User interface, security, and "simplicity"

Fri May 2 03:07:01 EDT 2008

Thor Lancelot Simon wrote:
> It's fashionable in some circles (including, it seems, this one) to bash
> IPsec (particularly IKE) and tout SSL VPNs (particularly OpenVPN) on what
> are basically user interface grounds.
> 
> I cannot help repeatedly noting that -- I believe more so than with actual
> IPsec deployments, whether with or without IKE -- OpenVPN deployments are
> often configured in hideously insecure ways.  This is no more the fault of
> OpenVPN's designers, of course, than the ghastly configuration interfaces
> imposed by many IKE impledmentations are the fault of IPsec's designers.

We are dropping on end users, sysadmins and nno crypto programmers 
decisions that seasoned cryptographers tend to screw up, and that end 
users and sysadmins are never going to comprehend.

The way programmers approach modularity and code locality tends to leave 
the end user outside the cryptographic boundary.  The cryptography 
module is very carefully made entirely independent of the user 
interface, merely sending up arcane errors from time to time.

Consider, for example, the recent cookie stealing security failure in 
Wordpress, fixed just a few days ago.  It seems that for a very long 
time, there was very straightforward, indeed in retrospect glaringly 
obvious, security hole that allowed anyone on the internet to take 
control of any host running Wordpress - which most hosts do run.  You 
can take control from Nigeria, you don't need to tap any lines.  Anyone 
anywhere in the world could have exercised any power over one's server 
that one's Wordpress application can exercise, which is usually near 
total power.

The defenders of SSL will quite correctly point out that the security 
hole had absolutely nothing to do with SSL.  The hole exists whether one 
uses SSL or not, and almost no one uses SSL with Wordpress.  And that 
was exactly the problem.  The writers of Wordpress, like the writers of 
every other application, had to handroll their own authentication, and 
of course fucked up.  SSL sessions are not user sessions, thus SSL 
authentication does not authenticate that user "admin" is the same 
entity (or even has the same  IP address) as the entity that correctly 
logged in as user admin, does not, cannot, attempt to provide such 
authentication, that being a higher layer issue - indeed, SSL 
authentication is pretty much irrelevant to authenticating anything that 
the attackers or defenders are likely to care about, which is why user 
admin on a Wordpress application does not use SSL.  SSL is so 
wonderfully localized that attackers just stroll around it.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com