[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Security today

To: "tls@xxxxxxxx" <tls@xxxxxxxx>
Subject: Re: [TLS] Security today
From: Mike <mike-list@xxxxxxxxx>
Date: Fri, 28 Mar 2008 13:16:14 -0700
Delivered-to: tls@xxxxxxxxxxxxxx
In-reply-to: <47ED2BAB.2070508@xxxxxxxxxxxxxxxx>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <47EC2A75.2050303@xxxxxxxxx> <0685A6ED2CB5D245B49DD0B07C3636CC2A8D543BC7@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <47EC57A2.4030109@xxxxxxxxx> <47ED2BAB.2070508@xxxxxxxxxxxxxxxx>
Sender: tls-bounces@xxxxxxxx
User-agent: Thunderbird 2.0.0.12 (Windows/20080213)

> (In a struggle to bring the thread back to tls-relevance...)

In my opinion, this is very relevant to TLS.  TLS is being
mis-used so badly, that security is unnecessarily horrible.
TLS itself is not bad, but if (when) something bad happens,
it will be blamed for being insecure.  You don't want that
to happen.

I think that it's become necessary for the TLS WG to put
together a document with hard numbers in it for key lengths,
relative strengths, expected lifetime for data protected by
those keys/lengths/algorithms.  Of course the IETF doesn't
want to take on the liability associated with recommending
any particular algorithms/key lengths, but they can easily
recommend against those that are believed to be weak.  There
is plenty of public information that can be referenced (from
multiple sources) to avoid taking on liability.

With this document out there, those who are afraid to do
anything better than what everybody else is doing (opening
themselves up to being fired if something goes wrong), will
be able to take some initiative to improve the situation.
And with this information out there, they won't be able to
simply say that they were just following the herd.

I don't consider myself expert enough to take on this task,
but I know that others on this list are expert enough.

> in theory you're supposed to look at the cert and it's cps
> (which is referenced in a field in the cert in the payload
> in the TLS protocol...) and the ciphersuite selection and
> refuse to connect.

In theory, yes.  But who ever looks at a CPS?  I don't even
know how to get Firefox to show it to me, and no ordinary
user even knows that CPS's exist.

> In other words, the protocol supports you deciding to
> not interact with the server.

If there was a local Amazon.com bookstore in my neighborhood,
you can bet I would follow this advice.

Mike
_______________________________________________
TLS mailing list
TLS@xxxxxxxx
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Security today
  - From: Mike
- Re: [TLS] Security today
  - From: Eric Rescorla

References:
- [TLS] Security today
  - From: Mike
- Re: [TLS] Security today
  - From: Michael Howard
- Re: [TLS] Security today
  - From: Mike
- Re: [TLS] Security today
  - From: Rodney Thayer

Prev by Date: Re: [TLS] Next steps for Client Certificate URL
Next by Date: Re: [TLS] Next steps for Client Certificate URL
Previous by thread: Re: [TLS] Security today
Next by thread: Re: [TLS] Security today
Index(es):
- Date
- Thread