oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: cryptographic primitive choices [was: Re: Microsoft Warns Customers Away From RC4 and SHA-1]

From: Chris Palmer <snackypants () gmail com>
Date: Fri, 15 Nov 2013 11:18:33 -0800
On Thu, Nov 14, 2013 at 10:58 PM, Kurt Seifried <kseifried () redhat com> wrote:


Compatibility, for example HTTPS, you can disable a lot but if you
only allowed one cipher chances are a good chunk of clients wouldn't
be able to connect. There's a LOT of software out there, some open
source, some commercial, some written in house, it all uses encryption
and signing (usually wrongly, sigh) and a lot of it cannot or will not
be updated any time soon, if at all. Think of all the devices that act
as a web client and will never have TLS 1.2 support (e.g. "smart" TVs)
for example. Would I prefer the world to ditch SSL, TLS 1.0 and 1.1
and move to TLS 1.2 entirely? Of course. Is it going to happen? Not
for a loooong time.

Think of all the things that currently use (often older versions of)
OpenSSL/PolarSSL/GnuTLS/etc and will never get updated...


I posit that there is a strong correlation between un-updated,
un-updatable software that did not ship with (for example) support for
modern cipher suites and protocols, and software that should be
recalled for a variety of reasons. Random example:

https://securityledger.com/2013/08/samsung-smart-tv-like-a-web-app-riddled-with-vulnerabilities/

Let's unpack your use of the passive voice: Who, exactly, is choosing
not to update the OpenSSL they ship? Why do we forgive that?

To an extent, even security engineers are acting as enablers, allowing
obsolete software/protocols/cipher suites to live far longer than they
should have.

"LTS", "ESR", and not EOL'ing Windows XP 4+ years ago is a significant
part of the problem.
Previous By Date Next
Previous By Thread Next

Current thread: