Mandatory TLS == OpenSSL everywhere? !?! from Adrien de Croy on 2013-11-14 (ietf-http-wg@w3.org from October to December 2013)

From: Adrien de Croy <adrien@qbik.com>
Date: Thu, 14 Nov 2013 21:35:00 +0000
To: "HTTP Working Group" <ietf-http-wg@w3.org>
Message-Id: <embf801bc3-8713-44a2-85a4-c93955790de1@bodybag>

Hi all

one of the things that has been troubling me about the mandatory TLS 
discussion, that I don't recall having seen discussed here is the issue 
of the implicit assumption that it's free or low-cost to include TLS 
into a product due to the availability of open source implementations.

I think that assumption needs looking into a bit further.

I'm going to go out on a limb here, and speculate, that if TLS were to 
become mandatory in HTTP/2 that the vast majority of implementers would 
choose OpenSSL for the TLS implementation.

That immediately raises a number of issues.

1. Homogeneity and therefore susceptibility to exploits having 
effectively global reach.
2. Maintainability of the source

A related issue is the complexity argument which I also haven't seen put 
here.

TLS is complex.  The crypto is complex.  Implementations of TLS with the 
cipher suites contain at least many hundreds of thousands of lines of 
code.  Most of it fairly impenetrable from what I've seen sorry to say.

Compared with an implementation of an HTTP stack, a TLS implementation 
completely dwarfs it for complexity and amount of code.   Since these 
things are not maintained by infallible aliens but us mere mortals, 
there will be bugs.

OpenSSL in my experience has had many troubles with vulnerabilities and 
stability.  And it's an enormous undertaking for someone to fathom the 
code to attempt any maintenance on it at all.

Does this mean, that if we made TLS mandatory, that effectively we would 
be placing the security of the web in the hands of the OpenSSL 
contributors.  I think it effectively does.

This is an EXTREMELY disturbing thought.   The security of the systems 
associated with maintenance and deployment of OpenSSL are not at a 
sufficient level to warrant this level of global reliance.  My own 
experience with OpenSSL has not been without serious problems, and in 
fact we've looked to ditch it many times and may still do.

I don't think it is realistic to expect that http agent (server or 
client) developers will put much effort at all into maintenance of the 
TLS library.  So maintenance will remain the domain of the few 
contributors.

Too many eggs in too few baskets.

Adrien

Received on Thursday, 14 November 2013 21:34:58 UTC