Ok. tweet thread time! Too long ago I promised to write a screed explaining how much I hated mutual-auth TLS and why. I got distracted, and I wasn't happy with the writing, so here it is in tweet thread form instead! But basically: Client certs and Mutual-Auth TLS is TERRIBAD.
-
Show this thread
-
When I say TERRIBAD, I mean that unless you've got the resources of a big security dept and folks who comb threat models for a living, using clients certs and mutual auth probably materially lessens your security. That's NUTS! Let me recount the many ways.
2 replies 0 retweets 8 likesShow this thread -
O.k some background. So Mutual Auth TLS, also called Client Auth TLS, or Client Certs, or MTLS, are all names for that crazy setup where you generate or give certificates to your clients and have them connect into your service. Seen in Intranets and MySQL conf since 2000.
1 reply 0 retweets 6 likesShow this thread -
Let's start with the big elephant in the room: MTLS is one big GIGANTIC layering violation. Authenticating users at the channel/session/network layer ... for actions that happen at a higher layer, like HTTP requests, or SQL commands. How is that bad?
1 reply 0 retweets 14 likesShow this thread -
Well it means that trivial security issues like SQL injection and request smuggling in HTTP headers ARE STILL THINGS IN TWO THOUSAND AND EIGHTEEN. Forget to escape a parameter and boom .. the attacker than put requests right there in your "authenticated" stream. *HEAD DESK*
4 replies 0 retweets 12 likesShow this thread -
Replying to @colmmacc
I don't understand what you're saying here: an authn layer doesn't fix SQLi? Uh, sure, but how does any kind of request signing address SQLi?
1 reply 0 retweets 0 likes -
Replying to @lvh
Actions should be authenticated! Like the whole command should be signed. That often catches bad escaping because it forces a framing, or a semantic check, or in cases like a financial TX, a user check.
2 replies 0 retweets 1 like -
Replying to @colmmacc
To summarize, just to make sure I understand: you're saying that the typical canonicalization style stuff I do to a request before signing the request is likely to prevent SQLi?
1 reply 0 retweets 1 like -
Replying to @lvh
Often! like if you look at HTTP for example, request level signatures usually block the same kinds of attack because the first request ends up malformed and mismatching. Doesn't work if you do it at a proxy layer though.
1 reply 0 retweets 0 likes -
Replying to @colmmacc
By "same kind of attack" you mean, like header injection?
1 reply 0 retweets 0 likes
Yep, request smuggling through broken header validation.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.