[Patient] Welcome to the PATIENT Mailing List
Brian Witten <brian_witten@symantec.com> Tue, 07 November 2017 00:26 UTC
Return-Path: <brian_witten@symantec.com>
X-Original-To: patient@ietfa.amsl.com
Delivered-To: patient@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D635913FAC5 for <patient@ietfa.amsl.com>; Mon, 6 Nov 2017 16:26:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=symc.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lgfY-d0SR9ED for <patient@ietfa.amsl.com>; Mon, 6 Nov 2017 16:26:20 -0800 (PST)
Received: from asbsmtoutape02.symantec.com (asbsmtoutape02.symantec.com [155.64.138.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A70B13FADA for <patient@ietf.org>; Mon, 6 Nov 2017 16:26:17 -0800 (PST)
Received: from asbsmtmtaapi02.symc.symantec.com (asb1-f5-symc-ext-prd-snat7.net.symantec.com [10.90.75.7]) by asbsmtoutape02.symantec.com (Symantec Messaging Gateway) with SMTP id 68.2D.62423.7ADF00A5; Tue, 7 Nov 2017 00:26:16 +0000 (GMT)
X-AuditID: 0a5af81a-bccd09c00000f3d7-fb-5a00fda784d5
Received: from TUSXCHMBXWPI01.SYMC.SYMANTEC.COM (asb1-f5-symc-ext-prd-snat10.net.symantec.com [10.90.75.10]) by asbsmtmtaapi02.symc.symantec.com (Symantec Messaging Gateway) with SMTP id 72.7B.04178.7ADF00A5; Tue, 7 Nov 2017 00:26:15 +0000 (GMT)
Received: from tus3xchcaspin01.SYMC.SYMANTEC.COM (10.44.91.13) by TUSXCHMBXWPI01.SYMC.SYMANTEC.COM (10.44.91.33) with Microsoft SMTP Server (TLS) id 15.0.1236.3; Mon, 6 Nov 2017 16:26:14 -0800
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (10.44.128.5) by tus3xchcaspin01.SYMC.SYMANTEC.COM (10.44.91.13) with Microsoft SMTP Server (TLS) id 15.0.1236.3 via Frontend Transport; Mon, 6 Nov 2017 16:26:14 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=symc.onmicrosoft.com; s=selector1-symantec-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=+yoJAIRBWoasvWTFxoTDAPYKNPRXfV/2C94AdXDoSn4=; b=kSz8QHBavilwy/rqw0vPEbdokbnHavM3c/YHBWheWw3kO97fs8yVUocSoVYnDEoKosimWo5jolxDW7L8bIr/MzRQD31Zbplv73WUw3SpscgLw1ToSgIBrf0HAli1a0FEtfYexT8pjuJJuULnFYPDx5S5QMU4fFSFsbJDeZGXNJE=
Received: from MWHPR16MB1488.namprd16.prod.outlook.com (10.175.4.146) by MWHPR16MB1485.namprd16.prod.outlook.com (10.175.4.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Tue, 7 Nov 2017 00:26:12 +0000
Received: from MWHPR16MB1488.namprd16.prod.outlook.com ([10.175.4.146]) by MWHPR16MB1488.namprd16.prod.outlook.com ([10.175.4.146]) with mapi id 15.20.0197.017; Tue, 7 Nov 2017 00:26:12 +0000
From: Brian Witten <brian_witten@symantec.com>
To: "patient@ietf.org" <patient@ietf.org>
Thread-Topic: Welcome to the PATIENT Mailing List
Thread-Index: AQHTV175KRCT48IwN0atB4hokUp31g==
Date: Tue, 07 Nov 2017 00:26:12 +0000
Message-ID: <MWHPR16MB148817B4DA4B82B793D44DB493510@MWHPR16MB1488.namprd16.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=brian_witten@symantec.com;
x-originating-ip: [155.64.23.6]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR16MB1485; 6:pCq3OzsGmv1w7CkGV8GvZ0VkMX9G3I0DLIQdr3RpLFidLdduqaDrMOnlxN31W+vF0YPi9kgpoe92SQEIY9Z1jXOg68D18XhrOs/CGo1MUeePUyMYl/8zmWYUQW3SpWuwaemvTJFxF8amuZUSDlIpn4zMg2GyCFdyjvIpRCAx1Hh3wvJH+xxCHKyiFKBtzyIbLMzdJVDvot2aBUhGMOLcdz5a0inbMTA+vd6KwNwrk74r2rsbT2OPGY6hZB/lMnROoKrlE8KKucfXAynf/h1WJ2zb1URmkFXmjXxLppGuLBgLCZk+J7f9SZAWD6vlobRXenfWQ+qsRla7eD6NxY8ffThSRdtaq6oZYyn6rYBEyog=; 5:ViZrvI/ubg5DCsuLKsGqDMVgAX1UsVpd/dwxNvuTABA9v5LKkDH44FcRvr2OKBQd4MeWCdIp8daMntd0KN6oh3LdFGo1YASd2lzq2Jf7u7N+pnU4A2N8LQOUIO8qkOLgDvUh4j3PodEIwmXFeffOO7IXOovtqnRNWIUU75eMIOQ=; 24:A52uj4harXHyMNFnCoZ+qLGrAQXTUBwBNjsQoWlaI6pMSuyTuf4CRQKrcPdaBjHUPwTwAjQkwUfNmr+LRF+Isp8y7OOXb5WJadWgVm9SM8k=; 7:cEatcSaXccHEQqrGhb/EhiyjRXL/UwMXZ1H2ijTlpHIOB1XeoxW/pgkVZ9lSRPzVaytwQyMKwEyBlwY6CVYp2BJ07hYtrtd9/zHiOiPzVda5oF8UPl/QuhJqeFi1Z4187dy2EPgaKxD4341Ox0EI8rzeKU47Fv9wpTBW7QiYreyNF04aGWq3FJRw2z0+CyDZf+Tu2VunuX7Xdm+eAaicFp/t0pphhNJ+6ZgfZ6N2Oq/OPRJ8jtYm6ia5/AD2txiT
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 687f5cbd-d05e-44f2-923d-08d525762678
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603249); SRVR:MWHPR16MB1485;
x-ms-traffictypediagnostic: MWHPR16MB1485:
x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705)(100405760836317);
x-microsoft-antispam-prvs: <MWHPR16MB14852B5120DF2887497347C593510@MWHPR16MB1485.namprd16.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3231021)(3002001)(100000703101)(100105400095)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123555025)(20161123564025)(20161123560025)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:MWHPR16MB1485; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:MWHPR16MB1485;
x-forefront-prvs: 0484063412
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(199003)(17443002)(189002)(69224002)(54356999)(478600001)(50986999)(10290500003)(413944005)(966005)(3660700001)(97736004)(3280700002)(101416001)(68736007)(2906002)(81166006)(2501003)(316002)(9686003)(2351001)(8936002)(81156014)(25786009)(189998001)(14454004)(33656002)(6306002)(99286004)(53936002)(1730700003)(55016002)(6116002)(8676002)(86362001)(3846002)(102836003)(105586002)(2900100001)(305945005)(7736002)(66066001)(6916009)(7696004)(5640700003)(6506006)(5660300001)(74316002)(77096006)(106356001)(6436002)(9010500006)(223123001); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR16MB1485; H:MWHPR16MB1488.namprd16.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: symantec.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 687f5cbd-d05e-44f2-923d-08d525762678
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Nov 2017 00:26:12.1941 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 3b217a9b-6c58-428b-b022-5ad741ce2016
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR16MB1485
X-OriginatorOrg: symantec.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02Sa0iTYRTHfd7L9jpbPC4vB02NJUima5YfAtOkDyVkUNiXlmFv+pLi1LF3 ikrBNPP6JcmGBjJveRlZ2oVMInQmkoKGjgjxky5yOu+Zc2jk9r5CXx5+5/z/z3POeTgMqaii Q5icfAOnz2e1SomMkmmuSmO793006ol6dN4xdC4ZpXR07BLXkUZ2IYvT5hRx+jNJd2XZth/v CJ0jtXhwqYwyor6LtciXARwPLT1PUS2SMQq8gaDdNUgdCiNle6SHFdiFoKwxSjB9QWBZ/SYR gkUE3TMWqcdF4RoSerciBaGBgErnICEEIwj+9Ju8b0mwCkb352gPB+BTMNaz4s0fwzHgGJsR 83HgnjpkFbjNv8QKkdC87kYeluN0+G2q8faKcBDsjL8kPEziYJi1mwlhBgwdn6ZIgQPBsfCX FvzpMN67JOYjoK1hViJwGEyb67yfAdgqhfKhalFQwfv6FSTwNTBOWgjB1ISgc9gtCtEw9Oyx +Ht3YLeiRqyQC3Ubr8ULNhqcXcL4gI9D65hV+gSpn//XucBqWJs0kwKfhs7WZS/LsT98bbJT LYiyoBMsf4/PMxQUGlgdpz6r4kvyMj0He7AcmarMgrw3yLserpABZJ9LtSLMIOURuWnHR6Og 2aIDpxUBQyoD5B+iDlLyLLaklNMXZOgLtRxvRaEMpQyWlxZv31Lg+6yBy+U4Hac/VAnGN8SI HrZN2+sWh3XNfGeFMsEW5LQTvhK/qvWcV+75tdCwgE3/ynqVpTwhhnbb/DaJ25uJdKgxPj/Z 1r7KN1zCl+Ww1TXZ3/QiPrbIPH9z7cZe+NuJpOqMB9smu2ugpHk54WSi5WhEoNKp/X6l0T/3 4+dHoyM/+ZRlV3jaQnuffkdJ8dlsXDSp59l/cNwtmxoDAAA=
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrFIsWRmVeSWpSXmKPExsXCFeXNpbv8L0OUwcKzFhYvDxg7MHosWfKT KYAxissmJTUnsyy1SN8ugSvjyo0tTAUvfSp2vWpkaWDcYN/FyMkhIWAicbjxDzOILSTwg1Gi cYZ6FyMXkH2EUWLVuwtsEM4LRokVl1exg1SxCHQyS6z9rAKRmMIk0fZmFxOEc5hR4tvGaWCz 2AT0JI7+vcMKYosIaEocX/kWLC4soCPx8vhlqLihxK/zMLaexK/5z6E2qEjM/fCLEcTmFYiR +DKtkwXEZhQQk/h+ag0TiM0sIC5x68l8JogfBCSW7DnPDGGLSrx8/I8Voj5G4tTaV1BxeYlF U26xQdiyEpfmdzOCHC0hcIhdoulAB1RCT2LrxLeMELavRMO5VUwQRTMZJZYd/AWV0JI4MLWV BcKOlfjZ0gm1IVui++N6qIYrrBJvlkO8LyEgI7Hw+CF2CPslq8TPiapdjBzA8EqV2D5DfQKj ziwkD0HYBhLvz81nhrC1JZYtfA1m8woISpyc+YRlASPLKkaFxOKk4tyS3JLExIJMAyO94src ZBCRCEwayXrJ+bmbGMGJ47f4DsZzf3wOMQpwMCrx8H44zBAlxJpYBlR5iFGag0VJnDd7xopI IYH0xJLU7NTUgtSi+KLSnNTiQ4xMHJxSDYxxZ6dWNznnLa34H/12eeB/yzkd7lYf5n30ebVO xOOSqrVNd85Blt5cyXNWiowuN9d3icv+PLzlxjfBuz/mhdYtXfow9K2dasyCHYfmxKf4ruKb 59no8mbivDfKSeHPo/PddzVd+lKqkJyybv0tF6+3r7zqbZrdxOynr2T94PD2AM/Vb20mf7qV WIozEg21mIuKEwGNsANc/QIAAA==
X-CFilter-Loop: ASB03
Archived-At: <https://mailarchive.ietf.org/arch/msg/patient/K4SUa5xU3IlrVVJIHOQeLXpLFHQ>
X-Mailman-Approved-At: Mon, 06 Nov 2017 16:31:48 -0800
Subject: [Patient] Welcome to the PATIENT Mailing List
X-BeenThere: patient@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Protecting against Attacks Tunneling In Encrypted Network Tunnels <patient.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/patient>, <mailto:patient-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/patient/>
List-Post: <mailto:patient@ietf.org>
List-Help: <mailto:patient-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/patient>, <mailto:patient-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Nov 2017 00:26:23 -0000
Dear All, Welcome to the mailing list for Protecting against Attacks Tunneling In Encrypted Network Traffic (PATIENT). We are thrilled to see over half of the world’s web connections encrypted, and we do not want to weaken crypto or TLS in any way. At the same time, half of the world’s attacks are now tunneling through encrypted sessions, and many endpoints need help protecting themselves against these attacks. Often they can only get that help from the network. Fortunately, there are in fact ways for network devices to help protect against the full range of attacks that might be tunneling through encrypted sessions. Still, for endpoints to get such help of course they need to Trust some entity or service in the network to help protect them. That entity or service helping protect them might be operating on their behalf, or on behalf of their employer, or some other entity they choose to trust. However, they have a right to choose who they trust to protect them. For these reasons, we want to collectively engineer a secure multi-party protocol which: (a) Helps each endpoint control which parties and network devices are empowered to decrypt traffic to help protect them, (b) Helps each endpoint see when one of those parties or devices modifies content coming from the other endpoint, such as removing attacks, and see that with a cryptographic audit trail of who changed what where when and why, such as removing attacks, (c) And does all of the above without breaking or weakening any of the cryptography or cryptographic protocols in any way, including not breaking or changing TLS. It is important to consider the “delegated protection” model. In such a model, unauthorized eavesdroppers represent one of at least two crucial threats which must be mitigated. In such a model, the remote endpoint represents another crucial threat which must be mitigated as that remote endpoint might be malicious even though the endpoint of our care wants or needs to communicate with that remote endpoint. This model is surprisingly common today. For instance, server to client web attacks are increasingly common by malicious or compromised websites. Of course, client to server attacks have been common for years. More recently, it’s become increasingly common for servers to surveil and profile clients, a privacy threat compounded by servers collaborating through massive advertising (ad) networks for tracking user activities. Such surveillance through profiling and tracking represents a privacy threat many people would like to see better mitigated. In fact, it is also a privacy threat that can be potentially mitigated by protection services running in the network. In all such cases, it’s reasonable for limited endpoints to choose more powerful network services to protect them against such threats. Fortunately, several starting places exist for protocols to achieve requirements (a), (b), and (c) above. For instance, with some modifications, it would be good to use the Stickler protocol proposed by A. Levy, H. Corrigan-Gibbs, and D. Boneh in conjunction with modified variants of unfortunately named protocols such as mbTLS and/or TLS-RAR. Our vision is for such a protocol to run in parallel to TLS, complimenting it, without modifying or constraining TLS while helping coordinate network protection of endpoints. To do so, such a protocol should also better inform endpoints of the specifics of network devices available for protection, specifics which the endpoint might care about before empowering such network devices by trusting them to help provide such protection. With such valuable research accomplished to date in this space proposing a variety of potential protocols as starting points, it’s important to soon engineer a standardized protocol to meet the rough consensus of the IETF for providing such protection more safely than today’s common practices. Today’s common practices not only fail to meet the three requirements outlined above, but today’s common practices also (1) allow middleboxes to negotiate weaker TLS sessions without advising the endpoint of the risks of the weaker session on the far side of the middlebox, (2) fail to inform the endpoints of how secure the middlebox might or might not be, the manner in which the middlebox itself is safeguarded, and (3) fail to inform the endpoints of the information retention and disclosure policies under which the middlebox is operating. Clearly a better approach is needed, and urgently. Network mediation can play a crucial role in protecting people from the server to client attacks that have been used to unmask the anonymity of dissidents speaking up against repressive regimes, dissidents who were then disappeared after the server to client attacks were used to unmask them by compromising their mobile endpoint. Trustworthy network mediation can play a crucial role in protecting people against such attacks, but today, where endpoints trust middleboxes, there is not yet a standardized protocol for endpoints to understand when those middleboxes are weakening the crypto, changing the content, trusting other middleboxes, and doing other things that might cause the endpoint to not trust the middlebox. Still, engineering such a protocol is not easy. Such protocols would need to address a range of use cases including both real-time and post-facto, along with both wide-area and datacenter use cases. As initial working differentiation of these terms, we’d propose real-time to include blocking of attacks. Post-facto includes both forensic investigation of sophisticated attacks and also audit compliance aka out-of-band decryption. Wide-area use cases include shared networks where the device or entity helping provide protection is only reached across a network operated by and/or shared with other untrusted parties. The datacenter use case includes networks adjacent to the endpoint and owned by the same party as owning the endpoint. In engineering such a protocol, it’s important to respect fundamental principles of end-to-end encryption and, at times, similar end-to-end flexibility in route optimization. On end-to-end encryption, some of the approaches that have been proposed include leveraging the symmetric key determined strictly between the server and client, and then having the endpoint share that symmetric key only with a network device or service which it trusts to help with protection against the remote endpoint. In addition to preserving end-to-end encryption and accelerating deployment of stronger crypto, it’s also important to preserve end-to-end flexibility in routing whenever possible. Currently, for attacks tunneling through encrypted network sessions, network based protection is often provided through proxies and the like either embedded in network gateways or datacenters hosting personal-VPN type cloud based services through which all of a client’s traffic is routed. However, longer term, such protection could be achieved by having such “protection services” running more flexibly in a distributed manner, in hardware protected enclaves and/or Trusted Execution Environments migrating the functionality among Software Defined Networking (SDN) and/or Network Function Virtualization (NFV) enabled equipment. >From discussions within not only IETF participants, but also people engaged in related discussions in IEEE, UN/ITU, ETSI, and others in this area eager to participate in an IETF process in this area, we believe that there is a critical mass of participants willing to work on the problem (e.g., write drafts, review drafts, etc.) for meeting requirements (a), (b), and (c) described above. Many of us personally believe that the IETF is the right best place for such work for countless reasons. We are of course very familiar with previous attempts within the IETF, including Explicitly Trusted Proxy and TLS Proxy server among others. https://tools.ietf.org/html/draft-loreto-httpbis-trusted-proxy20-01 https://tools.ietf.org/html/draft-mcgrew-tls-proxy-server-01 We are also aware of the need for coordination of such work not only with the TLS working group, but also DPRIVE, QUIC, I2NSF, and other IETF efforts, and we believe that an independent WG could be more helpful than trying to do all of this work in any existing working group such as the TLS WG, particularly since the best solution might be a new protocol that compliments TLS, running in conjunction with TLS, without extending, changing, refining, or breaking it, or any other existing protocols already so important to security and proper functioning of the network. In that the world has already seen anonymous dissidents disappeared after what many would consider repressive regimes used sophisticated server-to-client attacks to unmask their anonymity, I believe that we need a world where both (1) the connections are secure a la great TLS, and (2) the traffic is safe to receive, as vetted by something or someone the endpoint chooses for protection against remote endpoints. In that context, we are deeply grateful that IETF has allowed creation of this mailing list for discussion of these important topics. Please let me know anything that I can do to help you or the IETF on this. With My Deepest Thanks For All That You Do For The IETF, And For The World Through The IETF, Brian
- [Patient] Welcome to the PATIENT Mailing List Brian Witten
- [Patient] Announcing the PATIENT meeting in Singa… Brian Witten
- Re: [Patient] [EXT] Slides from the PATIENT meeti… Brian Witten
- [Patient] Slides from the PATIENT meeting in Sing… Brian Witten
- Re: [Patient] [EXT] Slides from the PATIENT meeti… Brian Witten
- Re: [Patient] Slides from the PATIENT meeting in … Paul Wouters
- Re: [Patient] [EXT] Re: Slides from the PATIENT m… Brian Witten
- [Patient] Slides from the PATIENT meeting in Sing… Brian Witten
- [Patient] PATIENT webex Thursday 9am Pacific Brian Witten