Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)

Nicolas Williams <Nicolas.Williams@oracle.com> Tue, 09 November 2010 18:41 UTC

Return-Path: <Nicolas.Williams@oracle.com>
X-Original-To: tsvwg@core3.amsl.com
Delivered-To: tsvwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CE0B93A693F; Tue, 9 Nov 2010 10:41:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.466
X-Spam-Level:
X-Spam-Status: No, score=-6.466 tagged_above=-999 required=5 tests=[AWL=0.132, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qRD119RkXApH; Tue, 9 Nov 2010 10:41:37 -0800 (PST)
Received: from rcsinet10.oracle.com (rcsinet10.oracle.com [148.87.113.121]) by core3.amsl.com (Postfix) with ESMTP id C286C3A68E4; Tue, 9 Nov 2010 10:41:37 -0800 (PST)
Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227]) by rcsinet10.oracle.com (Switch-3.4.2/Switch-3.4.2) with ESMTP id oA9Ifvu4000763 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 9 Nov 2010 18:41:58 GMT
Received: from acsmt354.oracle.com (acsmt354.oracle.com [141.146.40.154]) by acsinet15.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id oA9AcxQf004709; Tue, 9 Nov 2010 18:41:49 GMT
Received: from abhmt015.oracle.com by acsmt354.oracle.com with ESMTP id 762078661289327569; Tue, 09 Nov 2010 10:32:49 -0800
Received: from oracle.com (/129.153.128.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 09 Nov 2010 10:32:49 -0800
Date: Tue, 9 Nov 2010 12:32:44 -0600
From: Nicolas Williams <Nicolas.Williams@oracle.com>
To: "Steingruebl, Andy" <asteingruebl@paypal-inc.com>
Subject: Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)
Message-ID: <20101109183244.GF6536@oracle.com>
References: <p06240843c8fd6c508084@[130.129.55.1]> <4CD83312.5060000@extendedsubset.com> <20101108202407.GO6536@oracle.com> <4CD86FC4.4070308@extendedsubset.com> <20101108221016.GT6536@oracle.com> <4CD8A811.1080801@extendedsubset.com> <20101109035040.GA6536@oracle.com> <4CD98A16.4070004@extendedsubset.com> <20101109181114.GE6536@oracle.com> <5EE049BA3C6538409BBE6F1760F328ABEB184BD40E@DEN-MEXMS-001.corp.ebay.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5EE049BA3C6538409BBE6F1760F328ABEB184BD40E@DEN-MEXMS-001.corp.ebay.com>
User-Agent: Mutt/1.5.20 (2010-03-02)
X-Mailman-Approved-At: Fri, 12 Nov 2010 08:06:55 -0800
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, "tls@ietf.org" <tls@ietf.org>, "tsvwg@ietf.org" <tsvwg@ietf.org>, Marsh Ray <marsh@extendedsubset.com>
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tsvwg>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2010 18:41:40 -0000

On Tue, Nov 09, 2010 at 11:22:41AM -0700, Steingruebl, Andy wrote:
> > From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of
> > Nicolas Williams
> > 
> > Philosophy is fine, but the original poster proposed something concrete (that
> > we drop StartTLS and just always use raw TLS); we should have an answer to
> > that.  Mine is that the arguments against StartTLS are weak, and the
> > arguments for always using raw TLS are also weak.  I'm unconvinced by the
> > OP's and others' arguments against StartTLS.
> 
> Maybe I missed it but from a performance standpoint how do you solve
> the fast restart problem with StartTLS bootstrapping instead of
> implicit-TLS with a dedicated port?  Seems like for anything that is
> user-interactive (HTTP, etc) rather than async (SMTP) that the
> performance differences will be extreme. Yes?

First, I'm not proposing that we all start using StartTLS in HTTP.
HTTPS is here to stay.  IIRC the OP was talking about StartTLS in SMTP.

Second, I don't think "the performance differences will be extreme".
StartTLS implies one more round-trip.  That sucks, but for apps that
tend to maintain long-lived connections it's a wash.  For HTTP it's not
a wash, I agree.

> I think the downgrade attacks can both be solved with the
> oft-discussed generic "Strict Transport Security" work going on in
> multiple forums, and isn't dependent on which TLS bootstrap mode we
> choose, implicit, or StartTLS variety.

The downgrade problems are only solved by the client/user knowing that
fallback on not using TLS is not in their interest.  Note that forcing
TLS on all the time isn't a solution either unless at least servers are
authenticated by TLS all the time too (i.e., fallback on ADH is not good
either).  I think I've just agreed with what you wrote.

Nico
--