Now that I've cleaned up our TLS code from the unholy mess it used to be and abstracted it into a reasonable set of library functions, this has inspired me to investigate cleaning up a rather annoying deficiency that we have. Specifically, we don't do any certificate validation at all for TLS; zero, nada, zilch. We basically just are treating the TLS connection as anonymous DH, and we are open to MITM attacks. This is mildly embarassing, to say the least. But the options here for solving this problem are not great.
The _code_ to do verify a certificate chain in OpenSSL is relatively straightforward; I'm not worried about writing that. But sadly, the configuration for all of that is lousy, and you start to see why web browsers ship with their own set of root certificates. A brief survey suggests to me that common open-source systems do not ship a set of popular commercial root certificates. That would require people to get root certificates ... and while I can imagine that SOME people, here especially, would bother to do that, let's be honest: most people WON'T. As we've seen, a lot of people don't use replyfilter despite it being around for 4 years and something everyone complains about. So it would be a fair amount of code that few people would use, and even less know about. I've been poking around and I see that there is something that MIGHT be worthwhile to look at: something called "trust on first use" (TOFU) which basically replicates the SSH key model; upon first connection you decide to trust the certificate you get, and you save that for later. How this works when certificates expire is a little unclear to me; maybe you save the whole certificate chain and you decide to trust new certs that go back to the original root. If this was enabled by default we'd get a lot better security out of the box. We MIGHT be able to get this done for 1.7; I'm unsure. But I think it's worth talking about. Thoughts? --Ken _______________________________________________ Nmh-workers mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/nmh-workers
