[LINK] Ubiquitous encryption on the Internet backbone
stephen at melbpc.org.au
stephen at melbpc.org.au
Wed Dec 18 05:34:11 AEDT 2013
Mass Surveillance Prompts IETF Work on SSL Deployment Guidelines
By Lucian Constantin (IDG News Service)17 December, 2013
<http://www.arnnet.com.au/article/534453/mass_surveillance_prompts_ietf_wor
k_ssl_deployment_guidelines/>
A newly created working group within the Internet Engineering Task Force
(IETF) has set out to develop best practices for deploying SSL encryption
for Internet communications ..
IETF's new "Using TLS in Applications" (UTA) group became active last
Wednesday when its charter was approved.
<https://datatracker.ietf.org/doc/charter-ietf-uta/>
It will focus on issuing guidance on using TLS (Transport Layer Security),
the successor of SSL (Secure Sockets Layer), with several application
protocols: SMTP (Simple Mail Transfer Protocol) used for email transmission
across the Internet; POP (Post Office Protocol) and IMAP (Internet Message
Access Protocol) used by email clients to retrieve emails from servers;
XMPP (Extensible Messaging and Presence Protocol) used for instant
messaging; and HTTP (Hypertext Transfer Protocol) version 1.1, the
foundation of data communication on the World Wide Web.
This working group has its roots in the IETF "perpass" mainling list that
was created explicitly to coordinate ideas and discussions on pervasive
monitoring and surveillance, Leif Johansson, member of the board of
directors at Internet Exchange Point (IXP) operator Netnod and co-chair of
the new IETF UTA group, said via email.
IETF joined several other Internet infrastructure groups in October in
expressing strong concern over what they called "the undermining of the
trust and confidence of Internet users globally due to recent revelations
of pervasive monitoring and surveillance."
Mass Internet surveillance was the topic that received the most attention
at the 88th IETF Meeting in early November, according to IETF chair Jari
Arkko.
During that meeting's technical plenary, cryptography and security expert
Bruce Schneier, who had access to the cache of secret documents leaked by
former NSA contractor Edward Snowden, said that the goal of the technical
community should be to make eavesdropping expensive and force the NSA to
abandon wholesale collection of data in favor of targeted collection.
"Ubiquitous encryption on the Internet backbone will do an enormous amount
of good -- provide some real security and cover traffic for those who need
to use encryption," he said. "The more you can encrypt data as it flows on
the Internet, the better we'll do."
Later in November, the IETF working group responsible for developing the
next version of the HTTP protocol -- HTTP 2.0 -- said it's considering
making encryption a standard requirement for the protocol.
While this change would be a major improvement for the security of the Web,
HTTP 2.0 is at least a year away from becoming a standard and it will
probably take a long time for it to become widely adopted. In the meantime,
the newly established IETF UTA working group aims to encourage the adoption
of SSL/TLS encryption to secure existing Internet data transmissions.
The main problem right now is that most protocols that support TLS don't
get deployed with TLS or are deployed with weak ciphers enabled, Johansson
said. The new working group's goal is to provide clear and simple
operational guidelines that can inform actual real-world deployment of TLS
in actual real-world protocols, he said.
According to its charter, the group has the following tasks:
-- Update the definitions for using TLS over a set of representative
application protocols. This includes communication with proxies, between
servers, and between peers, where appropriate, in addition to client/server
communication.
-- Specify a set of best practices for TLS clients and servers, including
but not limited to recommended versions of TLS, using forward secrecy, and
one or more ciphersuites and extensions that are mandatory to implement.
-- Consider, and possibly define, a standard way for an application client
and server to use unauthenticated encryption through TLS when server and/or
client authentication cannot be achieved.
-- Create a document that helps application protocol developers use TLS in
future application definitions.
"The WG will make the fewest changes needed to achieve good interoperable
security for the applications using TLS," the group's charter says. "No
changes to TLS itself will be made in this WG, and the WG will ensure that
changes to current versions of popular TLS libraries will not be required
to conform to the WG's specifications."
The main problem with deploying SSL/TLS is that there are many things to
get wrong, from using configurations with insecure ciphers and
insufficiently strong private keys to using older versions of TLS libraries
that don't have all security patches.
"SSL/TLS is a deceptively simple technology," SSL experts from security
firm Qualys said in a document describing SSL/TLS deployment best
practices.
https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.3.pdf
"SSL is easy to deploy, but it turns out that it is not easy to deploy
correctly. To ensure that SSL provides the necessary security, users must
put extra effort into properly conguring their servers."
In recent years, researchers demonstrated attacks against TLS
configurations that use the RC4 stream cipher or block ciphers operating in
cipher-block-chaining (CBC) mode, leaving ciphers that operate in
Galois/Counter Mode (GCM) as the secure alternatives. However, GCM ciphers
are only available in TLS 1.2 which is not widely deployed at the moment.
According to statistics from the SSL Pulse project, only around 22 percent
of the world's 161,000 most popular HTTPS (HTTP Secure) websites had
support for TLS 1.2 as of Dec. 2. On the client-side, only recent versions
of the most popular browsers support this version of the protocol.
https://www.trustworthyinternet.org/ssl-pulse/
"I believe there will be a lot of effort among large-scale deployers of
HTTPS to move to TLS 1.2," Johansson said.
Following reports about NSA's efforts to defeat encryption, security
experts believe that breaking 1024-bit SSL private keys is within the
agency's ability given its financial resources and access to powerful
computers.
Providers of popular Web services like Google, Facebook, Microsoft and
Twitter are already using SSL certificates with 2048-bit keys and the
Baseline Requirements for the Issuance and Management of Publicly-Trusted
Certificates, a set of guidelines published by the Certification
Authority/Browser (CAB) Forum, mandates that all newly issued SSL
certificates with a validity period ending after Dec. 31 should use 2048-
bit RSA keys.
However, cracking private keys using brute-force methods is not the only
way to subvert encryption. An intelligence agency like the NSA could simply
ask or coerce service providers to hand over their keys or they could break
into servers and steal them. This would allow the decryption of all
previously captured traffic.
To counter that, security experts recommend configuring SSL deployments to
use key exchange algorithms that support a feature called perfect forward
secrecy. The algorithms generate separate and temporary private keys for
each individual session, making it impossible to decrypt previously
captured traffic by obtaining a single key.
Such security considerations are just some of the factors that should guide
a strategy for deploying TLS. There are also differences between using TLS
with HTTP and using TLS with other application protocols, which can make
things even more confusing for application developers, server
administrators and other TLS implementers.
"The IETF at its best can bring together the best and the brightest and as
a chair I hope that efforts like the Qualys SSL Labs, the XMPP Manifesto
and others will join together to inform UTA," Johansson
said.
Message sent using MelbPC WebMail Server
More information about the Link
mailing list