Message 150094 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	naif
Recipients	naif
Date	2011-12-22.14:34:48
SpamBayes Score	2.902173e-11
Marked as misclassified	No
Message-id	<1324564490.24.0.352449270187.issue13647@psf.upfronthosting.co.za>
In-reply-to

Content
It has been noticed by the well known security researcher Dan Kaminsky ( http://dankaminsky.com/) that Python SSL binding doesn't securely validate a digital certificate while used. There is a new "match_hostname"http://pypi.python.org/pypi/backports.ssl_match_hostname/ that doesn't implement all the required, standard SSL/TLS Client security checks that should be done. Dan suggestion to properly implement implement default SSL/TLS Client security check is as follow: === Encryption without authentication offers little value; it is the canonical "secure in the absence of an attacker" state. Python's SSL/TLS code presently does not authenticate the connection by default. There are of course reasons for this: 1) Collecting and maintaining the appropriate SSL/TLS roots is difficult, assuming people are even connecting to globally trusted resources 2) Changing authentication policy silently threatens to break production apps These are real problems that can't just be waved away. In the long run, a more scalable trust distribution system needs to be supported (DNSSEC, most likely) but the present state of affairs remain ugly. This is what I would recommend: A) Integrate the Mozilla CA pack into Python, updating it with each security release. B) Make certificate validation tristate. B y default, it merely emits to stderr an error similar to what happens if deprecated content is included. This is vaguely heretical but whatever. Then add a couple of API calls: a) ValidateCerts, a single call that enables the Mozilla CA pack b) AddCert, a single call that declares a particular cert as trusted c) AddRoot, a single call that declares a particular root as trusted d) DisableValidation, a single call that removes the error C) Integrate a hooking mechanism to add or replace the certificate validation process. Please send this API the name of the host you're attempting to validate, and be sure to allow it to return "I don't know, try your normal validation procedure". Be sure you include all the necessary checks, including: A) Expiration B) SAN/CN C) Basic Constraints checking D) Name Constraints Possibly a future version of Python should _actually_ deprecate non-validating SSL/TLS, but certainly not a security patch. Too high a risk of breakage. === It would be valuable to provide the default SSL/TLS Client verification exactly like Mozilla/Chrome/Curl/Wget does.

It has been noticed by the well known security researcher Dan Kaminsky (
http://dankaminsky.com/) that Python SSL binding doesn't securely validate a digital certificate while used.

There is a new "match_hostname"http://pypi.python.org/pypi/backports.ssl_match_hostname/ that doesn't implement all the required, standard SSL/TLS Client security checks that should be done.

Dan suggestion to properly implement implement default SSL/TLS Client security check is as follow:

===
Encryption without authentication offers little value; it is the canonical "secure in the absence of an attacker" state.
Python's SSL/TLS code presently does not authenticate the connection by default.

There are of course reasons for this:

1) Collecting and maintaining the appropriate SSL/TLS roots is difficult, assuming people are even connecting to globally trusted resources
2) Changing authentication policy silently threatens to break production apps

These are real problems that can't just be waved away.
In the long run, a more scalable trust distribution system needs to be supported (DNSSEC, most likely) but the present state of affairs remain ugly.

This is what I would recommend:

A) Integrate the Mozilla CA pack into Python, updating it with each security release.

B) Make certificate validation tristate. B
y default, it merely emits to stderr an error similar to what happens if deprecated content is included.
This is vaguely heretical but whatever.
Then add a couple of API calls:
a) ValidateCerts, a single call that enables the Mozilla CA pack
b) AddCert, a single call that declares a particular cert as trusted
c) AddRoot, a single call that declares a particular root as trusted
d) DisableValidation, a single call that removes the error
C) Integrate a hooking mechanism to add or replace the certificate validation process.
Please send this API the name of the host you're attempting to validate, and be sure to allow it to return "I don't know, try your normal validation procedure".

Be sure you include all the necessary checks, including:
A) Expiration
B) SAN/CN
C) Basic Constraints checking
D) Name Constraints

Possibly a future version of Python should _actually_ deprecate non-validating SSL/TLS, but certainly not a security patch.
Too high a risk of breakage.
===

It would be valuable to provide the default SSL/TLS Client verification exactly like Mozilla/Chrome/Curl/Wget does.

History
Date	User	Action	Args
2011-12-22 14:34:50	naif	set	recipients: + naif
2011-12-22 14:34:50	naif	set	messageid: <1324564490.24.0.352449270187.issue13647@psf.upfronthosting.co.za>
2011-12-22 14:34:49	naif	link	issue13647 messages
2011-12-22 14:34:48	naif	create