Re: secure tcp ports from Dennis Glatting on 1997-02-06 (ietf-tls@w3.org from January to March 1997)

From: Dennis Glatting <dennis.glatting@plaintalk.bellevue.wa.us>
Date: Thu, 6 Feb 97 13:03:33 -0800
To: billo@server.net
cc: ietf-tls@w3.org
Message-Id: <199702062103.NAA00796@imo.plaintalk.bellevue.wa.us>

> Guess I can't lurk forever...
>
> While it may be inelegant to simply double the number of ports
> for security, it probably won't actually cause any serious
> insurmountable problems in the future. An application-level
> protocol or scheme for negotiation up to SSL/TLS will forever
> cause compatibility and interoperability problems.
>
> Saying "it's easy" to come up with a universal scheme to allow
> this kind of negotiation is naive.  In reality, it's probably
> impossible.
>
> As applications warrant it, we should either decide to assign a
> separate port for secure communications, or come up with a
> single-port scheme if the original protocol makes it
> possible.
>
> I'd like to suggest that telnet be an application that should
> have a separate port.
>

TLS is little more than an encrypted tunnel. It does not address
other protocols such as UDP; authentication of the client is
optional; authorization is not addressed; and the primary
purpose for which SSL was developed -- secure web page access --
is subject to spoofing attacks [1] (consequently, so are the
other services such as telnet). Though vendors are
pontificating its virtues and proliferation (to their
profit), TLS only addresses a small class of the security
problems.

TLS requires a CA, unless one of the proposed shared key
mechanisms are adopted. There is not a global CA
infrastructure, more or less a US infrastructure. Worse, in
the US there is the real possibility of escrow. Associated with
most CAs is a financial transaction.  Though traditional use of
security (in particular, cryptography) has often been
labeled as "not for free", requiring investment in a CA or
purchase of a CERT gives the term new meaning.

Though I see great value in TLS and consider it a good protocol,
there are issues and I urge caution.


There are mechanisms to perform the secure negotiation of
capabilities even in the face of escrow: the originator signs
his capability list along with other information (such as a
replay token). Though I do not know the laws of all the world's
jurisdictions, to my knowledge the use of strong crypto for
authentication is universally permitted.


-dpg

[1] "Web Spoofing: An Internet Con Game", Edward W. Felten,
Dirk Balfanz, Drew Dean, and Dan S Wallach. Department of
Computer Science, Princeton University.

Received on Thursday, 6 February 1997 16:07:36 UTC