Introducing TLS Maturity Model
As part of my job working on SSL Labs, I spend a lot of time helping others improve their TLS security, both directly and indirectlyby developing tools and writing documentation. Over time, I started to notice that deploying TLS securely is getting more complicated, rather than less. One possibility is that, with so much attention on TLS and many potential issues to consider, were losing sight of whats really important.
Thats why I would like to introduce a TLS Maturity Model, a conceptual deployment model that describes a journey toward robust TLS security. The model has five maturity levels.
At level 1, there is chaos. Because you dont have any policies or rules related to TLS, youre leaving your security to chance (e.g., vendor defaults), individuals, and ad-hoc efforts generally. As a result, you dont know what you have or what your security will be. Even if your existing sites have good security, you cant guarantee that your new projects will do equally well. Everyone starts at this level.
Level 2, configuration, concerns itself only with the security of the TLS protocol, ignoring higher protocols. This is the level that we spend most time talking about, but its usually the easiest one to achieve. With modern systems, its largely a matter of server reconfiguration. Older systems might require an upgrade, or, as a last resort, a more secure proxy installed in front of them.
Level 3, application security, is about securing those higher application protocols, avoiding issues that might otherwise compromise the encryption. If were talking about web sites, this level requires avoiding mixing plaintext and encrypted areas in the same application, or within the same page. In other words, the entire application surface must be encrypted. Also, all application cookies must be secure and checked for integrity as they arrive in order to defend against cookie injection attacks.
Level 4, commitment, is about long-term commitment to encryption. For web sites, you achieve this level by activating HTTP Strict Transport Security (HSTS), which is a relatively new standard supported by modern browsers (IE support coming in Windows 10). HSTS enforces a stricter TLS security model and, as a result, defeats SSL stripping attacks and attacks that rely on users clicking-through certificate warnings.
Finally, at level 5, robust security, youre carving out your own private sliver of the PKI cloud to insulate yourself from the PKIs biggest weakness, which is the fact that any CA can issue a certificate for any web site without the owners permission. You do this by deploying public key pinning. In one approach, you restrict which CAs can issue certificates for your web sites. Or, in a more secure case, you effectively approve each certificate individually.
The conceptual simplicity of the TLS Maturity Model enables us to easily understand where we are and what we need to do to improve. As a result, we can focus our attention on what really matters. Although level 5 provides best security, it involves most work and addresses risks that dont exist for most sites. Level 4 is arguably the minimum level that can be called secure, and the level that most organisations should be aiming for.