IETF Logo Mail Archive

Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)

Paul Hoffman <paul.hoffman@vpnc.org> Mon, 08 November 2010 09:07 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: tsvwg@core3.amsl.com
Delivered-To: tsvwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6C9AA3A68E8; Mon, 8 Nov 2010 01:07:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.21
X-Spam-Level:
X-Spam-Status: No, score=-101.21 tagged_above=-999 required=5 tests=[AWL=0.836, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZeY4rNAKkR12; Mon, 8 Nov 2010 01:07:52 -0800 (PST)
Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by core3.amsl.com (Postfix) with ESMTP id A93793A68E6; Mon, 8 Nov 2010 01:07:52 -0800 (PST)
Received: from [130.129.55.1] (dhcp-25eb.meeting.ietf.org [130.129.37.235]) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id oA897k7O064123 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 8 Nov 2010 02:07:57 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p06240843c8fd6c508084@[130.129.55.1]>
In-Reply-To: <E1PFKZ3-0002jp-Bu@login01.fos.auckland.ac.nz>
References: <E1PFKZ3-0002jp-Bu@login01.fos.auckland.ac.nz>
Date: Mon, 08 Nov 2010 17:07:42 +0800
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, magnus.westerlund@ericsson.com, mike-list@pobox.com
From: Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)
Content-Type: text/plain; charset="us-ascii"
Cc: tls@ietf.org, tsvwg@ietf.org
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tsvwg>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Nov 2010 09:07:53 -0000

At 6:46 PM +1300 11/8/10, Peter Gutmann wrote:
>I kinda missed this in the original, but I can't let it go unchallenged:
>
>> My summary of that comment is that STARTTLS for SMTP (RFC 3207) has
>> shown to have some security issues, be complexer to implement than using
>> two ports and thus less popular.
>
>What is this claim based on?

"some security issues": See the long Security Considerations section on RFC 3207.

"be complexer to implement than using two ports": See the state machine described in section 4 and its subsections in RFC 3207. That's much more complex than "OK, let's go".

"thus less popular": Developers would like fewer code paths and more failure states.

> About a year after the initial STARTTLS spec was
>published, I and a few other security geeks did some informal surveys of mail
>being processed at a couple of large sites and found that STARTTLS, after a
>year, was securing more mail than all other email encryption protocols
>combined, and that was a decade ago. 

"more than a bunch of slacker protocols" is a pretty low bar.

>(And going back to Paul Hoffman's
>original post, as the author of the world's most successful email encryption
>RFC I don't think he has anything to apologise about).

We disagree. :-)

>So, what research or figures is the above claim, that STARTTLS is less popular
>than using port 465, based on?

I don't think that is what Magnus said, but he can speak for himself. STARTTLS in POP and IMAP is much less popular than POP and IMAP on a second port for TLS.

--Paul Hoffman, Director
--VPN Consortium

v2.23.0 | Report a Bug | By Email