On 02/14/2010 07:28 PM, Daniel Veditz:
To solve the problem for real in the long run both servers and clients need to be patched, and patched clients and servers must not talk to unpatched servers and clients. In the short run that's unrealistic so the Firefox settings are currently extremely permissive,
I'm not sure this is correct, because it breaks client authenticate. This is the only case where renegotiation is/was really needed.
With that, it's breaking the client certificate authentication of a couple of ten thousands of active user accounts at StartSSL. I take it as a reward for being the only CA protecting sensitive information with something better than username password pairs. :-)
This will break client-auth in most cases so there's a global pref that allows unsafe renegotiation, and another pref so you could whitelist a server or two you need to do client-auth with.
Yes, and who is going to teach them all to revert something which will in the long run remain vulnerable? I believe this is the wrong approach and Mozilla should really wait until the the most commonly used servers implemented the new RFC as well (at least). Those are Apache with mod_ssl and IIS.
These are _test_ builds and don't necessarily reflect how we'll ship a future Firefox update. For updates on the stable branches we'll probably have to allow unsafe renegotiation for a while, it's not a good strategy to ship a security updates and force people to choose between security and connecting with their bank/gov't/work.
Right! As such, I want to make you aware that it's possible to mitigate the risks, for example servers may refuse client-initiated authentication, leaving client certificate authentication working for server initiated re-negotiation. Then the application layer can further protect the server, because after all, a client certificate has to be presented by the client. This will make an attack on the server mostly useless.
Later this year we can start showing broken SSL indicators for unpatched servers, when at least some servers are patched.
I'm afraid that in the meantime we'll have to get used to the hundreds of support calls from those using nightlies. And I suspect that the share of the typical audience at StartCom is higher than elsewhere. :-(
-- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP: start...@startcom.org Blog: http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
