IETF Logo Mail Archive

Re: [IAB] Mandatory encryption as part of HTTP2

Hannes Tschofenig <hannes.tschofenig@gmx.net> Sun, 17 November 2013 23:01 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED49211E8208 for <ietf@ietfa.amsl.com>; Sun, 17 Nov 2013 15:01:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.479
X-Spam-Level:
X-Spam-Status: No, score=-102.479 tagged_above=-999 required=5 tests=[AWL=0.120, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KCpisBDcl7AL for <ietf@ietfa.amsl.com>; Sun, 17 Nov 2013 15:01:32 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by ietfa.amsl.com (Postfix) with ESMTP id F029B11E80E3 for <ietf@ietf.org>; Sun, 17 Nov 2013 15:01:31 -0800 (PST)
Received: from masham-mac.home ([81.164.176.169]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0MOOJl-1VnQg33lh7-005nYO for <ietf@ietf.org>; Mon, 18 Nov 2013 00:01:31 +0100
Message-ID: <52894AC9.6020600@gmx.net>
Date: Mon, 18 Nov 2013 00:01:29 +0100
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130216 Thunderbird/17.0.3
MIME-Version: 1.0
To: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Subject: Re: [IAB] Mandatory encryption as part of HTTP2
References: <946B0ADE-F03B-4249-9D74-904C4BF13632@muada.com> <290E20B455C66743BE178C5C84F1240847E5103781@EXMB01CMS.surrey.ac.uk> <CAP+FsNfJ7iP8FZqY=beKE_ZNfiwZYvMcwbU9VUXmD5x4vNg9Kw@mail.gmail.com> <290E20B455C66743BE178C5C84F1240847E5103783@EXMB01CMS.surrey.ac.uk> <52860201.8000001@gmx.net> <3B2983EA-4462-4398-B822-95437C664E2F@muada.com> <13cae6c747eb44eebb2664902df34855@exrad6.ad.rad.co.il> <5286331D.2080409@gmx.net> <9EBA4A37-12F1-4CBB-B416-FF9F8F10CE88@shinkuro.com> <20131116013231.GD16722@thunk.org> <52893F62.3010009@necom830.hpcl.titech.ac.jp> <528941CE.7030203@gmx.net> <52894680.8080505@necom830.hpcl.titech.ac.jp>
In-Reply-To: <52894680.8080505@necom830.hpcl.titech.ac.jp>
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:mGFlEaLgSnnNhi0GrEbn9nm2kimlCCIOEzmREFhV6DJOiAVTJzT bmrDrUrpyuJ8hr6cLVwuTawD9qC3RE5D33dVKdiR8sOdsx0kaiNEPWB8ap/APa7jsa7K5Pn 4X9QRJ4q326BcK2w7cOX/YNa8iPNjr5CdkUOIwQcPqJ1gTwqbo/tZYkrgtALwsmHW7aAKme Uo+dKhBT1jnPHt345q7gA==
Cc: Theodore Ts'o <tytso@mit.edu>, "ietf@ietf.org list" <ietf@ietf.org>, iab@iab.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Nov 2013 23:01:37 -0000

I am also worried about the developments with the NSA. I guess we are on
the same page there.

The PKI concept by itself does not say how many trust anchors you need
to use at your client. You are complaining about the way how the WebPKI
looks like and how the CA/Browser Forum is handling their business.
Allowing new trust anchors to be added means giving new CAs a chance to
enter the market. Let's say we only have one trust anchor. Would you
like that more? Probably not. I am not saying that there are issues with
the CA/Browser Forum but it is just difficult to pick the right number
of trust anchors in a browser.

One challenge is, of course, nobody trust every CA and the intersection
of what everyone's trusted CA list is the empty set. That may give you
the impression that the PKI model is inadequate and there are, of
course, other models as well that provide different properties (for
example, the AAA model). I am not sure you will find them appropriate
either. Have you had a chance to look at them?

There have been various ideas on how to improve the PKI, and the IAB has
a security program that aims to make some progress in that area. I am
currently working on a draft update of
http://tools.ietf.org/html/draft-tschofenig-iab-webpki-evolution based
on the feedback I have received. Have you had a chance to look at the
different approaches people had suggested?

Finally, in your threat model, however, the use of a DH will also not
help since you have, as stated, the MITM attack at the ISP.

Ciao
Hannes


Am 17.11.13 23:43, schrieb Masataka Ohta:
> Hannes Tschofenig wrote:
> 
>> I know that it is very popular to bash the PKI system but there are
>> security differences between an anonymous DH and PKI deployment that
>> provides server-side authentication.
> 
> Assuming active MITM attacks both on ISP chains and CA chains,
> what, do you think, are the differences?
> 
> A concrete example is especially welcome.
> 
> Note that we, none US citizens, must expect such attacks, because
> active MITM attacks of NSA on people without US citizenship are,
> under US legislation, even legal.
> 
>> And: Keep in mind that we have various activities in the IETF ongoing
>> that help to improve the security of the PKI.
> 
> As PKI is fundamentally insecure against active attacks, there is
> no point of improving it.
> 
> I do realize stupidity level of IETF, especially on DNSSEC.
> 
> 						Masataka Ohta
>

v2.23.0 | Report a Bug | By Email