Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:72514
Return-Path: <rdlowrey@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 23392 invoked from network); 12 Feb 2014 12:50:57 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 12 Feb 2014 12:50:57 -0000
Authentication-Results: pb1.pair.com smtp.mail=rdlowrey@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=rdlowrey@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.178 as permitted sender)
X-PHP-List-Original-Sender: rdlowrey@gmail.com
X-Host-Fingerprint: 209.85.213.178 mail-ig0-f178.google.com  
Received: from [209.85.213.178] ([209.85.213.178:64323] helo=mail-ig0-f178.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 3F/C0-19387-E2E6BF25 for <internals@lists.php.net>; Wed, 12 Feb 2014 07:50:55 -0500
Received: by mail-ig0-f178.google.com with SMTP id uq10so10928033igb.5
        for <internals@lists.php.net>; Wed, 12 Feb 2014 04:50:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=1IsnaXKhnor9fxGP2gjMFP50fnUXTFHbM4rOO8ap0O0=;
        b=b36k8HOdy/hmQo2LnLQMVurH0uTxottEm2yzlxA3XRRMpwdyR1jFuEjbyjbp/6j9Nn
         YfFcwApN8IfSLRg0LyHcDqz6YZNImdPppM/mKE0vhqV/NfZp9D7yZVysRpZCBO+dhP2w
         sICWF/lI6dVb3EJkbJfQiVDCbzZpXsN5T4zohDbKHr13GkElcELUiFkgEeifrrVe3z7v
         Ll7GNVnqc2FZS4wj07momr7HM0r0IyRlhggW6LUlKcMs/3PANuyIWB41tWTpPggN3wZ1
         7Iu63+OQQrbLJUoDMkhYqggrGjkIiWH9oFn9iSc03bdbWJ+PdM4+u+cA8ugCwHryD7od
         gLhQ==
MIME-Version: 1.0
X-Received: by 10.50.60.105 with SMTP id g9mr3723208igr.14.1392209452640; Wed,
 12 Feb 2014 04:50:52 -0800 (PST)
Received: by 10.50.34.131 with HTTP; Wed, 12 Feb 2014 04:50:52 -0800 (PST)
In-Reply-To: <CALwr1GnO+j2zDk+ykgF4E5O=quSOUPiZCcBbpmaqbH34j6xU0g@mail.gmail.com>
References: <CAH8Mpn=dhpKEM_fU=zq0JRx9G0mrD_E6duAu=Sz-6++Qt-TO_g@mail.gmail.com>
	<52FA932D.5050504@sugarcrm.com>
	<CAH8MpnnC6-gR5REPciKM4nXkXtquP3q5Z00d+WkA+Kz5vak4ZA@mail.gmail.com>
	<CALwr1GnO+j2zDk+ykgF4E5O=quSOUPiZCcBbpmaqbH34j6xU0g@mail.gmail.com>
Date: Wed, 12 Feb 2014 07:50:52 -0500
Message-ID: <CAH8MpnmorTAjYoPG_ApCYSV0QYJiDu79Hx7O9i76XYomO6_hGg@mail.gmail.com>
To: =?ISO-8859-1?Q?P=E1draic_Brady?= <padraic.brady@gmail.com>
Cc: Stas Malyshev <smalyshev@sugarcrm.com>, 
	"internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=047d7b10caa5e0af9204f2350503
Subject: Re: [PHP-DEV] [VOTE] Improved TLS Defaults RFC
From: rdlowrey@gmail.com (Daniel Lowrey)

--047d7b10caa5e0af9204f2350503
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On Wed, Feb 12, 2014 at 7:17 AM, P=E1draic Brady <padraic.brady@gmail.com>w=
rote:

> Hi,
>
> On 11 February 2014 21:53, Daniel Lowrey <rdlowrey@gmail.com> wrote:
> > On Tue, Feb 11, 2014 at 4:16 PM, Stas Malyshev <smalyshev@sugarcrm.com
> >wrote:
> >> - What is the motivation for verify_depth default of 3? RFC does not s=
ay
> >> anything on it.
> >>
> >>
> > I admit this one is a somewhat arbitrary limit (which explains the lack
> of
> > explanation in the wiki text). OpenSSL will default to a limit of 9 if =
we
> > don't specify one ourselves, so there's not really that much to be gain=
ed
> > by using a default of 3. After considering this a bit more I think it
> best
> > to eliminate the addition of a default value in this area altogether. I
> > will update the RFC and patch accordingly.
>
> It's partly arbitrary. The main reason for minimising depth, as far as
> I'm aware, is to minimise the cost of TLS. It's an expensive operation
> (even for the client) and having an infinite depth may, as far as I
> know, be a potential DOS risk. The general values used are 3-6
> reflecting real world use. A requirement for a value above this would
> indicate potential issues with the server. This may be something of a
> historical artifact since I cannot remember where I heard it. I do
> know that DOS against SSL servers used to justify limiting this value
> for certain.
>
> Paddy may need a memory upgrade...
>
> --
> P=E1draic Brady
>
> http://blog.astrumfutura.com
> http://www.survivethedeepend.com
> Zend Framework Community Review Team
> Zend Framework PHP-FIG Representative
>


This was my original line of thinking. However in my research I was unable
to find any real discussion centering around this issue as a significant
DoS vector. A couple of things to consider ...

1. Infinite descent is not an issue because, if unspecified, OpenSSL will
default to a verify depth of 9 as documented here:

https://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html

2. If you're a client (far and away the more frequent use case in PHP) this
is really a non-issue. Servers aren't in the business of DoS'ing clients
and if they are doing something nefarious the solution is to simply not
connect to those servers.

3. I think it's generally safe to expect a bit more knowledge from
developers writing servers than those writing clients.

4. Servers verifying client certificates is only common in very specific
environments (e.g. corporate intranets). In these sorts of implementations
the verify depth will almost always be 0 for self-signed or 1 for an
internal/organizational CA. For these cases a feasible low default verify
depth setting is still not useful.

For these reasons I think it's best to leave out the additional default
setting for now. It would likely only result in failed transfers that would
otherwise have succeeded without adding very much real tangible security
benefit.

Daniel

--047d7b10caa5e0af9204f2350503--