Eric Rescorla <e...@rtfm.com> writes: >if you are running a piece of hardware that cannot upgrade its TLS stack at >all, you quite likely have a number of serious unpatched vulnerabilities, and >should reconsider whether it is safe to have that hardware attached to the >Internet.
Embedded non-upgradeable SCADA devices have some of the most secure TLS implementations I've ever seen: Some of the most difficult-to-attack TLS implementations that I've seen are in embedded devices that don't have the memory to run a full TLS implementation or to parse certificates. They understand one key agreement algorithm (Diffie-Hellman), one encryption algorithm (AES), and one hash/MAC algorithm (SHA-2), and nothing else. They don't know how to parse certificates, and laugh at TLS extensions. This means that they support over _three_hundred_ fewer cipher suites, fifty fewer key exchange parameter types, sixty fewer extensions, and 100% less certificates and certificate extensions and algorithms than any other implementation, and yet they still interoperate perfectly with all of the major browsers, to which they look like a standard TLS implementation. As a convenient side-effect of this, whenever any new attack on TLS comes out it bounces off these implementations because there's nothing there to attack. You can't exploit all of the infinite quirks in the protocol and its dozens of extensions, all of the corner cases, all of the gaps and holes and ambiguities that open up when different protocol features interact, because they're not present in the implementation. Even though these TLS implementations are typically created by embedded systems developers with little to no security experience, they're often more secure than ones written by security experts with years or decades of experience. Peter. _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
