IETF Logo Mail Archive

Re: [Atlas] Status Update

Russ Housley <housley@vigilsec.com> Fri, 08 June 2018 16:11 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: atlas@ietfa.amsl.com
Delivered-To: atlas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B055130F08 for <atlas@ietfa.amsl.com>; Fri, 8 Jun 2018 09:11:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wWEs7zXT2n2I for <atlas@ietfa.amsl.com>; Fri, 8 Jun 2018 09:11:16 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C53A130F07 for <atlas@ietf.org>; Fri, 8 Jun 2018 09:11:16 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id F2A68300A47 for <atlas@ietf.org>; Fri, 8 Jun 2018 12:11:13 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id sF5ae90QxBbM for <atlas@ietf.org>; Fri, 8 Jun 2018 12:11:11 -0400 (EDT)
Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id 6C99D300523; Fri, 8 Jun 2018 12:11:11 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <CABkgnnWR5TK7=9vbbkSzONsHWiucNJTcGXxVWe9NX3Cg+KEjgg@mail.gmail.com>
Date: Fri, 08 Jun 2018 12:11:16 -0400
Cc: atlas@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <BCA0612F-BA78-49AD-B6C3-48B43E8758DA@vigilsec.com>
References: <VI1PR0801MB2112385E74223CC722B0E2A1FA7B0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <CABkgnnWR5TK7=9vbbkSzONsHWiucNJTcGXxVWe9NX3Cg+KEjgg@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/atlas/PWoexhiwfLBzkKRyoW72q-ZLBJY>
Subject: Re: [Atlas] Status Update
X-BeenThere: atlas@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Application Transport LAyer Security <atlas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/atlas>, <mailto:atlas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/atlas/>
List-Post: <mailto:atlas@ietf.org>
List-Help: <mailto:atlas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/atlas>, <mailto:atlas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jun 2018 16:11:20 -0000

In the SAAG session in London, we heard that TCP-AO is not being used.  Sadly, people are still using TCP-MD5.  One thing that TCP-AO offers is the ability to roll from one key to the next without tearing down the TCP connection.  To do that, a table of keys is needed.  I think that the TLS key extraction would be a very sound way to populate the key table automatically.  For example, once per week, TLS could be used to populate daily keys.

Russ


> On Jun 8, 2018, at 9:29 AM, Martin Thomson <martin.thomson@gmail.com> wrote:
> 
> It seems to me that there are two things you might explore, almost
> separately here:
> 
> 1. The definition of new transports for the TLS handshake.  The cases
> I've heard described cover a wide variety of cases with heterogeneous
> hops even within the same example.
> 
> This is something we're (still) grappling with in QUIC, but we've
> reached a point now where the working group believes that
> we have a solid solution.  Talking to the people involved there might
> be sensible.  It's ALSO something that the TAPS working group have
> been pondering in a more abstract sense, which suggests that they
> might have some valuable input.
> 
>> From this I've learned that DTLS and TLS are very different beasts.
> TLS relies on ordered delivery of its handshake messages, but doesn't
> really have any deep relationship with its record layer.  In contrast,
> DTLS doesn't have that reliance, but it has a much closer relationship
> with its record layer (at least in DTLS 1.3 - I'm assuming here that
> new work would not entertain the use of anything less than TLS 1.3).
> 
> 2. Then there is the extraction and use of the shared secret that TLS
> negotiates.  For this, we have examples already in DTLS-SRTP, which
> uses an exporter, and the current QUIC (though this will not be true
> in future).  In using these secrets, we can be a lot more flexible,
> and I suspect that anything the group does here will be much easier to
> reason about than the far more complex handshakey piece.
> 
> My impression was that there were two aspects to the concerns from the
> IESG and IAB.
> 
> The I* was looking to see more enthusiasm for the solutions proposed
> here than was demonstrated (both on the list thus far and in the
> presentation that was given).  In particular, the notion that this
> might be used to circumvent blocking of TLS was problematic.  This was
> inferred from the example given in the presentation and alluded to in
> the charter: devices that can't be configured with trust anchors such
> that they could connect through a MitM in the usual fashion, but want
> to connect anyway.
> 
> They seem to also have wanted a more concrete definition of the
> solutions that were being sought.  The charter Hannes describes is a
> little open-ended and having some more clarity about that would be
> good.
> 
> In any case, I think that it would be valuable to ask for some
> side-meeting time in Montreal
> On Fri, Jun 8, 2018 at 1:44 PM Hannes Tschofenig
> <Hannes.Tschofenig@arm.com> wrote:
>> 
>> Hi all,
>> 
>> 
>> 
>> Owen and I submitted another BoF proposal to the IESG based on the feedback from the last IETF meeting.
>> 
>> 
>> 
>> Here is the most recent charter text we came up with:
>> 
>> ---
>> 
>> There are multiple scenarios where clients and servers need to negotiate shared encryption keys and establish secure, authenticated, integrity-protected, end-to-end encrypted sessions at the application layer over untrusted transport. There are a proliferation of transport protocols and mechanisms in use today across web and IoT use cases including, but not limited to, TCP, UDP, IP, Bluetooth and Zigbee. Additionally, network topologies often include middleboxes and proxies that terminate transport layer connections from clients and re-originate new transport layer connections towards the servers. From the clients and servers perspective, these transport layer proxy functions are untrusted and application data must be protected and encrypted, and not exposed to these proxies. There are multiple potential mechanisms that could be considered for negotiation of encryption keys, and establishment of end-to-end encrypted sessions at the application layer between clients and servers, and
>  this working group proposes use of existing (D)TLS protocols and stacks.
>> 
>> 
>> 
>> This working group proposes reuse of (D)TLS at the application layer as a simple and straightforward means of achieving the security and implementation goals. The primary purpose of the working group is to develop specifications defining how (D)TLS can be leveraged at the application layer (i.e. Application Layer TLS or ATLS) to establish end-to-end encrypted sessions over a multitude of different transports.
>> 
>> 
>> 
>> Additionally, during development of ATLS specifications, the working group will consider and address concerns such as:
>> 
>> 
>> 
>> o complex, multi-hop and lossy transport topologies
>> 
>> o (D)TLS record fragmentation at the transport layer
>> 
>> o middlebox operators whose goals include interception of application layer data
>> 
>> 
>> 
>> The working group will engage with other relevant working groups across the Applications and Real-Time Area (art), Security Area (sec) and Transport Area (tsv), and one of the goals of this working group is to explicitly identity all related working groups that must be consulted during ATLS specifications development.
>> 
>> ---
>> 
>> 
>> 
>> There do not seem to be minutes available from the IESG/IAB BoF discussions and how they reached their conclusions. So, we can only report what has been told to us by proxy.
>> 
>> 
>> 
>> In any case, the IESG rejected the BoF proposal.
>> 
>> 
>> 
>> The impression from the IESG was that the Bar BOF in London produced mixed feelings and that there was no activity on the list afterwards.
>> 
>> Another comment was that the required standardization effort is too small to justify the setup of an entire working group.
>> 
>> 
>> 
>> At first, this sounds a bit negative. On the other hand, we have two implementations right now. While they need to be polished I believe this is something we could go forward with.
>> 
>> 
>> 
>> Ciao
>> Hannes
>> 
>> 
>> 
>> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
>> _______________________________________________
>> Atlas mailing list
>> Atlas@ietf.org
>> https://www.ietf.org/mailman/listinfo/atlas
> 
> _______________________________________________
> Atlas mailing list
> Atlas@ietf.org
> https://www.ietf.org/mailman/listinfo/atlas

v2.23.0 | Report a Bug | By Email