IETF Logo Mail Archive

[Uta] TLS BCP Review

Aaron Zauner <azet@azet.org> Mon, 21 July 2014 21:54 UTC

Return-Path: <azet@azet.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A5C51A006D for <uta@ietfa.amsl.com>; Mon, 21 Jul 2014 14:54:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_15=0.6, J_CHICKENPOX_16=0.6, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5O3NtNDdm2XF for <uta@ietfa.amsl.com>; Mon, 21 Jul 2014 14:54:16 -0700 (PDT)
Received: from mail-wi0-f181.google.com (mail-wi0-f181.google.com [209.85.212.181]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35B201A006B for <uta@ietf.org>; Mon, 21 Jul 2014 14:54:16 -0700 (PDT)
Received: by mail-wi0-f181.google.com with SMTP id bs8so4843960wib.8 for <uta@ietf.org>; Mon, 21 Jul 2014 14:54:14 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:content-type; bh=xWjnfxDqZwBye7HenFeEvLNItYtzu8hRQG4Nw+YU9lw=; b=h8GWDohz71e8sWz2QFvMCrOwibt330fVkXXHFkxmf2KdiMBrV3ZW3c4/pW2cnOjMy6 KltG8JnEbwPWyrr7kwrz+2SoSzNdHuuV3P3ta14IaCIAJLyNeZuZXsb+nrRYAApf3M1N aFcbQb4/DFM0SZ44266YLx/BvFgnBV2wExF6XeFuge/zXQhwjs8YUqMjtDAY8Ot7g6eW zjx0QFExzqoI3LnYGCJ64rYHTor8YdY4isz1DEzlicN46VzocavQSGPMHSlqZATh2yB/ DbwtSgWXb1VF7Av5BvPgUvxdIbyr4eq8qgrfwSt0S14CHcVMyVce/ru7EgwJCej1x+DE nv9w==
X-Gm-Message-State: ALoCoQm62RI9X/cboyhVW1y2bWk95TL7o0PN+1SmoscTMlGjLvVAK8p0zgtIxwbsj4C/D59EmZv6
X-Received: by 10.195.12.97 with SMTP id ep1mr26286029wjd.26.1405979654691; Mon, 21 Jul 2014 14:54:14 -0700 (PDT)
Received: from [10.0.0.132] (chello080108032135.14.11.univie.teleweb.at. [80.108.32.135]) by mx.google.com with ESMTPSA id fs3sm46311738wic.20.2014.07.21.14.54.12 for <uta@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 21 Jul 2014 14:54:13 -0700 (PDT)
Message-ID: <53CD8C01.4050808@azet.org>
Date: Mon, 21 Jul 2014 23:54:09 +0200
From: Aaron Zauner <azet@azet.org>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: "uta@ietf.org" <uta@ietf.org>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="------------enig9A4C44AAE8C09721211ACDE3"
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/hNubdyyKQK1edlN4yG9-Ep84NAU
Subject: [Uta] TLS BCP Review
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jul 2014 21:54:17 -0000

Hi *,

I'm in the process of reviewing the BCP currently and do have a couple
of open questions and remarks before submitting a patch. Please excuse
me if some of them have already been asked before on the mailing list,
although I tried to go through most of the mails, I might have missed some.

   * the document on github seems to be out of sync with the document
     that is currently available on the IETF website.

   * I've found some typos, rhetorical flaws w.r.t phrasing throughout
     the document as well as missing information in reasoning parts. I
     would be willing to submit a patch and a related message
     explaining changes (if need be) to this list. is that acceptable?

   * the document effectively states in 1. that TLS 1.3 will obsolete
     this document. UTA should still give recommendations for legacy
     protocols that will be widely deployed on the internet. although
     faster than it used to be - TLS adoption is still very slow.

   * 3.1. states that SSLv2 has "serious security vulnerabilities"
     while this is true, it does not emphasize how broken SSLv2
     actually is. how about changing the wording to "considered to be
     insecure"?

   * as for the deployment of "3%", mentioned in 3.2. - previous
     posters have pointed to the scans by j.vehent and sslpulse/qualys.
     there's also a monthly scan being conducted by h.kario of
     redhat [0].

   * in 3.6 disabling compression is a SHOULD. with the issues currently
     raised by attacks this has to be a MUST in my opinion. and:

   * the document does not mention issues with compression in underlying
     applications when using TLS (e.g. BREACH for HTTP).

   * 4.2: once accepted (and everything looks this way) the draft by DKG
     will obsolete parts of this section [2].

   * currently the document provides for no reasoning as to why no ECDSA
     ciphersuites have been included. while I agree that they should be
     excluded, one should include a sentence or two on the matter. I'm
     not an expert with DSA/DSS so I can just refer to [1] and the
     sources mentioned therein.

   * the document currently does not mention any views for
     standardization bodies and implementors on key pinning (TACK,
     HTKP).

   * the document currently does not mention any views for
     standardization bodies and implementors on certificate
     transparency.

That's all for now, I'm pretty sure I'll come up with more.

Thanks for your time,
Aaron

Sources:
[0] - http://securitypitfalls.wordpress.com
[1] - http://blog.cr.yp.to/20140323-ecdsa.html
[2] - http://tools.ietf.org/html/draft-gillmor-tls-negotiated-dl-dhe

v2.23.0 | Report a Bug | By Email