From: Jeffrey Walton <noloader@gmail.com>
To: development@lists.ipfire.org
Subject: Re: Upgrading to OpenSSL 1.1.0
Date: Tue, 16 Jan 2018 07:34:23 -0500 [thread overview]
Message-ID: <CAH8yC8nHs3ROtSR1MAy0S+8g6-17xGEbUouhY86hs63Lq9extA@mail.gmail.com> (raw)
In-Reply-To: <82DD56CD-6501-49B9-BD2F-A766C9D82AEB@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 2137 bytes --]
On Tue, Jan 16, 2018 at 6:36 AM, ummeegge <ummeegge(a)ipfire.org> wrote:
> ...
>>> Another point in here is IPFire uses currently the level 3 of --script-
>>> security for the RW " 3 -- Allow passwords to be passed to scripts via
>>> environmental variables (potentially unsafe)" which is important for some
>>> kinds of authentication methods but which has also been marked as unsafe and
>>> have also be again pointed out while the QuarkLabs and Cryptography
>>> Engineering LCC audit -->
>>> https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAud
>>> its --> under "OVPN-08-1: OpenVPN configuration risks: --script-security 3"
>>> you can find there also OpenVPNs statements causing this topic.
>>
>> AFAIK we don't use any of those authentication methods. Or are we?
>
> Possibly all people which uses OpenVPN as a client on IPFire are rely to this auth method cause their VPN Provider sets usually "auth-user-pass-verify" directives. Since this option is not officially supported, i think their on their own...
Be careful of allowing users to be on their own if your goals are
security objectives. The results usually leave a lot to be desired.
>From NaCl's "Expert selection of default primitives"
(https://nacl.cr.yp.to/features.html):
Most programmers using cryptographic libraries are not expert
cryptographic security evaluators. Often programmers pass the
choice along to users—who usually have even less information
about the security of cryptographic primitives. There is a long
history of these programmers and users making poor choices of
cryptographic primitives, such as MD5 and 512-bit RSA, years
after cryptographers began issuing warnings about the security
of those primitives.
It may be a better idea to support users if that is what they demand.
If you are drop dead opposed to the support, then make it hard for
users to do it. Don't make it easy to do the insecure end-around. This
is part of the "easy to use correctly, hard to use incorrectly"
security design principal.
Sorry about the bikeshedding.
Jeff
next prev parent reply other threads:[~2018-01-16 12:34 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-29 13:12 Michael Tremer
2017-12-03 7:34 ` ummeegge
2017-12-07 11:21 ` ummeegge
2018-01-10 17:08 ` Michael Tremer
2018-01-12 11:02 ` ummeegge
2018-01-13 12:17 ` Michael Tremer
2018-01-14 10:59 ` ummeegge
2018-01-15 11:58 ` Michael Tremer
2018-01-16 11:36 ` ummeegge
2018-01-16 12:34 ` Jeffrey Walton [this message]
2018-01-16 13:02 ` Michael Tremer
2018-01-16 12:56 ` Michael Tremer
2018-01-16 14:28 ` Horace Michael
2018-01-18 10:07 ` ummeegge
2018-01-13 12:30 ` Jeffrey Walton
2018-01-15 11:59 ` Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAH8yC8nHs3ROtSR1MAy0S+8g6-17xGEbUouhY86hs63Lq9extA@mail.gmail.com \
--to=noloader@gmail.com \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox