[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: Handling of certificates in Debian

On Fri, Aug 30, 2002 at 02:57:12PM -0700, Neil Spring wrote:
> On Fri, Aug 30, 2002 at 06:58:00PM +0100, Andrew McDonald wrote:
> > On a similar subject, there seem to be more than a few applications
> > that have had "SSL/TLS support" added, but don't do any hostname
> > checking against the certificate - leaving you open to
> > man-in-the-middle attacks.
> (speaking as an offender)

ditto at times - if someone who knows more about GNOME than me wants
to look at libgnomevfs2 please do, the code there was a quick
replacement of the existing openssl implementation to solve the licence
issues - it fails to do any checking.

> Why is it that TLS libraries don't handle a lot of this
> simple validation on behalf of applications?
> Why is it that the sample gnutls code doesn't seem to
> include this check?

Some sample code, based on my implementation for mutt, is now included
in the documentation for gnutls in CVS, as of earlier today. ;-)

> It seems like you've contributed a lot of mutt-specific code
> to handle certificate validation in the-right-way, but that
> the procedure is both generally useful and error-prone so
> should be centralized.

One of the problems of automating the complete set of certificate
checking (hostname on cert, expiration date, validity of signatures,
etc) is that it often requires user interaction.

Users are likely to complain if they can't access their POP3 server
because the certificate expired yesterday, but they should be warned
about it so they can make the choice (inevitably they'll probably just
click 'accept'...)

Even the hostname check can be problematic - does the user really need
to accept the certificate every time because the name doesn't match?
(I've solved this for mutt by using a cache where I save the hostname
against the certificate fingerprint, mozilla does something similar.)

You also have to be careful with STARTTLS (upgrading to TLS on a
connection) if you want to rely on using TLS through this method.
(e.g. see http://bugs.guug.de/db/12/1284.html).

I'm still missing CRL checking in my mutt/gnutls patch (that's
something that very few people seem to implement, or have enabled when
it is available).

I'm not sure what the summary of this e-mail is, probably that it's
not as easy as it might first look.

Andrew McDonald
E-mail: andrew@mcdonald.org.uk

Reply to: