Re: [Patient] DOJ first on encryption services

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 03 July 2018 15:10 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: patient@ietfa.amsl.com
Delivered-To: patient@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3270E1277CC for <patient@ietfa.amsl.com>; Tue, 3 Jul 2018 08:10:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C2QuryTVwXYn for <patient@ietfa.amsl.com>; Tue, 3 Jul 2018 08:10:29 -0700 (PDT)
Received: from mail-oi0-x233.google.com (mail-oi0-x233.google.com [IPv6:2607:f8b0:4003:c06::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44A5B130DE1 for <patient@ietf.org>; Tue, 3 Jul 2018 08:10:29 -0700 (PDT)
Received: by mail-oi0-x233.google.com with SMTP id b15-v6so4455116oib.10 for <patient@ietf.org>; Tue, 03 Jul 2018 08:10:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=zj3DljUMaHox/QhYslcKgxFuF+QDmAqlHu/yPqb1T70=; b=TDvvK3g5ECJ6Bao2CK75ZTmiwm8UxWbud1mPyAfCAWv14QV2CEl5uzcVKmqFPKpZqj TYclxs0QpIdSYi5Os8fTqnlHq9OX5xOy6egrZHznV2uC6DY5d5Mp/9vSCxIMCxAM9ffk 41NEo+ogzWXouRyY6bhTs8IIfedaL3t1SAIvgAC/J/A1JDTGZBrLiYzp/TXGeihp6ZEn DXxGbR6JkQ3coJdmSumh8vNRy6WVlq2Q85fnOwCywLqJMcYY0Je9XUo/FJ76zBUTRc2N HjEbRm25pQUnjq9wwP4ZLFFQoqrFVafIqF7/9suQAIYLOdAR1uFTS8cd5uBIIEMRzNtQ tcow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=zj3DljUMaHox/QhYslcKgxFuF+QDmAqlHu/yPqb1T70=; b=Jf1OqxNKtdvCFhGF6NFZnfbT6AemrlS6q02joit8DpkRtfXcHfvQZ5f/SRItQrXEiD 2VKC9OohAUmtDrTBdz5Ty/d7m+w3U9rD+BkpRJuPv/7RSDuEWGdcEQRWhXSzeehxpWFu TNFR4H/c2DjM7brd4iCuH90j+wwSaNB/asrwGvHPenVi0vr/Am9H++TW8gXeB9oMKGQT N6oTtB0oebhK25FOxC4BIrAHawMVO48f4mqS3FKHHkVLUqN4z2PbmBywqho6rJixjrxq KjduLavFFLvo3KrTVlVuCdWA2QMSwfheWqegLYIgUd9rxYX8v71fzZyjHwyrPZu4U1lL PYIw==
X-Gm-Message-State: APt69E3OSmrdC4frCnFtJZZE6/MIVaHYU4YBunA/kDTMkUqouJMwQv1z I9k6Ut6Fm0lz1pgK7O8g5Z/HWVRj9ydLOxghYn8=
X-Google-Smtp-Source: AAOMgpcFF7izcbWMnkUUJhbdBLufEcDvvmFjbK/b97LwwYQ3xMFJB6UxqMVoleWt9vK16qvt9mJERo0nZH8C0x7Kv2A=
X-Received: by 2002:aca:b841:: with SMTP id i62-v6mr22312550oif.290.1530630628540; Tue, 03 Jul 2018 08:10:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:ac9:7ad0:0:0:0:0:0 with HTTP; Tue, 3 Jul 2018 08:09:48 -0700 (PDT)
In-Reply-To: <CABcZeBOjAMK9kgVvCrfaZDxmk0qH-PX83AkCodkcw9uwhEyJrQ@mail.gmail.com>
References: <02be9028-a8fd-f527-826b-5361de1470ce@yaanatech.co.uk> <F8164D9E-92C2-4440-BD06-6D81852918B8@telefonica.com> <9d71af7a-cdf2-7590-6e12-e3207e2c4736@yaanatech.co.uk> <CABcZeBOyyr44-ED9MMhHtzPuTq-Xt_iYeJKs6vbOUN=Stjc==g@mail.gmail.com> <36dee113-66a5-41cf-4d2c-14b86c70c88a@yaanatech.co.uk> <CABcZeBOjAMK9kgVvCrfaZDxmk0qH-PX83AkCodkcw9uwhEyJrQ@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Tue, 3 Jul 2018 11:09:48 -0400
Message-ID: <CAHbuEH6Q8bQkzSKmLErYKm2usv3oaOV1VbNKyPRz_YrjN6T=3Q@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: tony@yaanatech.co.uk, "patient@ietf.org" <patient@ietf.org>, Brian Witten <brian_witten@symantec.com>, "Diego R. Lopez" <diego.r.lopez@telefonica.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/patient/7APf5wPqQkO4o7hCMUIFqG2GACA>
Subject: Re: [Patient] DOJ first on encryption services
X-BeenThere: patient@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Protecting against Attacks Tunneling In Encrypted Network Tunnels <patient.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/patient>, <mailto:patient-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/patient/>
List-Post: <mailto:patient@ietf.org>
List-Help: <mailto:patient-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/patient>, <mailto:patient-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2018 15:10:33 -0000

On Sun, Mar 18, 2018 at 9:06 AM, Eric Rescorla <ekr@rtfm.com>; wrote:
>
>
> On Sun, Mar 18, 2018 at 12:54 PM, Tony Rutkowski <tony@yaanatech.co..uk>
> wrote:
>>
>> Your point is one that deserves further discussion, Eric - which seems
>> likely to scale rapidly going forward.  It is key.
>>
>> So how does draft-ietf-tls-sni-encryption it into the argument?
>
>
> As you suggest, SNI encryption is intended to conceal the SNI, which of
> course would make SNI inspection difficult.
>
> My evaluation of the current state of SNI encryption is that given the
> current technical state, it will not see particularly wide deployment, with
> the primary scenario being "at-risk" sites who are subject to censorship who
> either hide behind or co-tenant with sites which are not subject to
> censorship. That probably isn't going to be incredibly common right now. Of
> course, this is regrettable from the perspective of people designing these
> protocols, but I think that's the situation.

EKR posted a draft to encrypt SNI, see:
https://www.ietf.org/mail-archive/web/tls/current/msg26468.html

It targets the CDNs who host most of the web traffic in the US at
least.  The right place to comment on this would be the TLS list of
course, but since proposals are being posted, this is a reality and
needs to be discussed.  Those using SNI need to make sure their use
cases are clear and understood and argue the pros and cons.

Best regards,
Kathleen

>
> -Ekr
>
>> On 18-Mar-18 8:45 AM, Eric Rescorla wrote:
>>
>> On Sun, Mar 18, 2018 at 12:30 PM, Tony Rutkowski <tony@yaanatech.co.uk>;
>> wrote:
>>>
>>> Hi Diego,
>>>
>>> It is also worth referencing a relatively recent Lawfare article on the
>>> scaling litigation in the U.S. against those supporting e2e encryption
>>> services or capabilities.
>>>
>>> https://www.lawfareblog.com/did-congress-immunize-twitter-against-lawsuits-supporting-isis
>>>
>>> This litigation trend is also likely to increase the insurance costs of
>>> providers.  Indeed, a provider that supports TLS1.3, QUIC, SNI, etc, may not
>>> even be able to get insurance.  It may be fun and games to play crypto rebel
>>> in venues like the IETF where the risk exposure is minimal, but when it
>>> comes to real world consequences and costs, the equations for providers are
>>> rather different.
>>
>>
>> I think this rather overestimates the degree to which both TLS 1.3 and
>> QUIC change the equation about what a provider is able to determine from
>> traffic inspection. As a practical matter, the primary change from TLS 1.2
>> is that the provider does not get to see the server's certificate, but it
>> does see the SNI. Given that the SNI contains the identity of the server
>> that the client is connected to and that the other identities in the
>> certificate are often whatever the provider decided to co-locate on the same
>> machine, I'm not sure how much information you are really losing.
>>
>> -Ekr
>>
>>>
>>>
>>>
>>> --tony
>>>
>>>
>>> _______________________________________________
>>> PATIENT mailing list
>>> PATIENT@ietf.org
>>> https://www.ietf.org/mailman/listinfo/patient
>>
>>
>>
>>
>> _______________________________________________
>> PATIENT mailing list
>> PATIENT@ietf.org
>> https://www.ietf.org/mailman/listinfo/patient
>>
>>
>
>
> _______________________________________________
> PATIENT mailing list
> PATIENT@ietf.org
> https://www.ietf.org/mailman/listinfo/patient
>



-- 

Best regards,
Kathleen