Skip to Content.
Sympa Menu

per-entity - Re: [Per-Entity] HTTPS transport and TLS trust

Subject: Per-Entity Metadata Working Group

List archive

Re: [Per-Entity] HTTPS transport and TLS trust


Chronological Thread 
  • From: David Walker <>
  • To: <>
  • Subject: Re: [Per-Entity] HTTPS transport and TLS trust
  • Date: Tue, 6 Sep 2016 14:24:07 -0700
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:sYBIzBbal/BIYUrZTR9gkMj/LSx+4OfEezUN459isYplN5qZpsW6bnLW6fgltlLVR4KTs6sC0LWG9f27EjVdqb+681k8M7V0HycfjssXmwFySOWkMmbcaMDQUiohAc5ZX0Vk9XzoeWJcGcL5ekGA6ibqtW1aNwvyLzV1J/j4X8v7x4Tyjrjqus6bXwId0CKwe/Z/Kgm3sRT5t88dho5nLaB3zQHG9ChmYeNTkE9hO1Of1yn14sS95tY3/ztZv/Es7eZBV7n3ZaI1UeYeATg7ZTNmrPb3vAXOGFPcrkAXVX8bx18RW1DI
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Stepping back a bit...

I don't see why we need to provide multiple ways for clients to verify the metadata, particularly since we consider one to be reasonably strong, and the other not so much.  We have no guarantee that a metadata client (per-entity or aggregate) is checking signatures, anyway.  Since there's a cost to https (in terms of latency), I would say don't support it.

However, it's my understanding that ADFS requires https, independent of security or trust.  If that's the case, I'd be tempted to tell people they can use either http or https, but that they'll get lower latency with http, and the authenticity of the metadata they get should be verified from the signatures it contains, not from the transport.

David


On 09/06/2016 01:52 PM, Cantor, Scott wrote:
Just for the background information, another concern was the server
security which is assumed in TLS.  I'm not suggesting md.incommon.org is
not secure but it was difficult to quantify and it was certainly less
secure than the signing operation.  Ops also wanted to reserve the
flexibility of hosting its stand-by servers in co-locations without
special requirements on its physical security.
Right, that's the fundamental difference.

Signing Pro:
- self-contained / portable security model
Con:
- subject to MITM threats

Transport Pro:
- end to end security
Con:
- highly dependent on physical deployment characteristics that are difficult to replicate widely

I wouldn't necessarily argue that both don't have their place, but we implement both and long experience has led us to believe that it's better to attack the MITM problem with signing somehow than give up the flexibility.

I think probably the best option is to sign, use TLS, but not go overboard trying to lock down the TLS part. That provides reasonable protection against low-cost active attacks without relying on it exclusively.

-- Scott


Attachment: signature.asc
Description: OpenPGP digital signature




Archive powered by MHonArc 2.6.19.

Top of Page