| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | Martijn van Oosterhout <kleptog(at)svana(dot)org>, Gregory Stark <stark(at)enterprisedb(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSL cleanups/hostname verification |
| Date: | 2008-10-21 12:36:59 |
| Message-ID: | 901CF132-56C4-4817-B12C-F146C40AD9D4@hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 21 okt 2008, at 13.41, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
> Martijn van Oosterhout wrote:
>> SSH is a good example, it only works with self-signed certificates,
>> and
>> relies on the client to check it. Libpq provides a mechanism for the
>> client to verify the server's certificate, and that is safe even if
>> it
>> is self-signed.
>> If the client knows the certificate the server is supposed to
>> present,
>> then you can't have a man-in-the-middle attack, right? Whether it's
>> self-signed or not is irrelevent.
>
> That appears to be correct, but that was not the original issue
> under discussion.
>
> Both a web browser and an SSH client will, when faced with an
> untrusted certificate, pop a question to the user. The user then
> verifies the certificate some other way (in theory), answers/clicks
> yes, and then web browser and SSH client store the certificate
> locally marked as trusted, so this question goes away the next time.
>
> An SSL-enabled libpq program will, when faced with an untrusted
> certificate, go ahead anyway, without notification. (Roughly
> speaking. If I understand this right, there are other scenarios
> depending on whether the client user has set up the requires files
> in ~/.postgresql. All this just leads users to do the wrong thing
> by neglect, ignorance, or error.)
>
> The change Magnus proposes is that SSL-enabled libpq programs will
> in the future refuse to connect without a trusted certificate.
> Being a library, we cannot really go ask the user, as web browser
> and SSH client do, but I could imagine that we could make psql do
> that and store the trusted certificate automatically in a local
> place. Then we would be close to the usual operating mode for SSH
> and web browsers, and then chances are better that users can
> understand this setup and use it securely and easily.
>
>> Preventing casual snooping without preventing MitM is a rational
>> choice
>> for system administrators.
>
> I am not an expert in these things, but it seems to me that someone
> who can casually snoop can also casually insert DHCP or DNS packages
> and redirect traffic. There is probably a small niche where just
> encryption without server authentication prevents information leaks,
> but it is not clear to me where this niche is or how it can be
> defined, and I personally wouldn't encourage this sort of setup.
Yes, see the discussion with Dan Kaminsky on list a while back, which
is what prompted me to finally getting around to fixing this long-time
todo...
/mha
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gregory Stark | 2008-10-21 12:40:13 | Re: SSL cleanups/hostname verification |
| Previous Message | Magnus Hagander | 2008-10-21 12:34:58 | Re: SSL cleanups/hostname verification |