On 5/10/2004 3:02 AM, RL 'Bob' Morgan wrote:
So a "secure ports only" policy has very little to do with security and
very much to do with organizational power relationships, and making
your computing environment dysfunctional.
Somebody check my math on this please, but it seems to me that the whole
STARTTLS approach is succeptible to a specific attack which the secure
socket model is not.
Your "math" is incorrect in that both STARTTLS and the separate port approach
are vulnerable to this attack. In the separate port case an attacker has only
to block the separate port completely, forcing a fallback to the regular port.
(Not providing fallback in such cases is rarely a viable option.) It is also
possible to interfere with the TLS negotiation itself, causing negotiation of
unacceptably weak security.
All of these attacks can be twarted by requiring (on either the client or
server or both) a certain level of security. We've been providing the necessary
knobs to enforce this for quite a few years now; I'm fairly sure other vendors
have similar knobs.
Unless that's wrong for some reason, I'd say that a "secure ports policy"
actually is more secure.
It isn't. See above.
Ned
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf