[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ssf Security Question

To: Howard Chu <hyc@symas.com>, Michael Ströder <michael@stroeder.com>, openldap-technical@openldap.org
Subject: Re: ssf Security Question
From: William Brown <wibrown@redhat.com>
Date: Mon, 20 Nov 2017 13:06:46 +0100
In-reply-to: <08e87888-2124-264c-ccd1-c24d552dbc06@symas.com>
References: <55f77c41-37ac-f956-6771-ea08e1de2847@gmail.com> <1510887181.4395.126.camel@redhat.com> <2b2058d7-3d20-d8ac-7e70-125dbed10936@stroeder.com> <1511164504.7096.4.camel@redhat.com> <WM!fb410ef0b13b393d122e67c75a4af8b5fe76a010c4d5a724cc2bd00b747ca8506a6da989e80889f2c258399ea6162c9b!@mailstronghold-2.zmailcloud.com> <08e87888-2124-264c-ccd1-c24d552dbc06@symas.com>

On Mon, 2017-11-20 at 11:22 +0000, Howard Chu wrote:
> William Brown wrote:
> > On Fri, 2017-11-17 at 08:34 +0100, Michael Ströder wrote:
> > > William Brown wrote:
> > > > Just want to point out there are some security risks with ssf
> > > > settings.
> > > > I have documented these here:
> > > > 
> > > > https://fy.blackhats.net.au/blog/html/2016/11/23/the_minssf_tra
> > > > p.ht
> > > > ml
> > > 
> > > Nice writeup. I always considered SSF values to be naive and
> > > somewhat
> > > overrated. People expect too much when looking at these numbers -
> > > especially regarding the "strength" of cryptographic algorithms
> > > which
> > > changes over time anyway with new cryptanalysis results coming
> > > up.
> > > 
> > > Personally I always try to implement a TLS-is-must policy and
> > > prefer
> > > LDAPS (with correct protocol and ciphersuites configured) over
> > > LDAP/StartTLS to avoid this kind of pre-TLS leakage.
> > > Yes, I deliberately ignore "LDAPS is deprecated". ;-]
> > 
> > I agree. If only there was a standards working group that could
> > deprecate startTLS in favour of TLS .... :)
> 
> I have to agree as well. On my own servers I also use TLS on other
> "plaintext" 
> ports too (such as pop3 and others) that no one has any business
> connecting to 
> in plaintext.

Yep. TLS and end-to-end is the way of the future. We need to update our
documents to support this :) 

> 
> > > Furthermore some LDAP server implementation (IIRC e.g. MS AD)
> > > refuse
> > > to
> > > accept SASL/GSSAPI bind requests sent over TLS-secured channel.
> > > Which
> > > is
> > > IMO also somewhat questionable.
> > 
> > Yes, I really agree. While a plain text port exists, data leaks are
> > possible. We should really improve this situation, where we have
> > TLS
> > for all data to prevent these mistakes.
> > 
> > I think a big part of the issue is that GSSAPI forces the
> > encryption
> > layer, and can't work via an already encrypted channel. The people
> > I
> > know involved in this space are really resistant to changing this
> > due
> > to the "kerberos centric" nature of the products.
> 
> Interesting. Our libldap/liblber works fine with GSSAPI's encryption
> layered 
> over TLS and vice versa.
> 

Sadly your libldap/liblber is not the only one we have to use. I'm told
that especially AD for IPA trust's is unable to do GSSAPI-over-TLS.

Really, IMO if the SSF is already > 1, then GSSAPI shouldn't install
encryption layer, but you know, I'm not the one who writes the SASL
code ... If you have some contacts in this space, I'm open to
suggestion as to how we can proceed to improve this, 

-- 
Sincerely,

William Brown
Software Engineer
Red Hat, Australia/Brisbane

References:
- ssf Security Question
  - From: Kaya Saman <kayasaman@gmail.com>
- Re: ssf Security Question
  - From: William Brown <wibrown@redhat.com>
- Re: ssf Security Question
  - From: Michael Ströder <michael@stroeder.com>
- Re: ssf Security Question
  - From: William Brown <wibrown@redhat.com>
- Re: ssf Security Question
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: One account for modifying directory and wiki
Next by Date: Re: One account for modifying directory and wiki
Index(es):
- Chronological
- Thread