It would be a very nifty to add the possibility to check the certification of the NNTP Server when communicating via SSL.
As you know, encryption without verification of the X.509 certificate doesn't secure you from man-in-the-middle attacks.
AFAIK, PyOpenSSL provides methods to verify certificates, so it shouldn't be that hard to implement it.
My suggestion is to add a per server configuration option for a certificate obtained from the server (e.g.
by saving it from firefox). When the verification fails, nothing should be downloaded.
Verification of the NNTP Server's SSL Certificate
Re: Verification of the NNTP Server's SSL Certificate
You assume that all providers have valid certificates?
BTW the intention of SSL for NNTP is:
- Prevent sending passwords in the clear
- Prevent traffic shaping by ISP
Our intention was to provide encryption and not authentication.
I'm not sure it's actually worth the effort to cover authentication as well.
Not to mention endless support questions on issues with this.
BTW the intention of SSL for NNTP is:
- Prevent sending passwords in the clear
- Prevent traffic shaping by ISP
Our intention was to provide encryption and not authentication.
I'm not sure it's actually worth the effort to cover authentication as well.
Not to mention endless support questions on issues with this.
Re: Verification of the NNTP Server's SSL Certificate
Thanx for your quick response.
Certificate verification could be optional, of course (so, only when provided).
IMHO encryption without authentication is a somewhat half-hearted solution suggesting
security where an important part in the chain is missing.
I guess, quite some NTTP over SSL users also hope to have security against content inspection.
Man-in-the-middle scenarios are not that uncommon, especially
when you have control of the domain name resolution facitilities (e.g. in intranets)
But please, dont get me wrong, I'm happy that there is actually SSL support and like
your well crafted software quite well.
I agree on potential support issues (as any new features might have).
After all, it was only a feature suggestion to make sabnzbd+ even more outstanding ;-)
Certificate verification could be optional, of course (so, only when provided).
IMHO encryption without authentication is a somewhat half-hearted solution suggesting
security where an important part in the chain is missing.
I guess, quite some NTTP over SSL users also hope to have security against content inspection.
Man-in-the-middle scenarios are not that uncommon, especially
when you have control of the domain name resolution facitilities (e.g. in intranets)
But please, dont get me wrong, I'm happy that there is actually SSL support and like
your well crafted software quite well.
I agree on potential support issues (as any new features might have).
After all, it was only a feature suggestion to make sabnzbd+ even more outstanding ;-)
Re: Verification of the NNTP Server's SSL Certificate
For an expert view on the value of authenticated SSL certificates,
see Bruce Schneier's newsletter.
Look for "Forging SSL Certificates" in:
http://www.schneier.com/crypto-gram-0901.html
see Bruce Schneier's newsletter.
Look for "Forging SSL Certificates" in:
http://www.schneier.com/crypto-gram-0901.html
I'm not sure I agree completely with him, but he's is a respected specialist in this area.But SSL doesn't provide much in the way of security, so breaking it doesn't harm security very much.
Pretty much no one ever verifies SSL certificates, so there's not much attack value in being able to forge them.
Re: Verification of the NNTP Server's SSL Certificate
Yes, I know Bruce Schneier, but I think your quote doesnt fit properly to our discussion here.
The quote simply states that *forging* an SSL certificate (as in the latest attack on MD5 signed certificates
of RapidSSL) is not worth the effort because not many client verifies them. So, its a problem
of the clients not verifying certificates, because if they would, security would be much increased,
and *then* forging an SSL certificate would have some value.
So, first the clients needs to support SSL certificate verification, before an attacker tries to break
the certificate ;-) Without certificate support there is of course no need to forge a certificate.
IMO this is, what Bruce wanted to state.
The quote simply states that *forging* an SSL certificate (as in the latest attack on MD5 signed certificates
of RapidSSL) is not worth the effort because not many client verifies them. So, its a problem
of the clients not verifying certificates, because if they would, security would be much increased,
and *then* forging an SSL certificate would have some value.
So, first the clients needs to support SSL certificate verification, before an attacker tries to break
the certificate ;-) Without certificate support there is of course no need to forge a certificate.
IMO this is, what Bruce wanted to state.