Re: Comments on Explicit/Trusted Proxy

Fabian Keil <freebsd-listen@fabiankeil.de> Thu, 02 May 2013 10:24 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 473D021F9991 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 2 May 2013 03:24:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lvQ-p09zTX8n for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 2 May 2013 03:24:32 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id EBAED21F9910 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 2 May 2013 03:24:29 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UXqf7-0001yv-4W for ietf-http-wg-dist@listhub.w3.org; Thu, 02 May 2013 10:22:53 +0000
Resent-Date: Thu, 02 May 2013 10:22:53 +0000
Resent-Message-Id: <E1UXqf7-0001yv-4W@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <freebsd-listen@fabiankeil.de>) id 1UXqew-0001xC-Gu for ietf-http-wg@listhub.w3.org; Thu, 02 May 2013 10:22:42 +0000
Received: from smtprelay04.ispgateway.de ([80.67.31.38]) by maggie.w3.org with esmtp (Exim 4.72) (envelope-from <freebsd-listen@fabiankeil.de>) id 1UXqev-00005W-2Z for ietf-http-wg@w3.org; Thu, 02 May 2013 10:22:42 +0000
Received: from [78.35.178.174] (helo=fabiankeil.de) by smtprelay04.ispgateway.de with esmtpsa (SSLv3:AES128-SHA:128) (Exim 4.68) (envelope-from <freebsd-listen@fabiankeil.de>) id 1UXqeZ-00064p-CT for ietf-http-wg@w3.org; Thu, 02 May 2013 12:22:19 +0200
Date: Thu, 2 May 2013 12:19:13 +0200
From: Fabian Keil <freebsd-listen@fabiankeil.de>
To: ietf-http-wg@w3.org
Message-ID: <20130502121913.1fecbb68@fabiankeil.de>
In-Reply-To: <D6607F77-16B6-4434-82A5-2862615F673C@checkpoint.com>
References: <14A09626-8397-4656-A042-FEFDDD017C9F@mnot.net> <CANmPAYH60+wmeYQAikUd4ps3HdPQSm80TeZbMW37LioBYVj-7A@mail.gmail.com> <CAA4WUYjOPgCse6giEmy3f_MzRTC3K25oAWeAavHnzywc5pL91w@mail.gmail.com> <CANmPAYGr8QDhmLR50UzWYWK_fNYzGbF_P9EN0dOadmL-wQy61g@mail.gmail.com> <CAA4WUYjDoRFwPJNWzRqQHdBbV+DjF0mv8OO4RWTBSmh6=Dcnxw@mail.gmail.com> <CANmPAYEirEfpM6kEuxaM3OF7hsjWu8_Lr0aWfQ+btkEGOH3Vsw@mail.gmail.com> <CAA4WUYjGaZRVm3NtmT5qO3j7QKNZZiX7zBEV-pDhK0VGGSxuUg@mail.gmail.com> <896F1026-30C6-4397-B265-67285BFA9DDA@gmail.com> <517A5A3D.8030600@cs.tcd.ie> <19554DFB-5B05-495A-B006-EE55A32F3C44@gmail.com> <D6607F77-16B6-4434-82A5-2862615F673C@checkpoint.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/7tv1Tqke=_m6lBEoda=wpwR"; protocol="application/pgp-signature"
X-Df-Sender: Nzc1MDY3
Received-SPF: none client-ip=80.67.31.38; envelope-from=freebsd-listen@fabiankeil.de; helo=smtprelay04.ispgateway.de
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-3.450, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1UXqev-00005W-2Z 722a0280f3ab6368a9dce8e767f1f4d8
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Comments on Explicit/Trusted Proxy
Archived-At: <http://www.w3.org/mid/20130502121913.1fecbb68@fabiankeil.de>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/17777
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Yoav Nir <ynir@checkpoint.com>; wrote:

> Here's one (I'm a co-author)
> 
> http://tools.ietf.org/html/draft-mcgrew-tls-proxy-server
> 
> One reason this was rejected is that MitM proxies are used for corporate firewalls and national firewalls, so the use case seems to be "Alice wants to post to Twitter trashing president Assad. Mallory who works for the secret police would like to catch her, so he installs a proxy."  The feedback said that if whoever wants the inspection (call them Mallory for now) can configure trust on Alice's client, they might as well install spyware instead. Another idea that was floated was to have the client send the keys to the trusted proxy. That way, the client could send just the encryption key (but not the hash key) so the proxy would be able to decrypt, but not forge. I didn't like that, but I did try to write a draft describing it:
>  
> http://tools.ietf.org/html/draft-nir-tls-keyshare
> 
> I still think this solution is unwieldy.
> 
> Anyway, the TLS WG can re-consider things. NPN was suggested several times. If there is a use case that is not "Mallory wants to see what Alice is telling Bob", a request from this WG would go a long way, regardless of which mechanism is preferred for enabling a trusted proxy.

Another use case is Alice operating both the client(s) and
the trusted proxy.

In this use case the trusted proxy should be able to MITM some,
but not all, requests and the client(s) should be able to verify
and signal this to Alice.

Mallory should not be able to silently MITM anything and
Alice obviously doesn't want to install spyware instead of
configuring a trust relationship, even though she could.

Having a standard for this would be useful for proxies like Privoxy.

Fabian