IETF Logo Mail Archive

Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)

Marsh Ray <marsh@extendedsubset.com> Thu, 11 November 2010 20:34 UTC

Return-Path: <marsh@extendedsubset.com>
X-Original-To: tsvwg@core3.amsl.com
Delivered-To: tsvwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BB02B3A687F; Thu, 11 Nov 2010 12:34:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.353
X-Spam-Level:
X-Spam-Status: No, score=-2.353 tagged_above=-999 required=5 tests=[AWL=-0.354, BAYES_00=-2.599, J_CHICKENPOX_15=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RQGhOvDwIe+6; Thu, 11 Nov 2010 12:34:18 -0800 (PST)
Received: from mho-02-ewr.mailhop.org (mho-02-ewr.mailhop.org [204.13.248.72]) by core3.amsl.com (Postfix) with ESMTP id 186F53A682F; Thu, 11 Nov 2010 12:34:17 -0800 (PST)
Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-02-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from <marsh@extendedsubset.com>) id 1PGdr5-000NNI-Fp; Thu, 11 Nov 2010 20:34:47 +0000
Received: from [192.168.1.15] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id 4F4146019; Thu, 11 Nov 2010 20:34:45 +0000 (UTC)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 69.164.193.58
X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX1//p1qEdSP+eXi2riQpch9MnqucOFnKfis=
Message-ID: <4CDC5364.7020804@extendedsubset.com>
Date: Thu, 11 Nov 2010 14:34:44 -0600
From: Marsh Ray <marsh@extendedsubset.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.15) Gecko/20101027 Thunderbird/3.0.10
MIME-Version: 1.0
To: Nicolas Williams <Nicolas.Williams@oracle.com>
Subject: Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)
References: <4CD83312.5060000@extendedsubset.com> <20101108202407.GO6536@oracle.com> <4CD86FC4.4070308@extendedsubset.com> <20101108221016.GT6536@oracle.com> <4CD8A811.1080801@extendedsubset.com> <20101109035040.GA6536@oracle.com> <4CD98A16.4070004@extendedsubset.com> <20101109181114.GE6536@oracle.com> <007d01cb81bf$548f3880$4001a8c0@gateway.2wire.net> <4CDC3332.7060402@extendedsubset.com> <20101111201404.GG6536@oracle.com>
In-Reply-To: <20101111201404.GG6536@oracle.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Fri, 12 Nov 2010 08:06:55 -0800
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, tsvwg@ietf.org, tls@ietf.org
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tsvwg>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2010 20:34:18 -0000

On 11/11/2010 02:14 PM, Nicolas Williams wrote:
> On Thu, Nov 11, 2010 at 12:17:22PM -0600, Marsh Ray wrote:
>> On 11/11/2010 10:41 AM, t.petch wrote:
>>>
>>> To return to (what I see as) the main purpose of the thread, I too
>>> think that StartTLS is a good, if not an excellent idea; I see no
>>> difference in the vulnerabilities (although my cryptanalysis is weak).
>>
>> Well, that's the thing. In theory there is no difference, in
>> practice however...
>
> FUD alert.

I suppose this conversation isn't going anywhere useful. I'll not burden 
the WG list(s) with it any longer.

Anyone who wants to, feel free to keep up the discussion with 'reply all'.

> You're not explaining why no one uses HTTP StartTLS.

Because my point was that it's not relevant to the discussion. But I 
seemed to have just confused the issue by mentioning it at all.

> Without tracing every program you can't tell if the program is lying to
> you about anything, anything at all.  Your program could be trojaned and
> might be sharing your secret credentials with the bad guys.

Why stop there? There is a whole industry's worth of evidence that even 
professional programmers working in heavily peer-reviewed environments 
can't write substantial programs without backdoors, intentional or not. 
The CPU in your/my computer (or most any of the other chips) has 
undocumented opcodes. The chip designers send their stuff off to someone 
else to be manufactured, too. Still, I need to know if my email program 
is willing to send my password in plaintext.

I claim only that there is a difference between the way my web browser 
handles http/https over TCP ports 80/443, and the way my email program 
handles STARTTLS. It may, in fact, be entirely implementation issues 
that make the difference. But still something could be gained by the 
discussion.

- Marsh

v2.23.0 | Report a Bug | By Email