W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Mandatory TLS == OpenSSL everywhere? !?!

From: Tao Effect <contact@taoeffect.com>
Date: Thu, 14 Nov 2013 17:31:17 -0500
Cc: Adrien de Croy <adrien@qbik.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <4FBC2BEA-99C9-4556-8BF5-8B71AE4ABDE2@taoeffect.com>
To: Mike Belshe <mike@belshe.com>
Thanks Mike,

I only have a cursory knowledge of what libraries are used where, so I did some searching and found this nice page:

https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations

More searching brought up lots of results for NSS as being, possibly the second most popular choice? Although again, I have no idea and really would like to see up-to-date numbers.

> I think it might be in all the major browsers, is that correct?


Turns out that it's not correct, as some browsers (it seems) switched to NSS, and some maybe never used OpenSSL (again, not clear on this, would need to research it more).

Here's a list of popular apps that use NSS:

https://en.wikipedia.org/wiki/Network_Security_Services#Applications_that_use_NSS

Happy to see Chrome and Firefox there! ^_^

Also am happy to see that you can setup Apache to use mod_nss instead of mod_ssl.

Cheers,
Greg

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

On Nov 14, 2013, at 5:15 PM, Mike Belshe <mike@belshe.com> wrote:

> One of the things that the IETF does with all new standards is to build multiple, working implementations.  This was done as part of the TLS development as well as HTTP.
> 
> Rob T could comment further, but I don't believe the windows TLS stack has much (any?) OpenSSL in it.
> 
> It shouldn't be a surprise that there are fewer TLS implementations than HTTP implementations - complexity aside, HTTP is much larger than TLS today.  But, if HTTP uses it more, we should see that go up over time.
> 
> I disagree that we glossed over these issues.
> 
> Mike
> 
> 
> 
> On Thu, Nov 14, 2013 at 1:58 PM, Tao Effect <contact@taoeffect.com> wrote:
> Yeah... thanks for bringing that up.
> 
> The sad thing is that OpenSSL is already basically everywhere (from what I can tell).
> 
> I think it might be in all the major browsers, is that correct?
> 
> And it's in Apache (via mod_ssl), and most of the other servers that exist, is that correct too?
> 
> I'd like to see a pie chart of OpenSSL usage in the top used web servers and top used browsers. Anyone know of one?
> 
> Then there's the "OpenSSL is written by monkeys" problem:
> 
> http://www.peereboom.us/assl/assl/html/openssl.html
> 
> The situation appears to be that we're using a crypto library, written (allegedly) by monkeys, in C, and only a handful of people and/or monkeys have actually looked at the code.
> 
> Additionally, C, and just about all its variants, makes it remarkably easy to write insecure code (by accident), and easy to write malicious code that can sit right in the open and not be noticed those working with the code:
> 
> https://en.wikipedia.org/wiki/Underhanded_C_Contest
> 
> It's not a new problem though... it's been with us "since like forever." You've probably been pwn'd and haven't realized it. :-p
> 
> - Greg
> 
> --
> Please do not email me anything that you are not comfortable also sharing with the NSA.
> 
> On Nov 14, 2013, at 4:35 PM, Adrien de Croy <adrien@qbik.com> wrote:
> 
>> Hi all
>>  
>> one of the things that has been troubling me about the mandatory TLS discussion, that I don't recall having seen discussed here is the issue of the implicit assumption that it's free or low-cost to include TLS into a product due to the availability of open source implementations.
>>  
>> I think that assumption needs looking into a bit further.
>>  
>> I'm going to go out on a limb here, and speculate, that if TLS were to become mandatory in HTTP/2 that the vast majority of implementers would choose OpenSSL for the TLS implementation.
>>  
>> That immediately raises a number of issues.
>>  
>> 1. Homogeneity and therefore susceptibility to exploits having effectively global reach.
>> 2. Maintainability of the source
>>  
>> A related issue is the complexity argument which I also haven't seen put here.
>>  
>> TLS is complex.  The crypto is complex.  Implementations of TLS with the cipher suites contain at least many hundreds of thousands of lines of code.  Most of it fairly impenetrable from what I've seen sorry to say.
>>  
>> Compared with an implementation of an HTTP stack, a TLS implementation completely dwarfs it for complexity and amount of code.   Since these things are not maintained by infallible aliens but us mere mortals, there will be bugs.
>>  
>> OpenSSL in my experience has had many troubles with vulnerabilities and stability.  And it's an enormous undertaking for someone to fathom the code to attempt any maintenance on it at all.
>>  
>> Does this mean, that if we made TLS mandatory, that effectively we would be placing the security of the web in the hands of the OpenSSL contributors.  I think it effectively does. 
>>  
>> This is an EXTREMELY disturbing thought.   The security of the systems associated with maintenance and deployment of OpenSSL are not at a sufficient level to warrant this level of global reliance.  My own experience with OpenSSL has not been without serious problems, and in fact we've looked to ditch it many times and may still do.
>>  
>> I don't think it is realistic to expect that http agent (server or client) developers will put much effort at all into maintenance of the TLS library.  So maintenance will remain the domain of the few contributors.
>>  
>> Too many eggs in too few baskets. 
>>  
>> Adrien
> 
> 



Received on Thursday, 14 November 2013 22:31:47 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC