Skip to Content [alt-c]

Comment

In reply to STARTTLS Considered Harmful

Reader Dave Cridland on 2014-10-18 at 20:04:

OK, so I think you're wrong, but where to start? Mostly, I think you've decided that you want to write Titus in a certain way, and since STARTTLS doesn't allow you to do this, therefore STARTTLS is bad.

So first off: Most protocols using STARTTLS involve relatively few client/server pairings. It's not clear whether STARTTLS would have been useful on the web - I suspect it would have been, but history didn't go that way - but the web does have the issue that there are a vast number of services to track. But an XMPP client (or an MUA) can, trivially, know which services offer TLS. STARTTLS allows clients to discover this trivially, without user interaction, and additionally allows this information to be cached. It's best to think of STARTTLS advertising as - like SASL mechanism advertising - a once-only, account-configuration thing. After that mental adjustment, you're really down the the counter-argument that it's an additional round-trip, and I can argue that one with you as well if you really want.

A key factor in the "different URI" debate is that I have no way of knowing whether https://www.google.co.uk/ is the same service as http://www.google.co.uk/ - the differing scheme actually imposes that a client must assume otherwise. On the other hand, STARTTLS protocols are effectively mandated to offer the same service (though many refuse access to non-protected sessions).

Finally, while SNI has helped, there are protocols which need application data to select the correct certificate to use.

I do agree that TLS is now the only interesting security layer, however - while GSSAPI still gives you good security, most people will want TLS.

It might help, though, to understand that there's lots of other things Titus can't do because of its nature. It can't handle outgoing sessions, it can't handle certificate selection outside SNI, it can't handle client authentication, it cannot let a server note an improper TLS shutdown, it prevents channel binding, and so on. Every one of these things is important.

Many of these things are impossible to implement if Titus is the dumb pass-through it currently is. I shall leave it as a trivial exercise to the reader to figure out an architecture that supports them - and incidentally support STARTTLS - without including a protocol parser.

Reply

Post a Reply

Your comment will be public. If you would like to contact me privately, please email me. Please keep your comment on-topic, polite, and comprehensible.

(Optional; will be published)

(Optional; will not be published)

(Optional; will be published)

  • Blank lines separate paragraphs.
  • Lines starting with ">" are indented as block quotes.
  • Lines starting with two spaces are reproduced verbatim.
  • Text surrounded by *asterisks* is italicized.
  • Text surrounded by `back ticks` is monospaced.
  • URLs are turned into links.
  • Use the Preview button to check your formatting.