Re: Idea for making SSL more efficient

["Jason Coombs PivX Solutions" <jcoombs () PivX com>]

SSL is *supposed* to provide server and optional client authentication, but the reality is that relying on arbitrary 
certificate chains rooted by trust in a variety of third-party Certifying Authorities any of whom could issue an SSL 
certificate for any FQDN or a client certificate that the server may verify automatically (if it too allows open-ended 
third-party trust the way that Web clients generally do) with no way in many implementations to restrict to known-good 
public keys that we know to be associated with the server or client/user in question.

I wrote an article that shows how to restrict SSL connections based on the server's public key, as any change in keys 
that is unexpected *must* be viewed as a potential security breach. See:

http://www.windevnet.com/wdn/articles/2003/0309/

Sincerely,

Jason Coombs
Jcoombs () PivX com


-----Original Message-----
From: "Michael Howard" <mikehow () microsoft com>
Date: Fri, 16 Jul 2004 09:56:01 
To:"Paul Johnston" <paul () westpoint ltd uk>, <webappsec () securityfocus com>
Subject: RE: Idea for making SSL more efficient

SSL provides many security features, including authentication, integrity
checking and confidentiality. This solution provides only an integrity
check, and weak one at that - only a hash, not a MAC.

So what threat(s) concern you?

[Writing Secure Code 2nd Ed]
http://www.microsoft.com/mspress/books/5957.asp
[Protect Your PC] http://www.microsoft.com/protect
[Blog] http://blogs.msdn.com/michael_howard

-----Original Message-----
From: Paul Johnston [mailto:paul () westpoint ltd uk] 
Sent: Thursday, July 15, 2004 2:12 AM
To: webappsec () securityfocus com
Subject: Idea for making SSL more efficient

Hi,

A disadvantage with SSL is that it places increased load on the server, 
in particular because client's ISP caches cannot be used. In most 
situations the images on an SSL site are not confidential. If they are 
included as HTTP links then the browser will display a "mixture of 
secure and insecure content" warning. That is sensible, because an 
attacker could potentially manipulate the images to deceive the user.

My idea is to include a MD5 hash of the image in the img tag, so in an 
https page you could do <img src="http://x.y.z/a.png"; md5="xyz789"/> to 
reference an HTTP image. Images protected by these integrity checks 
would then not cause a browser warning.

I expect roll-out would not be easy, and also there may be concerns 
about infering what is on the SSL page from what images are requested 
(e.g. whether "overdrawn.png" gets requested).

Anyone got thoughts on this?

Paul

-- 
Paul Johnston
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
England
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul () westpoint ltd uk
web: www.westpoint.ltd.uk



Sent wirelessly via BlackBerry from T-Mobile.