Fixing SSL (was Re: Dutch Transport Card Broken)
Eric Rescorla
ekr at networkresonance.com
Wed Jan 30 12:03:27 EST 2008
At Wed, 30 Jan 2008 11:25:04 +0100,
Philipp Gühring wrote:
>
> Hi,
>
> > SSL key distribution and management is horribly broken,
> > with the result that everyone winds up using plaintext
> > when they should not.
>
> Yes, sending client certificates in plaintext while claiming that SSL/TLS is
> secure doesn´t work in a world of phishing and identity theft anymore.
Huh? What are you claiming the problem with sending client certificates
in plaintext is (as if anyone uses client certificates anyway)?
That the phisher gets to see the client's identity? So what?
It doesn't let them impersonate the client to anyone. Certificates
shouldn't contain sensitive information anyway.
> We have the paradox situation that I have to tell people that they should use
> HTTPS with server-certificates and username+password inside the HTTPS
> session, because that´s more secure than client certificates ...
No it isn't more secure.
> Does anyone have an idea how we can fix this flaw within SSL/TLS within a
> reasonable timeframe, so that it can be implemented and shipped by the
> vendors in this century?
This gets discussed on the TLS mailing list occasionally, but the
arguments for making this change aren't very convincing. If you have
an actual credible security argument you should post it to
tls at ietf.org.
> > We really do need to reinvent and replace SSL/TCP,
> > though doing it right is a hard problem that takes more
> > than morning coffee.
>
> TCP could need some stronger integrity protection. 8 Bits of checksum isn´t
> enough in reality. (1 out of 256 broken packets gets injected into your TCP
> stream) Does IPv6 have a stronger TCP?
Whether this is true or not depends critically on the base rate
of errors in packets delivered to TCP by the IP layer, since
the rate of errors delivered to SSL is 1/256th of those delivered
to the TCP layer. Since link layer checksums are very common,
as a practical matter errored packets getting delivered to protocols
above TCP is quite rare.
-Ekr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list