IETF Logo Mail Archive

Re: [Uta] ALPN recommendations in draft-ietf-uta-rfc7525bis-01

Yaron Sheffer <yaronf.ietf@gmail.com> Sun, 01 August 2021 18:58 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0F863A00E0 for <uta@ietfa.amsl.com>; Sun, 1 Aug 2021 11:58:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KutCMNo7G6Mf for <uta@ietfa.amsl.com>; Sun, 1 Aug 2021 11:58:14 -0700 (PDT)
Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AAA33A00DE for <uta@ietf.org>; Sun, 1 Aug 2021 11:58:14 -0700 (PDT)
Received: by mail-io1-xd2e.google.com with SMTP id r18so17850921iot.4 for <uta@ietf.org>; Sun, 01 Aug 2021 11:58:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=user-agent:date:subject:from:to:message-id:thread-topic:references :in-reply-to:mime-version:content-transfer-encoding; bh=ZlpAp5y5WmC5krEHxAGvp+sBasSh/ryoBaGWmvEhJ0Q=; b=Y+LEJAC8ucNhpzOm4ybxMRgVl3DHahCRLjUvdImFs9kJqKODkxYnft2rm4HbHI2tp3 a9ZE6d2eCHR5EoDThl7kjSH2T7HCiZSkn0jjZod2Bytzlg9aCvsN7sV2vJElCJOO1ZGc qib6fDZ5hZVgTthik8i1fq0vDJPaKybm/oDS/pGeQ89jyQd1aCKk0SjF9NOLXfgigpAq x27cDAXBIcsWnNSZAo3A/pyJKwJeZyV6MfddDWP9/x8kErx8GF+AFQfuMeT7edeD31Ay rikMAhSfacGRThe3ln+aJLvt14xenms5I36fJSnr9hRly9bnyEDbYeiRq/EvenEMIpmB 88VQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:message-id :thread-topic:references:in-reply-to:mime-version :content-transfer-encoding; bh=ZlpAp5y5WmC5krEHxAGvp+sBasSh/ryoBaGWmvEhJ0Q=; b=N9tUNJGWRX+58HNN3HNVwviTpEIaVptJbTe42+i1dJjaxx8Stnx6V4pV7Elp3PsDYM yCZIfPJQ2kPN9wbkojgZNmG+miNBY8+uOZOiz9EbLtPcfARawFD5nJwIlvAlp3NEzxW2 /I17GpI1iXsE+6scmBx/DFR93H0mq12CoDz7Hkcda3MjYywdH0Uw7gQecocKq88Tkce0 rtzfmAoQUUhMZYZNQ2zG452aD+xH13D9BH8+S909amwFhrocfMCkaqq8tKKlbUcoGOJY sMG76Tk+Pri10AHVRBk8u22YFsAqvlsK02ARZkHQM5p0DpkBN+RgsviZc4ja67DnakZK 4x4w==
X-Gm-Message-State: AOAM532f2yx6CSzGTZUF14jJyKG3no2RKeuX353VLykc0nfdtiGo8LbN rPYHpem2tlrRS4rROmd9KaQ=
X-Google-Smtp-Source: ABdhPJwS7xBs8J9IC2qX3fie+A7wQvtZ54aV/07/rZdHDFptO5nKDBTNkyBgzkzUizjoXcNsDw+Zzw==
X-Received: by 2002:a05:6638:114:: with SMTP id x20mr11050313jao.118.1627844292972; Sun, 01 Aug 2021 11:58:12 -0700 (PDT)
Received: from [192.168.68.110] (bzq-79-181-28-50.red.bezeqint.net. [79.181.28.50]) by smtp.gmail.com with ESMTPSA id h6sm4502267ilo.0.2021.08.01.11.58.11 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 01 Aug 2021 11:58:12 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/16.51.21071101
Date: Sun, 01 Aug 2021 21:58:08 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
To: John R Levine <johnl@taugh.com>, uta@ietf.org
Message-ID: <CC8C60E3-B6E1-43BC-BF5B-36E76548FEF0@gmail.com>
Thread-Topic: [Uta] ALPN recommendations in draft-ietf-uta-rfc7525bis-01
References: <b7abf0eb-0ba9-4ab9-90df-910a3391a830@beta.fastmail.com> <20210801005846.190B82568BF1@ary.qy> <48B82EAB-D059-4C81-B14D-8D1D10EBB78B@gmail.com> <a12f7ad1-61c8-a6ef-da91-77c86766822c@taugh.com>
In-Reply-To: <a12f7ad1-61c8-a6ef-da91-77c86766822c@taugh.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/SMS5RVYchcS_quswvCGKW6F1Zmo>
Subject: Re: [Uta] ALPN recommendations in draft-ietf-uta-rfc7525bis-01
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Aug 2021 18:58:20 -0000

On 8/1/21, 20:27, "John R Levine" <johnl@taugh.com> wrote:

    > This is one way to frame the problem. Another is that TLS is (1) 
    > typically only authenticated on the server side and (2) not 
    > cryptographically bound to the IP or port, the combination resulting in 
    > potential cross-protocol attacks. We as a community (inclusive of all 
    > protocols) are trying to mitigate this issue with whatever tools we 
    > have.

    Noting that as far as I can tell 100% of the targets of ALPACA attacks are 
    web browsers, this is a somewhat strained version of community.  I suppose 
    it possible someone might concoct an attack on a mail or FTP server but 
    since they don't execute the stuff they receive, it'd be a whole lot 
    harder.

YS: some of the attacks do not depend on the client executing JavaScript, but rather on the use of cookies (bearer tokens) which can be intercepted/logged/uploaded on the server side. I don't know of bearer tokens being used in SMTP, but it doesn't look like an HTTP-only notion.

    > Unfortunately I don't think your HTTP-only proposal can work, because in order to "expect" ALPN coming back from the server, a client would need to keep a long-term cache of ALPN-friendly servers. This is much more logic than just checking a received ALPN, either in HTTP or SMTP - which, as far as I can tell, is mostly done inside the TLS library.

    Sure it can, you treat any responses from a server without an http ALPN 
    with great scepticism.  I realize this will be hard on the long tail of 
    web servers, but it does give them an incentive to upgrade, like it did 
    when we stopped accepting SSLv3.

YS: I don't know how to implement "great scepticism"... Specifically, if you have a human in front of a web browser maybe you could use UI indicators, but what do you do if the client is a script calling a REST API?

    To put it another way, why is the solution for every non-web server to 
    upgrade, rather than for every web server to upgrade?  I'm not opposed to 
    adding ALPNs to other servers when we do routine upgrades, but "you 
    urgently have to solve our problem" is not a compelling arguent.

YS: Agreed. My own expectation is that the TLS BCP (like other non-urgent security upgrades) will be applied during routine upgrades. Compare enterprise-wide SHA-1-to-SHA-256 migration projects.

v2.23.0 | Report a Bug | By Email