W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Mandatory TLS == OpenSSL everywhere? !?!

From: Mike Belshe <mike@belshe.com>
Date: Thu, 14 Nov 2013 14:15:40 -0800
Message-ID: <CABaLYCtzbp1KJZUfN03RsSp9OP32z9fJ0cDg_byQrhCALb8VWg@mail.gmail.com>
To: Tao Effect <contact@taoeffect.com>
Cc: Adrien de Croy <adrien@qbik.com>, HTTP Working Group <ietf-http-wg@w3.org>
One of the things that the IETF does with all new standards is to build
multiple, working implementations.  This was done as part of the TLS
development as well as HTTP.

Rob T could comment further, but I don't believe the windows TLS stack has
much (any?) OpenSSL in it.

It shouldn't be a surprise that there are fewer TLS implementations than
HTTP implementations - complexity aside, HTTP is much larger than TLS
today.  But, if HTTP uses it more, we should see that go up over time.

I disagree that we glossed over these issues.

Mike



On Thu, Nov 14, 2013 at 1:58 PM, Tao Effect <contact@taoeffect.com> wrote:

> Yeah... thanks for bringing that up.
>
> The sad thing is that OpenSSL is already basically everywhere (from what I
> can tell).
>
> I think it might be in all the major browsers, is that correct?
>
> And it's in Apache (via mod_ssl), and most of the other servers that
> exist, is that correct too?
>
> I'd like to see a pie chart of OpenSSL usage in the top used web servers
> and top used browsers. Anyone know of one?
>
> Then there's the "OpenSSL is written by monkeys" problem:
>
> http://www.peereboom.us/assl/assl/html/openssl.html
>
> The situation appears to be that we're using a crypto library, written
> (allegedly) by monkeys, in C, and only a handful of people and/or monkeys
> have actually looked at the code.
>
> Additionally, C, and just about all its variants, makes it remarkably easy
> to write insecure code (by accident), and easy to write malicious code that
> can sit right in the open and not be noticed those working with the code:
>
> https://en.wikipedia.org/wiki/Underhanded_C_Contest
>
> It's not a new problem though... it's been with us "since like forever."
> You've probably been pwn'd and haven't realized it. :-p
>
> - Greg
>
> --
> Please do not email me anything that you are not comfortable also sharing
> with the NSA.
>
> On Nov 14, 2013, at 4:35 PM, Adrien de Croy <adrien@qbik.com> wrote:
>
> Hi all
>
> one of the things that has been troubling me about the mandatory TLS
> discussion, that I don't recall having seen discussed here is the issue of
> the implicit assumption that it's free or low-cost to include TLS into a
> product due to the availability of open source implementations.
>
> I think that assumption needs looking into a bit further.
>
> I'm going to go out on a limb here, and speculate, that if TLS were to
> become mandatory in HTTP/2 that the vast majority of implementers would
> choose OpenSSL for the TLS implementation.
>
> That immediately raises a number of issues.
>
> 1. Homogeneity and therefore susceptibility to exploits having effectively
> global reach.
> 2. Maintainability of the source
>
> A related issue is the complexity argument which I also haven't seen put
> here.
>
> TLS is complex.  The crypto is complex.  Implementations of TLS with the
> cipher suites contain at least many hundreds of thousands of lines of
> code.  Most of it fairly impenetrable from what I've seen sorry to say.
>
> Compared with an implementation of an HTTP stack, a TLS implementation
> completely dwarfs it for complexity and amount of code.   Since these
> things are not maintained by infallible aliens but us mere mortals, there
> will be bugs.
>
> OpenSSL in my experience has had many troubles with vulnerabilities and
> stability.  And it's an enormous undertaking for someone to fathom the code
> to attempt any maintenance on it at all.
>
> Does this mean, that if we made TLS mandatory, that effectively we would
> be placing the security of the web in the hands of the OpenSSL
> contributors.  I think it effectively does.
>
> This is an EXTREMELY disturbing thought.   The security of the systems
> associated with maintenance and deployment of OpenSSL are not at a
> sufficient level to warrant this level of global reliance.  My own
> experience with OpenSSL has not been without serious problems, and in fact
> we've looked to ditch it many times and may still do.
>
> I don't think it is realistic to expect that http agent (server or client)
> developers will put much effort at all into maintenance of the TLS
> library.  So maintenance will remain the domain of the few contributors.
>
> Too many eggs in too few baskets.
>
> Adrien
>
>
>
Received on Thursday, 14 November 2013 22:16:09 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC