMnQ6UwM5; Mon, 8 Nov 2010 09:27:30 -0800 (PST)
Received: from mho-02-ewr.mailhop.org (mho-02-ewr.mailhop.org [204.13.248.72]) by core3.amsl.com (Postfix) with ESMTP id 9B0613A67E5; Mon, 8 Nov 2010 09:27:30 -0800 (PST)
Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-02-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from <marsh@extendedsubset.com>) id 1PFVVW-000NIW-VA; Mon, 08 Nov 2010 17:27:51 +0000
Received: from [192.168.1.15] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id 1206F6019; Mon, 8 Nov 2010 17:27:47 +0000 (UTC)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 69.164.193.58
X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX1/sjdrSyusZb+qK0bRJjO+Hq1KQcM0D1dI=
Message-ID: <4CD83312.5060000@extendedsubset.com>
Date: Mon, 08 Nov 2010 11:27:46 -0600
From: Marsh Ray <marsh@extendedsubset.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.15) Gecko/20101027 Thunderbird/3.0.10
MIME-Version: 1.0
To: Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)
References: <E1PFKZ3-0002jp-Bu@login01.fos.auckland.ac.nz> <p06240843c8fd6c508084@[130.129.55.1]>
In-Reply-To: <p06240843c8fd6c508084@[130.129.55.1]>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Tue, 09 Nov 2010 00:06:07 -0800
Cc: magnus.westerlund@ericsson.com, tsvwg@ietf.org, mike-list@pobox.com, tls@ietf.org, Peter Gutmann <pgut001@cs.auckland.ac.nz>
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tsvwg>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Nov 2010 17:27:32 -0000
On 11/08/2010 03:07 AM, Paul Hoffman wrote: > > "some security issues": See the long Security Considerations section > on RFC 3207. Hmmm, yes, the little matter of the downgrade attack. "Other than that, Mrs. Lincoln, how did you like the play?" :-P > "be complexer to implement than using two ports": See the state > machine described in section 4 and its subsections in RFC 3207. > That's much more complex than "OK, let's go". > > "thus less popular": Developers would like fewer code paths and more > failure states. It's a decision that ends up in the hands of the admin anyway. Admins are already maintaining the ACLs on their firewall. What are the advantages of running different versions of a protocol (having radically different security properties) on the same vs. different TCP ports? As I see it, running on different ports has some advantages: * Developers don't have to implement and test protocol support for some negotiation scheme. * Developers don't have to code support for configuration * Admins don't have to learn more configuration, site security doesn't depend as much on the perfection of sendmail.cf. * Admins can look at their firewall rules, use wireshark and telnet-level test tools to gain confidence that they have blocked off unencrypted traffic. * Passive network monitoring tools can't observe a STARTTLS handshakes and conclude that there is not still a vulnerability to downgrade. Testing tools which can prove the absence of a STARTTLS downgrade vulnerability are likely to be complex and not fully conclusive (perhaps it could even depend on complex mail delivery rules). Running on the same port has some advantages: * It saves a port number allocation. * It may be compatible with some existing firewall rules. I think a secure-only port number is the superior solution for many reasons. The ability to reliably block insecure connections based on looking only at the TCP/IP header is a powerful thing. > At 6:46 PM +1300 11/8/10, Peter Gutmann wrote: >> About a year after the initial STARTTLS spec was published, I and a >> few other security geeks did some informal surveys of mail being >> processed at a couple of large sites and found that STARTTLS, after >> a year, was securing more mail than all other email encryption >> protocols combined, and that was a decade ago. That's great. Did you test resistance to downgrade attacks? Should we only be concerned with passive eavesdropping? If so, then consider how much higher adoption could have been if the specs had endorsed anon-anon DH connections such that there was no need for admins to set up certificates for their mail servers before deploying encryption. >> So, what research or figures is the above claim, that STARTTLS is >> less popular than using port 465, based on? > > STARTTLS in POP and IMAP is much less popular than POP and IMAP on a > second port for TLS. FWIW, Mozilla Thunderbird seems to try STARTTLS first. But their scheme is hardly a gold standard: http://extendedsubset.com/?p=22 Security is obtained only when both endpoints refuse to exchange meaningful data (or engage in any forwardable authentication scheme) until a mutually authenticated and encrypted channel has been established. So IMHO, that should be the default configuration setting and the starting point for the discussion. From there we can negotiate downwards, but we should recognize that it's the game of "My data (and perhaps even my authentication credentials) hold little enough value that an attacker will probably not go to the trouble of an active attack. I hope." - Marsh
- Security concerns around co-locating TLS and non-… Magnus Westerlund
- Re: [TLS] Security concerns around co-locating TL… Paul Hoffman
- Re: [TLS] Security concerns around co-locating TL… Magnus Westerlund
- Re: [TLS] Security concerns around co-locating TL… Michael D'Errico
- Re: Security concerns around co-locating TLS and … Geoffrey Keating
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Richard Hartmann
- Re: [TLS] Security concerns around co-locating TL… Richard Hartmann
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Bill Frantz
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… t.petch
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Matt DeMoss
- Re: [TLS] Security concerns around co-locating TL… Nico Williams
- Re: [TLS] Security concerns around co-locating TL… Chris Newman
- Re: [TLS] Security concerns around co-locating TL… Yoav Nir
- Re: [TLS] Security concerns around co-locating TL… Joe Touch