- From: Tao Effect <contact@taoeffect.com>
- Date: Thu, 14 Nov 2013 16:58:49 -0500
- To: Adrien de Croy <adrien@qbik.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
- Message-Id: <80E575D7-7C72-4DBE-875C-A24960CD3C6E@taoeffect.com>
Yeah... thanks for bringing that up. The sad thing is that OpenSSL is already basically everywhere (from what I can tell). I think it might be in all the major browsers, is that correct? And it's in Apache (via mod_ssl), and most of the other servers that exist, is that correct too? I'd like to see a pie chart of OpenSSL usage in the top used web servers and top used browsers. Anyone know of one? Then there's the "OpenSSL is written by monkeys" problem: http://www.peereboom.us/assl/assl/html/openssl.html The situation appears to be that we're using a crypto library, written (allegedly) by monkeys, in C, and only a handful of people and/or monkeys have actually looked at the code. Additionally, C, and just about all its variants, makes it remarkably easy to write insecure code (by accident), and easy to write malicious code that can sit right in the open and not be noticed those working with the code: https://en.wikipedia.org/wiki/Underhanded_C_Contest It's not a new problem though... it's been with us "since like forever." You've probably been pwn'd and haven't realized it. :-p - Greg -- Please do not email me anything that you are not comfortable also sharing with the NSA. On Nov 14, 2013, at 4:35 PM, Adrien de Croy <adrien@qbik.com> wrote: > Hi all > > one of the things that has been troubling me about the mandatory TLS discussion, that I don't recall having seen discussed here is the issue of the implicit assumption that it's free or low-cost to include TLS into a product due to the availability of open source implementations. > > I think that assumption needs looking into a bit further. > > I'm going to go out on a limb here, and speculate, that if TLS were to become mandatory in HTTP/2 that the vast majority of implementers would choose OpenSSL for the TLS implementation. > > That immediately raises a number of issues. > > 1. Homogeneity and therefore susceptibility to exploits having effectively global reach. > 2. Maintainability of the source > > A related issue is the complexity argument which I also haven't seen put here. > > TLS is complex. The crypto is complex. Implementations of TLS with the cipher suites contain at least many hundreds of thousands of lines of code. Most of it fairly impenetrable from what I've seen sorry to say. > > Compared with an implementation of an HTTP stack, a TLS implementation completely dwarfs it for complexity and amount of code. Since these things are not maintained by infallible aliens but us mere mortals, there will be bugs. > > OpenSSL in my experience has had many troubles with vulnerabilities and stability. And it's an enormous undertaking for someone to fathom the code to attempt any maintenance on it at all. > > Does this mean, that if we made TLS mandatory, that effectively we would be placing the security of the web in the hands of the OpenSSL contributors. I think it effectively does. > > This is an EXTREMELY disturbing thought. The security of the systems associated with maintenance and deployment of OpenSSL are not at a sufficient level to warrant this level of global reliance. My own experience with OpenSSL has not been without serious problems, and in fact we've looked to ditch it many times and may still do. > > I don't think it is realistic to expect that http agent (server or client) developers will put much effort at all into maintenance of the TLS library. So maintenance will remain the domain of the few contributors. > > Too many eggs in too few baskets. > > Adrien
Received on Thursday, 14 November 2013 21:59:18 UTC