How about employing TLS for private DBus connections ? (Re: dbus insecure over secure TCP?

Daniel P. Berrange dan at berrange.com
Wed Aug 22 15:08:59 UTC 2018 

On Wed, Aug 22, 2018 at 03:56:25PM +0100, Simon McVittie wrote:
> On Mon, 16 Jul 2018 at 17:22:38 +0200, rony wrote:
> > Whether a handshaking protocol is needed and/or the local path to an accessible
> > certificate (keystore) file on the server and the client machine must be
> > supplied, would depend on such an implementation.
> 
> Trust management is a huge part of deploying TLS: if you don't have a
> way to validate the certificate presented by the other peer, then you're
> trivially vulnerable to active (man-in-the-middle) attacks. What does it
> mean for a certificate to be valid for a particular D-Bus server address?
> Which certificate authorities' signatures are acceptable? These are
> really quite fundamental questions, and you can't hope to interoperate
> without agreeing on answers. These are also questions that I am not able
> to spend time answering.
> 
> (There is also an implementation issue here: libdbus theoretically
> supports SASL mechanisms in which the bytes sent by the application are
> modified by a lower layer (e.g. encrypted or authenticated), but none of
> the mechanisms we currently have make use of that feature, so it has
> never been tested and probably doesn't actually work.)

The GSSAPI (Kerberosv5) mechanism is the only SASL mechanism that provides 
encryption, that can be claimed to be secure by modern cryptographic 
standards. The other SASL mechanisms providing encryption are too simply 
weak / broken by design. There appears to be no interest in developing 
new SASL mechanisms with encryption, as that is essentially reinventing
TLS. IOW for TCP sockets, SASL should essentially always be layered over
a TLS connection. IMHO its not even worth trying to use the GSSAPI mech 
for encryption, as that's just creating an alternative codepath that will
rarely be tested. Better just to always use TLS+SASL together on TCP and
have a single codepath.

Regards,
Daniel
--
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

More information about the dbus mailing list