[Lurk] Questions about LURK TLS draft

Jesús Alberto Polo <ietf@jesusalberto.me> Mon, 09 April 2018 08:36 UTC

Return-Path: <ietf@jesusalberto.me>
X-Original-To: lurk@ietfa.amsl.com
Delivered-To: lurk@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2235127419 for <lurk@ietfa.amsl.com>; Mon, 9 Apr 2018 01:36:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nrU2vNb3Pe0n for <lurk@ietfa.amsl.com>; Mon, 9 Apr 2018 01:36:54 -0700 (PDT)
Received: from fnsib-smtp01.srv.cat (fnsib-smtp01.srv.cat [46.16.60.190]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C047127601 for <lurk@ietf.org>; Mon, 9 Apr 2018 01:36:39 -0700 (PDT)
Received: from [172.20.10.2] (unknown [31.4.118.94]) by fnsib-smtp01.srv.cat (Postfix) with ESMTPSA id 533A98098 for <lurk@ietf.org>; Mon, 9 Apr 2018 10:36:36 +0200 (CEST)
Date: Mon, 9 Apr 2018 10:32:54 +0200
From: =?utf-8?Q?Jes=C3=BAs_Alberto_Polo?= <ietf@jesusalberto.me>
To: lurk@ietf.org
Message-ID: <4af646b5-bcb5-4f71-ae2d-88552e66b270@Spark>
X-Readdle-Message-ID: 4af646b5-bcb5-4f71-ae2d-88552e66b270@Spark
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="5acb2611_507ed7ab_264"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lurk/pDlowbTMRWbFOZxWYw3fdV8mK7A>
Subject: [Lurk] Questions about LURK TLS draft
X-BeenThere: lurk@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Limited Use of Remote Keys <lurk.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lurk>, <mailto:lurk-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lurk/>
List-Post: <mailto:lurk@ietf.org>
List-Help: <mailto:lurk-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lurk>, <mailto:lurk-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Apr 2018 08:41:33 -0000

Hi,

I’m currently working on an implementation of LURK to be integrated with OpenSSL and NGINX. After having identified all main parts and started the development, I have some questions regarding the LURK extension for (D)TLS 1.1 and 1.2 draft, more specifically for RSA as key exchange method (rsa_master, section 5).

As I understand, the Edge Server (LURK client) only needs the Private Key to decrypt the premaster secret sent by the TLS client. I would like to understand why LURK server computes the master secret instead of only decrypting the premaster secret and letting the Edge Server compute the master secret (since it is terminating the TLS connection). In this way:

1. the LURK server would still protect the private key.
2. it’d be less intrusive for the TLS protocol (the only change is the remote decryption instead of local decryption), it’d have less impact on the OpenSSL code as well.
3. less error handling (however, LURK server would have less control over the cyphers, TLS versions, PRF functions…).
4. the master secret would be locally computed by the TLS server and never sent through the network (that is, even if an attacker compromises the secure connection between LURK client and server and steals the decrypted premaster key, they still need for other values of the TLS connection in the LURK client).

Thank you in advance.

Best regards,

Jesús Alberto