Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)
Marsh Ray <marsh@extendedsubset.com> Thu, 11 November 2010 18:16 UTC
Return-Path: <marsh@extendedsubset.com>
X-Original-To: tsvwg@core3.amsl.com
Delivered-To: tsvwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DF7823A6892; Thu, 11 Nov 2010 10:16:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.382
X-Spam-Level:
X-Spam-Status: No, score=-2.382 tagged_above=-999 required=5 tests=[AWL=-0.383, BAYES_00=-2.599, J_CHICKENPOX_15=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JH706+ZB4v70; Thu, 11 Nov 2010 10:16:55 -0800 (PST)
Received: from mho-01-ewr.mailhop.org (mho-01-ewr.mailhop.org [204.13.248.71]) by core3.amsl.com (Postfix) with ESMTP id 233123A67B2; Thu, 11 Nov 2010 10:16:55 -0800 (PST)
Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-01-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from <marsh@extendedsubset.com>) id 1PGbi9-000Dks-7s; Thu, 11 Nov 2010 18:17:25 +0000
Received: from [192.168.1.15] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id CC5026019; Thu, 11 Nov 2010 18:17:22 +0000 (UTC)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 69.164.193.58
X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX1/EomebJKl2/2eFiyre6nbtKqe29f246V0=
Message-ID: <4CDC3332.7060402@extendedsubset.com>
Date: Thu, 11 Nov 2010 12:17:22 -0600
From: Marsh Ray <marsh@extendedsubset.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.15) Gecko/20101027 Thunderbird/3.0.10
MIME-Version: 1.0
To: "t.petch" <ietfc@btconnect.com>
Subject: Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)
References: <E1PFKZ3-0002jp-Bu@login01.fos.auckland.ac.nz><p06240843c8fd6c508084@[130.129.55.1]><4CD83312.5060000@extendedsubset.com><20101108202407.GO6536@oracle.com><4CD86FC4.4070308@extendedsubset.com><20101108221016.GT6536@oracle.com><4CD8A811.1080801@extendedsubset.com><20101109035040.GA6536@oracle.com><4CD98A16.4070004@extendedsubset.com> <20101109181114.GE6536@oracle.com> <007d01cb81bf$548f3880$4001a8c0@gateway.2wire.net>
In-Reply-To: <007d01cb81bf$548f3880$4001a8c0@gateway.2wire.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Fri, 12 Nov 2010 08:06:55 -0800
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, tls@ietf.org, tsvwg@ietf.org, Nicolas Williams <Nicolas.Williams@oracle.com>
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tsvwg>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2010 18:16:56 -0000
On 11/11/2010 10:41 AM, t.petch wrote: > > To return to (what I see as) the main purpose of the thread, I too > think that StartTLS is a good, if not an excellent idea; I see no > difference in the vulnerabilities (although my cryptanalysis is weak). Well, that's the thing. In theory there is no difference, in practice however... Look at HTTP/HTTPS as an example. It doesn't use STARTTLS to negotiate an optional security upgrade. Well there is an RFC for it but I've never heard of anyone using it, if that functionality is latent, no one is depending on it. The first thing users learn about web security is to put the 's' on the end of HTTPS. The first thing web developers/admins do when setting up a secure site is to bind it to port 443. They can set port 80 to redirect port 443. The web developer can easily test that this is working in his web browser. The web site publishes 'https:' links and the user bookmarks them. If the TLS isn't working, no data is transferred. The TLS isn't optional. (You might raise the point that most users don't know the difference, but consider all the programmatic SOAP/web service clients which do.) On the other hand, my email program gives me an option to use "STARTTLS". Even after I took packet captures of the connection process and observed it correctly negotiating the use of encryption, I still cannot tell if my email is vulnerable to a downgrade attack. The only way to find out is by performing exhaustive testing with an attack tool, or by direct inspection of the source code! There are certainly a lot of things we could say about HTTPS security, but I believe that in this case has something valuable which STARTTLS-based protocols typically do not. - Marsh
- Security concerns around co-locating TLS and non-… Magnus Westerlund
- Re: [TLS] Security concerns around co-locating TL… Paul Hoffman
- Re: [TLS] Security concerns around co-locating TL… Magnus Westerlund
- Re: [TLS] Security concerns around co-locating TL… Michael D'Errico
- Re: Security concerns around co-locating TLS and … Geoffrey Keating
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Richard Hartmann
- Re: [TLS] Security concerns around co-locating TL… Richard Hartmann
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Bill Frantz
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… t.petch
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Martin Rex
- Re: [TLS] Security concerns around co-locating TL… Nicolas Williams
- Re: [TLS] Security concerns around co-locating TL… Marsh Ray
- Re: [TLS] Security concerns around co-locating TL… Matt DeMoss
- Re: [TLS] Security concerns around co-locating TL… Nico Williams
- Re: [TLS] Security concerns around co-locating TL… Chris Newman
- Re: [TLS] Security concerns around co-locating TL… Yoav Nir
- Re: [TLS] Security concerns around co-locating TL… Joe Touch