Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)

Nicolas Williams <> Thu, 11 November 2010 20:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 070B13A697E; Thu, 11 Nov 2010 12:14:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.174
X-Spam-Status: No, score=-6.174 tagged_above=-999 required=5 tests=[AWL=-0.176, BAYES_00=-2.599, J_CHICKENPOX_15=0.6, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id M5zyCnrT64GO; Thu, 11 Nov 2010 12:14:27 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 322843A6924; Thu, 11 Nov 2010 12:14:27 -0800 (PST)
Received: from ( []) by (Switch-3.4.2/Switch-3.4.2) with ESMTP id oABKEqbT003111 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 11 Nov 2010 20:14:53 GMT
Received: from ( []) by (Switch-3.4.2/Switch-3.4.1) with ESMTP id oABJQKA3026746; Thu, 11 Nov 2010 20:14:50 GMT
Received: from by with ESMTP id 771378881289506450; Thu, 11 Nov 2010 12:14:10 -0800
Received: from (/ by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 11 Nov 2010 12:14:09 -0800
Date: Thu, 11 Nov 2010 14:14:04 -0600
From: Nicolas Williams <>
To: Marsh Ray <>
Subject: Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)
Message-ID: <>
References: <> <> <> <> <> <> <> <> <007d01cb81bf$548f3880$> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.20 (2010-03-02)
X-Mailman-Approved-At: Fri, 12 Nov 2010 08:06:55 -0800
Cc: Paul Hoffman <>,,
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Transport Area Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 11 Nov 2010 20:14:28 -0000

On Thu, Nov 11, 2010 at 12:17:22PM -0600, Marsh Ray wrote:
> On 11/11/2010 10:41 AM, t.petch wrote:
> >
> >To return to (what I see as) the main purpose of the thread, I too
> >think that StartTLS is a good, if not an excellent idea; I see no
> >difference in the vulnerabilities (although my cryptanalysis is weak).
> Well, that's the thing. In theory there is no difference, in
> practice however...

FUD alert.

> Look at HTTP/HTTPS as an example. It doesn't use STARTTLS to
> negotiate an optional security upgrade. Well there is an RFC for it
> but I've never heard of anyone using it, if that functionality is
> latent, no one is depending on it.

You're not explaining why no one uses HTTP StartTLS.  I assure you that
people use LDAP with StartTLS.  The specific reasons that led to one
being used and the other not are likely to be of interest, though I
can't say I have much insight into either.

> The first thing users learn about web security is to put the 's' on
> the end of HTTPS.

I think HTTP is a bit special.  HTTP/1.0 has resulted in a very high
number of round-trips to GET anything.  That Sucks.  More round-trips
(for StartTLS) would just suck more.  If HTTP/1.0 had had pipelining
from the get-go then the situation would be different, and then we could
say that HTTP + StartTLS is a fair thing to do when given an HTTPS URL.

> On the other hand, my email program gives me an option to use
> "STARTTLS". Even after I took packet captures of the connection
> process and observed it correctly negotiating the use of encryption,
> I still cannot tell if my email is vulnerable to a downgrade attack.

Without tracing every program you can't tell if the program is lying to
you about anything, anything at all.  Your program could be trojaned and
might be sharing your secret credentials with the bad guys.