On 07/12/13 15:06, Ralf Skyper Kaiser wrote: > Hi, > > > On Sat, Dec 7, 2013 at 3:01 PM, Tobias Gondrom > <[email protected] <mailto:[email protected]>> wrote: > > Hi Ralf, > > trying to understand what functionality you are seeking. > Should this be: > a) only a pinned "announcement" of the supported cipher suites on > the server or > b) "enforced" on the server? > > > That is open for discussion. My personal preference is that server > announces a set of 'STRONG' ciphers > to the client. The client will fail to connect on future connections > if none of the announced ciphers is no > longer available (downgrade attack under way).
I see your point. Like a "soft migration" patter for strong clients, while keeping old browsers accessible. I understand that this would only be enforced on the client and not on the server (noting your comment at the end). So, it is worth noting that this would still have some residual risks with all the old browsers and expired pins (which may be acceptable). Pinning this information in the browser could indeed help against a number of attack vectors in face of corporations unwilling to shut down the old algorithms / versions. As mentioned the procedure of pinning itself could be achieved relatively easy. Maybe one question: as the browser already has the information about all cipher suites offered in a TLS connection and could possible cache this information from previous connections already without pinning. Would pinning this via an http header or file add much value over this? What do you think? Cheers, Tobias > > > > > In case of b) would this mean that the server fails any insecure > cipher connection attempts. > > Best regards, Tobias > > > Ps.: btw. on a personal note: I found that the underlying paradigm > we had in browser web servers of "weak encryption would be better > than no encryption" from back in the day of weak algorithms due to > export regulations in the US is part of or even the root of the > problem. IMHO this allows the downgrading attacks. In my view we > should on server side shift to a paradigm of "either strong > encryption or no encryption at all". > > > I'm with you on this one. The big corporates who value their customers > (including the 5% still using SSLv2/v3) are not. Currently the 95% of > users are taking a security hit to let the 5% of all users still > connect to the websites. It will be like this for the foreseeable > future :/ > > regards, > > ralf >
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
