IETF Logo Mail Archive

Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)

Bill Frantz <frantz@pwpconsult.com> Tue, 09 November 2010 00:57 UTC

Return-Path: <frantz@pwpconsult.com>
X-Original-To: tsvwg@core3.amsl.com
Delivered-To: tsvwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 90A8A3A67E3; Mon, 8 Nov 2010 16:57:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.599
X-Spam-Level:
X-Spam-Status: No, score=-4.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, GB_I_LETTER=-2]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id va7yij3bu1nZ; Mon, 8 Nov 2010 16:57:47 -0800 (PST)
Received: from elasmtp-junco.atl.sa.earthlink.net (elasmtp-junco.atl.sa.earthlink.net [209.86.89.63]) by core3.amsl.com (Postfix) with ESMTP id 741BE3A67B7; Mon, 8 Nov 2010 16:57:47 -0800 (PST)
Received: from [173.75.83.134] (helo=Bill-Frantzs-MacBook-Pro.local) by elasmtp-junco.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <frantz@pwpconsult.com>) id 1PFcXJ-0003JL-94; Mon, 08 Nov 2010 19:58:09 -0500
Date: Mon, 08 Nov 2010 16:58:08 -0800
From: Bill Frantz <frantz@pwpconsult.com>
Subject: Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)
To: Marsh Ray <marsh@extendedsubset.com>
X-Priority: 3
In-Reply-To: <4CD83312.5060000@extendedsubset.com>
Message-ID: <r314ps-1064i-F1768EC0FD3A4F8AB751114850DB0BBD@Bill-Frantzs-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.2.5
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec7958d029fd06d597e300ef6861ec153d64350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 173.75.83.134
X-Mailman-Approved-At: Tue, 09 Nov 2010 00:06:07 -0800
Cc: tsvwg@ietf.org, tls@ietf.org
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tsvwg>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2010 00:57:48 -0000

On 11/8/10 at 9:27 AM, marsh@extendedsubset.com (Marsh Ray) wrote:

>Should we only be concerned with passive eavesdropping? If so, 
>then consider how much higher adoption could have been if the 
>specs had endorsed anon-anon DH connections such that there was 
>no need for admins to set up certificates for their mail 
>servers before deploying encryption.

Don't underestimate the value of protection from passive 
eavesdropping. It buys you quite a bit in the mobile WiFi world, 
where trusting the network providers is not an unreasonable 
level of trust compared with trusting anyone who can hear your 
radio connection.

As an exercise for the student: Do you trust your network 
provider more than you trust our current version of PKI?

My answer might depend on how the three letter agencies active 
where my packets may flow fit into my threat model.

Cheers - Bill

---------------------------------------------------------------------------
Bill Frantz        |"We used to quip that "password" is the most common
408-356-8506       | password. Now it's 'password1.' Who said 
users haven't
www.periwinkle.com | learned anything about security?" -- Bruce Schneier

v2.23.0 | Report a Bug | By Email