IETF Logo Mail Archive

Re: [Atlas] Status Update

Martin Thomson <martin.thomson@gmail.com> Fri, 08 June 2018 13:29 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: atlas@ietfa.amsl.com
Delivered-To: atlas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C5D7130E39 for <atlas@ietfa.amsl.com>; Fri, 8 Jun 2018 06:29:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qloCnZjXDB7b for <atlas@ietfa.amsl.com>; Fri, 8 Jun 2018 06:29:24 -0700 (PDT)
Received: from mail-oi0-x22d.google.com (mail-oi0-x22d.google.com [IPv6:2607:f8b0:4003:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35E7D130EE6 for <atlas@ietf.org>; Fri, 8 Jun 2018 06:29:24 -0700 (PDT)
Received: by mail-oi0-x22d.google.com with SMTP id 14-v6so11836377oie.3 for <atlas@ietf.org>; Fri, 08 Jun 2018 06:29:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=YIFyAl5jLZi4ioc5xWTxuU6e1bdtPO1+HoJUPp5H8yg=; b=bPID1AEZSqV13gLKo3l3sCK2X0CEYvsPd2VeBe12ID9RnyZeIuY0fUMeRSSqxCq6i0 3OjKcVUZxiipiayNcKrOeQ5kijT33esOTiySaV7r9DkmFQKJmV8WXxdhOdI6rPfHbxMT 3AUIJRauEqEcELt3E4/KavUDi5ZxZT9j5nZYwY4f2oFadh9r0o/6410+yY3C51OdabMo j0X7Zqnv8x0EF8o9P0zwRD4865636CnSuRKwaTxOGuFXdqLKbIQbAxs/UtZqSpheisBG kh7Z+TnRpWfIWY8+6stZbawAS8zqCf65SpRuWPOZDF6YyQR+YvLZi/BdJt99AXgACX4V eNhw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=YIFyAl5jLZi4ioc5xWTxuU6e1bdtPO1+HoJUPp5H8yg=; b=HZ460aGiS9qs6cbit73J8tvBcICN+cpFCxiUwzFKyX//X+Ptwdb7tNJ02xsA8Q1EKl 46xaUdqXrepLJdBYEWc64qlc9OjUlscfrxHOOe18vnVoX/i9lC2q199sepxReg5yAXyS ZLkDO5/+ISg01QL4Nrzc3aDICeovzHkfOp4aaRAeq4lEWpopm8cOktAMxye8L6rHYiFR 9xPRuy3SwW95VSY+94axjtBgEO5celXxR9YqnT9faNXPQ+jo9xbdG5P+HKRbZIwpz4Qq bS+LZ5/g7cFLgPIQVI7HfPm8km5SDMhXFwyDeoVVe8EPN9cGnUDCAby8TbF113EgadbU l4TQ==
X-Gm-Message-State: APt69E0SwtElCc21xM8a9qxgNfwE4AMXtDUsM5EqE6CkFmmE5I7j1x+d wAhNL1OwbNFPkXYL6PWA4xs6aWjU+7H6dQVeTMY=
X-Google-Smtp-Source: ADUXVKLTsRAc5gooS3aCbMYN5wRo7xRYYEM3kMAbpWkDGoKe4gi0gJxeCqBtMJgK/kzlbjskyZAltfsqpN040an+B2o=
X-Received: by 2002:aca:ab15:: with SMTP id u21-v6mr3331781oie.272.1528464563364; Fri, 08 Jun 2018 06:29:23 -0700 (PDT)
MIME-Version: 1.0
References: <VI1PR0801MB2112385E74223CC722B0E2A1FA7B0@VI1PR0801MB2112.eurprd08.prod.outlook.com>
In-Reply-To: <VI1PR0801MB2112385E74223CC722B0E2A1FA7B0@VI1PR0801MB2112.eurprd08.prod.outlook.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 08 Jun 2018 15:29:12 +0200
Message-ID: <CABkgnnWR5TK7=9vbbkSzONsHWiucNJTcGXxVWe9NX3Cg+KEjgg@mail.gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: atlas@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/atlas/eJphzRjbVqsdCq5JufkL-CemL3U>
Subject: Re: [Atlas] Status Update
X-BeenThere: atlas@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Application Transport LAyer Security <atlas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/atlas>, <mailto:atlas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/atlas/>
List-Post: <mailto:atlas@ietf.org>
List-Help: <mailto:atlas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/atlas>, <mailto:atlas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jun 2018 13:29:27 -0000

It seems to me that there are two things you might explore, almost
separately here:

1. The definition of new transports for the TLS handshake.  The cases
I've heard described cover a wide variety of cases with heterogeneous
hops even within the same example.

This is something we're (still) grappling with in QUIC, but we've
reached a point now where the working group believes that
we have a solid solution.  Talking to the people involved there might
be sensible.  It's ALSO something that the TAPS working group have
been pondering in a more abstract sense, which suggests that they
might have some valuable input.

>From this I've learned that DTLS and TLS are very different beasts.
TLS relies on ordered delivery of its handshake messages, but doesn't
really have any deep relationship with its record layer.  In contrast,
DTLS doesn't have that reliance, but it has a much closer relationship
with its record layer (at least in DTLS 1.3 - I'm assuming here that
new work would not entertain the use of anything less than TLS 1.3).

2. Then there is the extraction and use of the shared secret that TLS
negotiates.  For this, we have examples already in DTLS-SRTP, which
uses an exporter, and the current QUIC (though this will not be true
in future).  In using these secrets, we can be a lot more flexible,
and I suspect that anything the group does here will be much easier to
reason about than the far more complex handshakey piece.

My impression was that there were two aspects to the concerns from the
IESG and IAB.

The I* was looking to see more enthusiasm for the solutions proposed
here than was demonstrated (both on the list thus far and in the
presentation that was given).  In particular, the notion that this
might be used to circumvent blocking of TLS was problematic.  This was
inferred from the example given in the presentation and alluded to in
the charter: devices that can't be configured with trust anchors such
that they could connect through a MitM in the usual fashion, but want
to connect anyway.

They seem to also have wanted a more concrete definition of the
solutions that were being sought.  The charter Hannes describes is a
little open-ended and having some more clarity about that would be
good.

In any case, I think that it would be valuable to ask for some
side-meeting time in Montreal
On Fri, Jun 8, 2018 at 1:44 PM Hannes Tschofenig
<Hannes.Tschofenig@arm.com> wrote:
>
> Hi all,
>
>
>
> Owen and I submitted another BoF proposal to the IESG based on the feedback from the last IETF meeting.
>
>
>
> Here is the most recent charter text we came up with:
>
> ---
>
> There are multiple scenarios where clients and servers need to negotiate shared encryption keys and establish secure, authenticated, integrity-protected, end-to-end encrypted sessions at the application layer over untrusted transport. There are a proliferation of transport protocols and mechanisms in use today across web and IoT use cases including, but not limited to, TCP, UDP, IP, Bluetooth and Zigbee. Additionally, network topologies often include middleboxes and proxies that terminate transport layer connections from clients and re-originate new transport layer connections towards the servers. From the clients and servers perspective, these transport layer proxy functions are untrusted and application data must be protected and encrypted, and not exposed to these proxies. There are multiple potential mechanisms that could be considered for negotiation of encryption keys, and establishment of end-to-end encrypted sessions at the application layer between clients and servers, and this working group proposes use of existing (D)TLS protocols and stacks.
>
>
>
> This working group proposes reuse of (D)TLS at the application layer as a simple and straightforward means of achieving the security and implementation goals. The primary purpose of the working group is to develop specifications defining how (D)TLS can be leveraged at the application layer (i.e. Application Layer TLS or ATLS) to establish end-to-end encrypted sessions over a multitude of different transports.
>
>
>
> Additionally, during development of ATLS specifications, the working group will consider and address concerns such as:
>
>
>
> o complex, multi-hop and lossy transport topologies
>
> o (D)TLS record fragmentation at the transport layer
>
> o middlebox operators whose goals include interception of application layer data
>
>
>
> The working group will engage with other relevant working groups across the Applications and Real-Time Area (art), Security Area (sec) and Transport Area (tsv), and one of the goals of this working group is to explicitly identity all related working groups that must be consulted during ATLS specifications development.
>
> ---
>
>
>
> There do not seem to be minutes available from the IESG/IAB BoF discussions and how they reached their conclusions. So, we can only report what has been told to us by proxy.
>
>
>
> In any case, the IESG rejected the BoF proposal.
>
>
>
> The impression from the IESG was that the Bar BOF in London produced mixed feelings and that there was no activity on the list afterwards.
>
> Another comment was that the required standardization effort is too small to justify the setup of an entire working group.
>
>
>
> At first, this sounds a bit negative. On the other hand, we have two implementations right now. While they need to be polished I believe this is something we could go forward with.
>
>
>
> Ciao
> Hannes
>
>
>
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> _______________________________________________
> Atlas mailing list
> Atlas@ietf.org
> https://www.ietf.org/mailman/listinfo/atlas

v2.23.0 | Report a Bug | By Email