[fc-discuss] Financial Cryptography Update: SSL v2 Must Die - Notice of Extinction to be issued

iang@iang.org iang@iang.org
Tue, 6 Sep 2005 13:18:25 +0100 (BST) 

 Financial Cryptography Update: SSL v2 Must Die - Notice of Extinction to be issued 

                           September 06, 2005


------------------------------------------------------------------------

https://www.financialcryptography.com/mt/archives/000472.html



------------------------------------------------------------------------

A Notice of Extinction for prehistoric SSL v2 web servers is being
typed up as we speak.  This dinosaur should have been retired
net-centuries ago, and it falls to Mozilla to clean up.

http://weblogs.mozillazine.org/gerv/archives/2005/09/ssl2_must_die.html

In your browser, turn off SSL v2 (a two-clawed footprint in protocol
evolution).  Go here and follow the instructions:

http://weblogs.mozillazine.org/gerv/archives/2005/05/quick_ssl_versi.ht
ml

You may discover some web sites that can't be connected to in HTTPS
mode.  Let everyone know where they are and to avoid them.

https://bugzilla.mozilla.org/show_bug.cgi?id=116168
https://bugzilla.mozilla.org/show_bug.cgi?id=116169

Maybe they'll receive a Notices of Imminent Extinction.  When I last
looked at SecuritySpace there were no more than 4445 of them, about 2%.

http://www.securityspace.com/s_survey/sdata/200504/protciph.html

But Gerv reports it is down to 2000 or so.  (Measurement of websites is
not an accurate science.)

Elsewhere, Eric Rescorla published some slides on a talk he'd given on
"Evidence" (apologies, URL mislaid).  Eric is the person who wrote the
book on SSL and TLS (literally) and also served as the editor of the
IETF committee.  In this talk, he presented the case for
"evidence-based security" which he refers to as looking at the evidence
and acting on what it tells you.  Very welcome to see this approach
start to take root.

Another factoid - relevent to this post - he gave was that the
half-life of an OpenSSL exploit is about 50 days (see chart half way
down).	That's the time it takes for half of the OpenSSL servers out
there to be patched with a known exploit fix.  Later on, he states that
the half life for windows platforms with automated patching is 21 days
for external machines and 62 days for internal machines (presumably
inside some corporate net).  This is good news, this means there isn't
really any point in delaying the extinction of SSL v2:	The sooner
browsers ditch it the sooner the dinosaurs will be retired - we can
actually make a big difference in 50 days or so.

Why is this important?	Why do we care about a small group of sites are
still running SSL v2.  Here's why - it feeds into phishing:

In order for browsers to talk to these sites, they still perform the
SSL v2 Hello.  Which means they cannot talk the TLS hello.

Which means that servers like Apache cannot implement TLS features to
operate multiple web sites securely through multiple certificates. 
Which means that the spread of TLS (a.k.a. SSL) is slowed down
dramatically (only one protected site per IP number - schlock!), and
this means that anti-phishing efforts at the browser level haven't a
leg to stand on when it comes to protecting 99% of the web.

Until *all* sites stop talking SSL v2, browsers will continue to talk
SSL v2.  Which means the anti-phishing features we have been building
and promoting are somewhat held back because they don't so easily
protect everything.

(There's more to it than that, but that's the general effect:  one
important factor in addressing phishing is more TLS.  To get more TLS
we have to get rid of SSL v2.)

-- 
Powered by Movable Type
Version 2.64
http://www.movabletype.org/