[Date Prev][Date Next] [Chronological] [Thread] [Top]

Bind before/after StartTLS (was: Re: authmeth-07 issues)

At Feb 16 2004, Roger Harrison wrote:
> With the fairly extensive reworking of the effect of Start TLS and
> TLS closure on the LDAP association state, I'm wondering how WG
> members view the need for these security considerations proposed by
> Hallvard.  Your comments are greatly appreciated.

At Feb 16 2004, John McMeeking wrote:
> I don't think there is any need to add material to the Security
> Considerations section if the proposed changes to authmethod are made
> (your previous note on StartTLS and StopTLS).

I agree, but I just noticed that my second suggestion still
touches a problem:

> bind before startTLS is an insecure combination, and that an attacker
> also may insert a bind before a startTLS when the client expects to do
> anonymous operations with TLS.

Changing focus a bit, I suggest:

  Since an attacker can sometimes inject a Bind operation before the
  client can perform StartTLS, thus leaving the TLS-protected connection
  with unexpected authentication, it can be prudent to Bind immediately
  after StartTLS.  Servers can enforce this by invalidating the
  association after a successful StartTLS.

I don't quite like the wording, but that's the best I can come up with
at the moment.