[Date Prev][Date Next] [Chronological] [Thread] [Top]

Bind before/after StartTLS (was: Re: authmeth-07 issues)

To: ietf-ldapbis@OpenLDAP.org
Subject: Bind before/after StartTLS (was: Re: authmeth-07 issues)
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Wed, 10 Mar 2004 17:56:12 +0100
In-reply-to: <OF6A0836FB.9A523361-ON86256E3C.0050A1FD-86256E3C.0050E10C@us.ibm.com>
References: <s0300f89.025@prv-mail20.provo.novell.com> <OF6A0836FB.9A523361-ON86256E3C.0050A1FD-86256E3C.0050E10C@us.ibm.com>

At Feb 16 2004, Roger Harrison wrote:
> With the fairly extensive reworking of the effect of Start TLS and
> TLS closure on the LDAP association state, I'm wondering how WG
> members view the need for these security considerations proposed by
> Hallvard.  Your comments are greatly appreciated.

At Feb 16 2004, John McMeeking wrote:
> I don't think there is any need to add material to the Security
> Considerations section if the proposed changes to authmethod are made
> (your previous note on StartTLS and StopTLS).

I agree, but I just noticed that my second suggestion still
touches a problem:

> bind before startTLS is an insecure combination, and that an attacker
> also may insert a bind before a startTLS when the client expects to do
> anonymous operations with TLS.

Changing focus a bit, I suggest:

  Since an attacker can sometimes inject a Bind operation before the
  client can perform StartTLS, thus leaving the TLS-protected connection
  with unexpected authentication, it can be prudent to Bind immediately
  after StartTLS.  Servers can enforce this by invalidating the
  association after a successful StartTLS.

I don't quite like the wording, but that's the best I can come up with
at the moment.

-- 
Hallvard

Prev by Date: Re: Simple auth and TLS (Was: authmeth review notes [long])
Next by Date: Re: New text: Attributes with no equality matching rule
Index(es):
- Chronological
- Thread