


Father of SSL Talks Serious Security Turkey 74
coondoggie writes with an excerpt from a Network World article: "SSL/TLS, the protocol that protects security of e-commerce, has taken a beating lately, with news items ranging from the violation of certificate authorities to the discovery of an exploit that beats the protocol itself. But despite the exploit ... and the failures of certificate authorities such as Comodo and DigiNotar that are supposed to authenticate users, the protocol has a lot of life left in it if properly upgraded as it becomes necessary, says Taher Elgamal, CTO of Axway and one of the creators of SSL."
Who needs SSL? (Score:2, Funny)
Re: (Score:2)
Re: (Score:3)
Re: (Score:1)
Re: (Score:1)
unless they find out you are hiding something!
Re: (Score:1)
Re: (Score:2)
that's the same combination as my luggage!
Re: (Score:3)
That's not very bright—assuming you're this card's owner, and the info is correct. This info will now come up on a cursory Google search, and if your credit provider learns that you wilfully published this info, they'll close your account because you've violated the cardholder agreement. The law that provides for reimbursement of unauthorized charges does not extend to people shouting their credit card info from the rooftops and expecting a bailout later.
Re: (Score:1)
All I have to do is claim that someone stole my info and anonymously posted it to this site. For all you know, I may not even be the same person that posted it.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Actually, that's interesting. I don't have a CC*, and as far as I know there's nothing one can do with my IBAN; direct debits and such have to be authorized Ã-priori with the bank.
Frankly, having only a single set of numbers that anyone can use to debit money from an account seems completely retarded to me. It's like giving your password instead of using OAuth, and bank accounts are still "somewhat" more important than Twitter's, one would think.
* actually, I have many; they're just virtual, have a sma
Re: (Score:2)
That kind of moronic system doesn't work with my bank - I have to explicitly set up the payment with the bank myself - but in any case the "Direct Debit Guarantee" means he can revoke the payment, no questions asked.
Re: (Score:1)
I don't have anything to hide!
I find it ironic that "Anonymous Coward" has nothing to hide
Re: (Score:1)
Spanish... very interesting ;-)
Re: (Score:1)
Re: (Score:2)
Didn't the social security administration tell him in no uncertain terms to stop posting his ssn publicly, due to the number of illegal aliens using it for job applications?
It does its job (Score:2)
I am more worried about my ISP packet sniffing my traffic than a black hat.
As long as the SSL is good enough to keep my ISP ignorant, it's good enough for me.
Re: (Score:2)
So your ISP gets a cert signed by random crappy browser-trusted cert authority (e.g., run by an intrusive government) for some domain(s) they are interested in monitoring traffic on, and due to the way SSL is implemented in browsers, you have no idea they are sniffing all your traffic to that site.
SSL is broken.
But coming up with something more secure that is still practical, that's hard. Not having certificates last indefinitely is a good thing (limits the amount of damage from an undetected theft) as is not forcing the use of the same CA every time. It's just that some CAs should never have been trusted in the first place and some clients are crap at checking whether a certificate is actually good. One isn't a protocol problem but instead a social one (and just requires a few companies to be crushed into paste t
Re: (Score:2)
First, to address your premise, we are in no position to criticize any protocol merely because some particular implementation of it has been installed with a predefined set of root certs that you don't like. Second, to address your conclusion, it does not logically follow from the premise. QED.
That's not to say that there can be no possible flaws in SSL, though this is a point that you don't address. Both design and implementation vulnerabilities have indeed been identified in
Re: (Score:2)
So tell me how does am access provider get a cert signed for a site/domain they don't host.
Isn't the exploit for an old version of TLS? (Score:2)
Are there no upgrades to TLS 1.0 available? I thought the issue was browsers and websites that hadn't upgraded.
Re: (Score:3)
IIS 7.5 (2008R2) and at least Windows 7 are required to support TLS 1.1 and 1.2.
In Linux Land:
Apache's mod_ssl does not support TLS 1.1 and 1.2, you need to use mod_gnutls, which is not default on many webservers.
Breaking news! (Score:2)
tl;dr: new trust model rumor (Score:3)
He hears rumors in Calif. of a new trust system to complement PKI. That's all he will say when the interviewer questions him repeatedly about a solution to the problem he goes on at length about: that browsers have PKI roots built in. I agree it's a terrible system, but asking the clueless user to select trusted roots would have its own problems, in, say, Iran. Or more precisely, clueless users in the US make it hard to deploy a system for careful users in Iran. The UI has to be both easy & difficult.
Re: (Score:1)
Re: (Score:2)
I think he's talking about Convergence, the CA replacement system proposed by Moxie Marlinspike
The problem is there has to be some way to take old server certificates out of use and replace them with new ones, and that mechanism has to be doable without any signature by either the old certificate or the old CA. Moreover, you can legitimately have multiple certificates for one domain. The upshot of that is that if you pop up a dialog each time you detect such a thing happening, you'll train users to click OK for all security problems, which is an astonishingly bad idea! The advantage of the current sy
With all these different browser versions... (Score:3, Interesting)
Why do none support TLS 1.1, firefox is releasing new versions of its browser on an insane schedule, IE is on version 9, chrome is moving along, yet no tls 1.1? Is there something I'm missing here?
Of all the useless features they've implemented in the past year, why not secure the browser? I remember when firefox was proud of it's security.
Then again good luck replacing ssl, what are viable alternatives? Pointless discussion if there aren't any...
Also read carefully about BEAST, it's not a remote exploit, so you can't just click and choose the stream you want to sniff, it's a ways more complicated and requires a high level of trust on the compromised machine.
Re: (Score:3)
Then the other browsers need to update (Score:2)
The argument that most websites haven't been upgraded is insane. The website admins won't upgrade their servers until the browser community can support it.
If Opera is already doing it, they've shown it can be done. Failure to do the same with Firefox, Chrome, et. al. is a sign of either laziness, incompetence, or extremely bad planning.
Stop farting around with 3D support and take care of the security fundamentals first!
Re: (Score:3)
Re: (Score:1)
As did you, what major browsers?
Look here
http://en.wikipedia.org/wiki/Opera_(web_browser)#Market_adoption [wikipedia.org]
You calling opera a major browser and piggy backing off (#37683562) in regards to servers?
IE, Firefox, nor Chrome don't support it as stated above, a 10 second google search would yield something like...
http://www.google.com/support/forum/p/Chrome/thread?tid=0539619c98f85cbb&hl=en [google.com]
It's always worked like... browser implements new feature, web devs and admins follow, if you ask me to to turn on feature
Re: (Score:2)
As for which browsers implement what, the point is if all browser vendors act in a c
Re: (Score:1)
No transition has ever worked that way...
Downtime is not acceptable worldwide rofl.
Browsers would allow tls 1, 1.1, and 1.2 and then figure out what's supported or not by the server. Admins would recognize the hard lined benefits of 1.2 over 1.0 especially in shops that care about their security and set their servers to 1.2 only. In a few years, more and more people would adapt 1.2 until 1.0 can finally be phased out with a broadcast like message that you are implying.
Let me be clear though, unless there
Re: (Score:2)
And yes it can work assuming the major browser companies were united behind a single plan. Sites would have to change and the large majority would chan
Re: (Score:1)
Really?
I'd just tell my users not to upgrade and block the update via the ASA till I got off my ass, you realize I actually do this shit professionally don't you and it just doesn't work your way, never did, never will?
Never heard of sky TV, not a comparable scope though, tiny company vs the planet earth? Keep dreaming.
Pledging for automatic updates? (Score:3)
Actually, newer windows versions (Vista and later) use Microsoft's online Certificate Trusts Lists which allows exactly this. Microsoft revoked the DigiNotar certificate without issuing a real Windows update:
(http://technet.microsoft.com/en-us/security/advisory/2607712)
Re: (Score:1)
Re: (Score:1)
Single point of failure.
Re: (Score:1)
Actually, newer windows versions (Vista and later) use Microsoft's online Certificate Trusts Lists which allows exactly this
No it doesn't. What Microsoft does is disable certficates.
Taher Elgamal is talking about automatically patching/updateing the SSL protocol itself, not just some certificate disabling. Nice idea, but noway that is going to happen in any serious environment. Just like with any other update, anyone taking his systems seriously will want to test this before deploying. Especially because this is about a communication protocol. Just imagine your VPN tunnels failing because the product on one end of the tunnel was
The solution is to throw out CAs (Score:2)
I used to be in favor of patching things with DNSSEC, until I thought about it. I didn't really think about it until I saw moxie's blackhat talk. I happened to see it live, but not at blackhat. It's great. I think it's also a bulletproof argument against the CAs and DNSSEC. The protocol itself can be fixed (the security attack), but the current CA system pretty much can't be in a way that would satisfy me after seeing the talk.
http://www.youtube.com/watch?v=Z7Wl2FW2TcA [youtube.com]
http://convergence.io/ [convergence.io] (t
Re: (Score:2)
While I really like the concept, I'm not sure how well this will work in practise scale.
The thing I like least about it is that it caches known certs for as long as the cert is valid.
How do people revoke certs of compromised keys in that model ?
Re: (Score:2)
There are problems with this approach, but they're no worse than the CA-SSL model. In fact, they're quite a bit more survivable. And anyway, the idea is young. It will get better.
Regarding revocations. Do you really (honestly) subscribe to any revocation lists now? I've done this in the past, but I haven't done it for years and I care about this topic very much. The problem is the same with CA-SSL vs Convergence-SSL only with convergence you can sometimes detect the problem and with CA-SSL, you'll
Re: (Score:2)
No revocation lists are usually huge, like 200MB+ so pretty much useless.
But you don't need a revocation list to revoke a certificate in any moden browser. It usually supports OCSP.
I believe browsers don't cache OCSP-responses longer than the browsing session (for as long as the browser is open) ?
So if you enable "When an OCSP server connection fails, treat the connection as invalid" you will be 'safe'.
Next time you start the browser OCSP is checked, thus if the certificate is revoked you would get a proper
Re: (Score:2)
You're probably right. I have no idea how OSCP actually works, just nebulous ideas about how it probably functions. I don't think it changes much with respect to my (er, moxie's) arguments though. Who really has this turned on anyway? How does it solve the trust problems inherent with the CA-SSL model?
Local caching is a personal decision and it's a setting even in the prototype. You can choose to cache, or not. You can choose your notaries, or use the defaults. You can also choose between simple
Re: (Score:2)
Forgot about that, you can turn off the cache. I don't currently use it, I was actually looking at the source on github. :-)
Anyway, I keep wondering how it will scale in general, like how would the general public who knows nothing about these settings and how it works or how to use it.
For example let's say you have many, many people using the same notary as a default in the browser, you could never ever turn it off.
Re: (Score:2)
Something else I'm thinking.
If this gets introduced to the general public.
The first thing that will happen immediately is that when you install your new Windows Anti-Virus software the vendor will implement their own and just add their notary to the list.
Let me guess the OEM will add it's own notary as well ?
This all seems like a bad idea.
I don't know, maybe I'm just in a negative mood :-)
Re: (Score:2)
Right now there's only one notary... er, two ... But later, if this catches on at all, there'd be like 30 or a thousand... and your client would probably pick randomly the first time. And if one failed, you'd just skip that one and use another (depending on your settings of course). I can imagine a hundred ways around the scalability problems (in your browser anyway).
Actually, Moxie talks about what happens if some of your notaries are untrusted. Since the FBI or the credit card thief will never know
Re: (Score:2)
(Didn't really finish my thought: So if the OEM adds its own notary, you don't really lose anything as long as there's a couple others on the list too.)
Impossible to say? (Score:1)
Re: (Score:2)
Father of gobble Talks Serious gobble gobble
Posted by Unknown Lamer on Tuesday October 11, @03:27PM
from the trust-me-i-invented-a- gobble - gobble dept.
coondoggie writes:
with an excerpt from a gobble World article:
" gobble / gobble , the gobble that protects gobble of e- gobble , has taken a beating lately, with news items ranging from the gobble of gobble gobble s to the discovery of an gobble that beats the gobble itself. But despite the gobble ... and the failures of gobble gobble such as Gobble and Gobble that are supposed to gobble users, the gobble has a lot of life left in it if properly gobble ed as it becomes gobble , says Gobble Gobble , gobble of gobble and one of the creators of gobble .
Security Turkey? (Score:2)
Wasn't Canadian Thanksgiving yesterday?
BEAST, TLS 1.0 v. 1.1, CA model, security upgrades (Score:2)
Summarizing...
BEAST, TLS 1.0 v. 1.1
The BEAST attack is somewhat a concern for TLS 1.0, just how practical the attack is has yet to be seen. Requires malware on your the system, so he says, which means you've already lost the game. Moving to TLS 1.1 would protect against BEAST, but is problematic because of lack of support.
CA System, upgrades