W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Mandatory TLS == OpenSSL everywhere? !?!

From: Adrien de Croy <adrien@qbik.com>
Date: Thu, 14 Nov 2013 22:12:40 +0000
To: "Tao Effect" <contact@taoeffect.com>
Cc: "HTTP Working Group" <ietf-http-wg@w3.org>
Message-Id: <emc3bfa694-274c-4878-9d19-36cd622b116e@bodybag>

I think it is basically everywhere, but I think we're largely saved by 
not using it everywhere since I believe still most http is not using 
TLS.  IME with WinGate the more we use OpenSSL, the more troubles we 
have, hence the desire to use something else especially since we added 

But now we're talking about USING it everywhere.  That's an enormous 

Discussion about mandatory TLS has seemingly glossed over these sorts of 

------ Original Message ------
From: "Tao Effect" <contact@taoeffect.com>
To: "Adrien de Croy" <adrien@qbik.com>
Cc: "HTTP Working Group" <ietf-http-wg@w3.org>
Sent: 15/11/2013 10:58:49 a.m.
Subject: Re: Mandatory TLS == OpenSSL everywhere? !?!
>Yeah... thanks for bringing that up.
>The sad thing is that OpenSSL is already basically everywhere (from 
>what I can tell).
>I think it might be in all the major browsers, is that correct?
>And it's in Apache (via mod_ssl), and most of the other servers that 
>exist, is that correct too?
>I'd like to see a pie chart of OpenSSL usage in the top used web 
>servers and top used browsers. Anyone know of one?
>Then there's the "OpenSSL is written by monkeys" problem:
>The situation appears to be that we're using a crypto library, written 
>(allegedly) by monkeys, in C, and only a handful of people and/or 
>monkeys have actually looked at the code.
>Additionally, C, and just about all its variants, makes it remarkably 
>easy to write insecure code (by accident), and easy to write malicious 
>code that can sit right in the open and not be noticed those working 
>with the code:
>It's not a new problem though... it's been with us "since like 
>forever." You've probably been pwn'd and haven't realized it. :-p
>- Greg
>Please do not email me anything that you are not comfortable also 
>sharing with the NSA.
>On Nov 14, 2013, at 4:35 PM, Adrien de Croy <adrien@qbik.com> wrote:
>>Hi all
>>one of the things that has been troubling me about the mandatory TLS 
>>discussion, that I don't recall having seen discussed here is the 
>>issue of the implicit assumption that it's free or low-cost to include 
>>TLS into a product due to the availability of open source 
>>I think that assumption needs looking into a bit further.
>>I'm going to go out on a limb here, and speculate, that if TLS were to 
>>become mandatory in HTTP/2 that the vast majority of implementers 
>>would choose OpenSSL for the TLS implementation.
>>That immediately raises a number of issues.
>>1. Homogeneity and therefore susceptibility to exploits having 
>>effectively global reach.
>>2. Maintainability of the source
>>A related issue is the complexity argument which I also haven't seen 
>>put here.
>>TLS is complex.  The crypto is complex.  Implementations of TLS with 
>>the cipher suites contain at least many hundreds of thousands of lines 
>>of code.  Most of it fairly impenetrable from what I've seen sorry to 
>>Compared with an implementation of an HTTP stack, a TLS implementation 
>>completely dwarfs it for complexity and amount of code.   Since these 
>>things are not maintained by infallible aliens but us mere mortals, 
>>there will be bugs.
>>OpenSSL in my experience has had many troubles with vulnerabilities 
>>and stability.  And it's an enormous undertaking for someone to fathom 
>>the code to attempt any maintenance on it at all.
>>Does this mean, that if we made TLS mandatory, that effectively we 
>>would be placing the security of the web in the hands of the OpenSSL 
>>contributors.  I think it effectively does.
>>This is an EXTREMELY disturbing thought.   The security of the systems 
>>associated with maintenance and deployment of OpenSSL are not at a 
>>sufficient level to warrant this level of global reliance.  My own 
>>experience with OpenSSL has not been without serious problems, and in 
>>fact we've looked to ditch it many times and may still do.
>>I don't think it is realistic to expect that http agent (server or 
>>client) developers will put much effort at all into maintenance of the 
>>TLS library.  So maintenance will remain the domain of the few 
>>Too many eggs in too few baskets.
Received on Thursday, 14 November 2013 22:12:37 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC