Re: [websec] HSTS: Infinite max-age to address NTP spoofing attack?

Tobias Gondrom <tobias.gondrom@gondrom.org> Mon, 10 November 2014 19:49 UTC

Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D886C1AC446 for <websec@ietfa.amsl.com>; Mon, 10 Nov 2014 11:49:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -94.949
X-Spam-Level:
X-Spam-Status: No, score=-94.949 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FH_HELO_EQ_D_D_D_D=1.597, HELO_DYNAMIC_IPADDR=1.951, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, MANGLED_BACK=2.3, RP_MATCHES_RCVD=-0.594, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8-3F4Kv2hMYY for <websec@ietfa.amsl.com>; Mon, 10 Nov 2014 11:49:17 -0800 (PST)
Received: from lvps5-35-241-16.dedicated.hosteurope.de (www.gondrom.org [5.35.241.16]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7EF71ACCED for <websec@ietf.org>; Mon, 10 Nov 2014 11:49:17 -0800 (PST)
Received: from [IPv6:2001:67c:1231:998:7833:95ce:d3be:dc35] (unknown [31.130.238.66]) by lvps5-35-241-16.dedicated.hosteurope.de (Postfix) with ESMTPSA id 7A5D362F8F; Mon, 10 Nov 2014 20:49:15 +0100 (CET)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=yJRzG1+wLPwHEW1cprteBUUN97l6VjBy4KiH+08ejnVqkGNPbHM4Hj8I3PLBIDnLOrLwwEl1FIjSG4c13fDAUga7E67WuvonkHBX9AgeLivqbUxks0js+plB/jrSTn9zUDEMLRcWzl/Fnet8Iny3lV04eGtUWzH8Kj5SshH88bE=; h=Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding;
Message-ID: <546116B9.4030900@gondrom.org>
Date: Mon, 10 Nov 2014 09:49:13 -1000
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: jeff.hodges@paypal.com, hanno@hboeck.de, websec@ietf.org
References: <BAY180-W65945DCD6DB8531AB08F2BFF850@phx.gbl> <20141107161452.2b834f23@pc> <D08598BB.3EB64%jeff.hodges@paypal.com>
In-Reply-To: <D08598BB.3EB64%jeff.hodges@paypal.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/websec/7u6SWSHWBwBO7LOZW55ALWQTcuA
Subject: Re: [websec] HSTS: Infinite max-age to address NTP spoofing attack?
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec/>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Nov 2014 19:49:19 -0000

On 10/11/14 09:03, Hodges, Jeff wrote:
> On 11/7/14, 7:14 AM, "Hanno Böck" <hanno@hboeck.de>; wrote:
>
>> But I am pretty sure that no matter what, the underlying cause needs to
>> be fixed.
> Strongly agreed.
>
>> A reliable time plays a role in a number of cases in TLS.
>> HPKP is basically vulnerable to the same kind of attack. Certificate
>> validity times/expirations are vulnerable.
> Yes, there's a plethora of protocols that contain timestampes of one sort
> or another. Thus to some degree or another, they rely upo systems' time,
> and if that time is corrupted by an attacker then the system and its users
> may be in trouble.
>
> I don't think it's feasible, or in all or most cases a good design, to go
> back and 'patch' those protocols to try to guard against NTP-based attacks
> (as one example of how system time may be corrupted), rather, platforms
> should (as AGL noted in a earlier thread "NTP vs. HSTS" on [1]) "fix the
> clock" (I.e. Address NTP and other clock vulns).

<wg chair hat= off>
I agree with Jeff. It would better to aim fixing the clock issue (or the 
relying on fake clocks), than trying to give "infinite" to all kinds of 
protocol parameters.
Tobias

> =JeffH
>
> [1] W3C Web App Security WG <public-webappsec@w3.org>;
>      http://lists.w3.org/Archives/Public/public-webappsec/
>
>
>
>
> _______________________________________________
> websec mailing list
> websec@ietf.org
> https://www.ietf.org/mailman/listinfo/websec