- From: Chris Newman <Chris.Newman@Sun.COM>
- Date: Fri, 15 Jun 2007 12:23:48 -0700
- To: Keith Moore <moore@cs.utk.edu>, "tom.petch" <cfinss@dial.pipex.com>
- Cc: Adrien de Croy <adrien@qbik.com>, Apps Discuss <discuss@apps.ietf.org>, ietf-http-wg@w3.org
Keith Moore wrote on 6/14/07 16:19 -0400:
>>> how exactly does sending TLS credentials involve ferreting around in the
>>> depths of a network stack?
>>>
>>
>> It doesn't:-) Those responsible for the creation and maintenance of security
>> credentials - which I see as the major ongoing work of security - prefer to
>> do at an application level, using appropriate databases, which are
>> somewhat removed from the lower layers in which TLS sits. So TLS has a
>> different set of credentials or none, which is the problem that channel
>> binding overcomes.
> maybe what I think of as "application level" is different than how you
> think of this term, but I've never heard of a client application that
> uses TLS where TLS wasn't being called by the application, and where the
> application wasn't in a position to supply credentials via TLS to the
> server.
>
> I'm not trying to be picky here. Rather I think there's probably an
> important principle here that needs to be teased out.
TLS software stacks are starting to ossify into both operating systems and
hardware devices. The TLS stacks are already hideously complex and I'm seeing
increasing resistance to change in both the providers and consumers of TLS
software. If you've ever looked closely at GSSAPI or the CMU SASL API, adding
a generic authentication API to a TLS software stack would _greatly_ increase
the API complexity. So much so that I'd personally choose to avoid using a TLS
software stack that included such complexity.
While I have no doubt that tightly coupling authentication and the security
layer produces a more secure system in theory, I'm also skeptical that such a
service can achieve all the requirements of both while having enough simplicity
to be sustainable/maintainable/secure in practice. SSL/TLS has been around for
years, is probably our most mature (and heavily used) security service beyond
plaintext passwords and we're still finding deployed security holes in the
software stacks.
The TLS channel bindings concept decouples the security layer software from the
authentication service software so they can evolve separately. I consider this
such an important architecture/design improvement that it more than outweighs
the slight impact on security from separating the two stacks (indeed as the
separated systems are each simpler, I expect it will improve security in
practice over a tightly-coupled design).
The major problems involved with the security layer are related to hardening of
cryptographic algorithms and I/O stack management. As it's a continuous
service it has to be rock solid. Issues with bad APIs, configuration
complexity and whatnot can largely be hidden by higher layers as long as the
cryptography and I/O handling are solid. The major problems with
authentication are centralized management and identity migration. Again and
again I've seen customers ignore more advanced authentication algorithms if
they fail to achieve the management/migration requirements. Although the
authentication algorithms may be cool to geeks like us, they are of secondary
importance in the real world. The primary skill sets needed to work on a
security layer vs. an authentication service are thus almost completely
disjoint. As a result I consider the architectural separation and channel
bindings concept absolutely critical to producing a workable replacement for
today's web-forms+passwords model. The management/migration/branding/usability
requirements are the non-negotiable ones, the actual authentication algorithm
used is irrelevant absent a solution to the primary requirements.
- Chris
Received on Friday, 15 June 2007 19:24:06 UTC