Re: [Patient] [saag] Internet Draft posted as requested -
Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 18 December 2017 17:08 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: patient@ietfa.amsl.com
Delivered-To: patient@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCABE126CBF; Mon, 18 Dec 2017 09:08:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.411
X-Spam-Level:
X-Spam-Status: No, score=-2.411 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sh-aKbVO4JFf; Mon, 18 Dec 2017 09:08:07 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D7421243F3; Mon, 18 Dec 2017 09:08:06 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id D0E50BE47; Mon, 18 Dec 2017 17:08:04 +0000 (GMT)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XZBfc7RMPkHI; Mon, 18 Dec 2017 17:08:04 +0000 (GMT)
Received: from [134.226.36.93] (bilbo.dsg.cs.tcd.ie [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 8B238BE3E; Mon, 18 Dec 2017 17:08:04 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1513616884; bh=Ukmn9wOAkvtprFwgHxIi+uBz0v3Gp39BfrgPcKPpQ2g=; h=Subject:To:References:From:Date:In-Reply-To:From; b=jCeH+Qa1vn20rUB3QiHh+T2xA/jWVb5Tz1+BdbhSiTVDNJFga7Fynw3K15Fynt2FR 5XOSK7MJ0d/AWNfrzCtu/7P2n5axFk461sRhPmJOz6MMKDG0ps8VAFlrcVWya9iAoS xUfCKwqdIaIj7LQt6d42cq1f15mFdTH5LGCGwGUU=
To: "Black, David" <David.Black@dell.com>, "patient@ietf.org" <patient@ietf.org>, "saag@ietf.org" <saag@ietf.org>
References: <MWHPR16MB14881688FE400E3277CA8A9393310@MWHPR16MB1488.namprd16.prod.outlook.com> <MWHPR16MB14889BEE3EB0ED5F328D7C3993370@MWHPR16MB1488.namprd16.prod.outlook.com> <MWHPR16MB14889B7535153E5844649CA393370@MWHPR16MB1488.namprd16.prod.outlook.com> <MWHPR16MB14880A12D15AC58FDD5CEC8793370@MWHPR16MB1488.namprd16.prod.outlook.com> <MWHPR16MB1488D43F3B53BC7BBE9D836593370@MWHPR16MB1488.namprd16.prod.outlook.com> <MWHPR16MB1488853B0E4F7BB8E557288D93370@MWHPR16MB1488.namprd16.prod.outlook.com> <MWHPR16MB148845FB069D03625BC399B193370@MWHPR16MB1488.namprd16.prod.outlook.com> <MWHPR16MB1488848D7AC828EBB8DA90B093350@MWHPR16MB1488.namprd16.prod.outlook.com> <DM5PR16MB148477E1FAA4C210A3B013F7930A0@DM5PR16MB1484.namprd16.prod.outlook.com> <dfdb52ca-81ae-50b7-cd5f-e256b5cb047d@cs.tcd.ie> <AF4C62E0-61AB-45DB-B3E6-56AB67A1070A@telefonica.com> <d47e82af-5c6f-9be5-4226-4d6713701148@cs.tcd.ie> <CE03DB3D7B45C245BCA0D243277949362FE1ED76@MX307CL04.corp.emc.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <19005081-c8fc-8090-d6f6-ab61855db793@cs.tcd.ie>
Date: Mon, 18 Dec 2017 17:08:03 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <CE03DB3D7B45C245BCA0D243277949362FE1ED76@MX307CL04.corp.emc.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="SGkxLwexk48haP6KgH2pUKadSVEkU1kgv"
Archived-At: <https://mailarchive.ietf.org/arch/msg/patient/e7cm3gmMNPE-RmDwdUQrQdegnr0>
Subject: Re: [Patient] [saag] Internet Draft posted as requested -
X-BeenThere: patient@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Protecting against Attacks Tunneling In Encrypted Network Tunnels <patient.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/patient>, <mailto:patient-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/patient/>
List-Post: <mailto:patient@ietf.org>
List-Help: <mailto:patient-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/patient>, <mailto:patient-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Dec 2017 17:08:10 -0000
Hi David, On 18/12/17 16:18, Black, David wrote: >> I generally disagree with some of your earlier points where you >> disagree with me:-) I do agree that there are hard problems with >> updates and bugs in general for endpoints and devices in the >> middle. I don't agree that breaking TLS or HTTPs is a viable way to >> improve that, It'd make it worse. > > If "breaking" is defined as "MITM-ing connections without any form of > knowledge or authorization by the endpoint," then I would agree that > "breaking TLS or HTTPS" is a bad idea. Even with supposed "knowledge" (see the number 269 below), cookies and other bearer tokens mean that so-called visibility is the same as allowing impersonation unless one doesn't actually ever apply the mitm technology to the web. The chances of that seem to be zero to me. And of course, many of the so-called "visibility" schemes, immediately do allow for endpoint impersonation for everything and not just bearer-token situations, whenever the middlebox so chooses, regardless of the language used to describe those schemes. Which brings us back to them being no better than the current ickky corporate mitm root-ca stuff. > >> But rather than repeat things I've said to you in person before, >> for this threat, maybe it is work saying that the proponent here >> claimed to be interested in a new multiparty security protocol (in >> the mailing list description) which could have been a worthy, if >> unlikely to succeed endeavour. > > +1 on worthy, no comment on likelihood of success. My guess is that success would require there being some application that wanted to use the putative multiparty protocol. I'm sure there might be some such application but I've no idea if there's one that would justify the effort. And of course, it'd be a first-order requirement that that putative new protocol not be confusable with https or tls, or else it'd inherit all the downsides and reasons to not use that protocol for any application that can use https or tls, and that ever needs to be secure against mitm attack. (Which is why I think success there isn't really likely.) > >> In Singapore, I concluded that they are primarily or maybe only >> interested in the web as used by people and in mitm'ing that. So >> personally I think the separate mailing list would be better closed >> down as it seems to have been started on the basis of some >> confusion wrt folks' goals. > > Also, no comment on people's intents, My comment was about my own conclusion. > but I do want to respond to one > of Stephen's earlier remarks ..> >> Just for a laugh, I loaded [2] in a default setup browser >> (chromium). Among the 269 http requests that caused was [3]. Are >> you (Brian) seriously trying to claim that you actually believe >> that a random person can sensibly decide 269 times if >> 2001:db8::bad:1dea ought be allowed to mitm that connection? > > A person (random or otherwise) - of course not That is the exact claim to which I was responding and is, as you note, nonsense. None of this mitm stuff is really about giving users control of anything. > ... however ... a > community or otherwise maintained blacklist or whitelist is > plausible, although that does require both that the involved > middleboxes to have stable visible identities, and that there be a > viable community or other maintenance organization for the list or > lists. > > A blacklist approach seems reasonably effective in other domains - > for examples, try these links: https://adblockplus.org/subscriptions > https://filterlists.com/ IIUC, those kinds of service are aimed at allowing endpoints to decide to just not send http requests. I don't see that they are particularly relevant to this discussion, but I don't know details of any middlebox-oriented services like that. (That's one reason I asked for evidence of efficacy.) It's also worth noting that for mail, where MTAs are a good example of known and fairly well-identified servers, we have decades of history of MTA inspection of cleartext missing lots of "bad" content, and of variously good and less good blocklists. If the proponents of these mitm schemes honestly and openly faced up to such issues and argued for another decades-long arms-race and acknowledged the downsides (e.g. assisting censorship, breaking all sorts of application assumptions, and enabling pervasive monitoring) of mitm'ing https and/or tls then that at least would be credible. It'd still be a bad plan, but at least one for which we could discuss the technical (de)merits and not have to deal with the nonsense claims such at the one we both noted above. Cheers, S. > > Thanks, --David > >> -----Original Message----- From: saag >> [mailto:saag-bounces@ietf.org] On Behalf Of Stephen Farrell Sent: >> Sunday, December 17, 2017 7:24 PM To: Diego R. Lopez >> <diego.r.lopez@telefonica.com>; Brian Witten >> <brian_witten@symantec.com>; patient@ietf.org; saag@ietf.org >> Subject: Re: [saag] [Patient] Internet Draft posted as requested - >> >> >> Diego, >> >> I generally disagree with some of your earlier points where you >> disagree with me:-) I do agree that there are hard problems with >> updates and bugs in general for endpoints and devices in the >> middle. I don't agree that breaking TLS or HTTPs is a viable way to >> improve that, It'd make it worse. But rather than repeat things >> I've said to you in person before, for this threat, maybe it is >> work saying that the proponent here claimed to be interested in a >> new multiparty security protocol (in the mailing list description) >> which could have been a worthy, if unlikely to succeed endeavour. >> In Singapore, I concluded that they are primarily or maybe only >> interested in the web as used by people and in mitm'ing that. So >> personally I think the separate mailing list would be better closed >> down as it seems to have been started on the basis of some >> confusion wrt folks' goals. >> >> On 17/12/17 23:19, Diego R. Lopez wrote: >>> >>> I am afraid I don’t follow you here… What do you mean by “random >>> name/address that claims to be “good””? Given there are >>> appropriate roots of trust, how is this “random” trust different >>> from the certificate verification process in TLS? >> The difference in the above context is the the proponents here want >> TTPs that tell lies all the time, and that are so wide-spread and >> not well-known that they appear to the endpoints indistinguishable >> from a random router. The public Web PKI TTPs we have are far from >> perfect but at least they don't do that so far. >> >> There also appears to be some magical thinking that allows some >> proponents to say that they think these new lies can benefit the >> user and give the user more control. I have no clue how that can >> reflect a genuine technical opinion. >> >> S. >> >
- [Patient] Internet Draft posted as requested - Brian Witten
- Re: [Patient] [EXT] Internet Draft posted as requ… Mingliang Pei
- Re: [Patient] Internet Draft posted as requested - Bret Jordan
- Re: [Patient] Internet Draft posted as requested … Paul Wouters
- Re: [Patient] [saag] Internet Draft posted as req… Peter Gutmann
- Re: [Patient] [saag] Internet Draft posted as req… Stephen Farrell
- Re: [Patient] Internet Draft posted as requested - Brian Witten
- Re: [Patient] Internet Draft posted as requested - Paul Wouters
- Re: [Patient] [EXT] Re: Internet Draft posted as … Brian Witten
- Re: [Patient] Internet Draft posted as requested - Black, David
- Re: [Patient] [EXT] RE: Internet Draft posted as … Brian Witten
- Re: [Patient] Internet Draft posted as requested - Bret Jordan
- Re: [Patient] [saag] Internet Draft posted as req… Stephen Farrell
- Re: [Patient] [saag] Internet Draft posted as req… Diego R. Lopez
- Re: [Patient] [saag] Internet Draft posted as req… Stephen Farrell
- Re: [Patient] [saag] Internet Draft posted as req… Black, David
- Re: [Patient] [saag] Internet Draft posted as req… Stephen Farrell
- Re: [Patient] [EXT] Re: [saag] Internet Draft pos… Brian Witten
- Re: [Patient] [saag] Internet Draft posted as req… Paul Wouters
- Re: [Patient] [saag] Internet Draft posted as req… Melinda Shore
- Re: [Patient] [EXT] Re: [saag] Internet Draft pos… Brian Witten
- Re: [Patient] [saag] Internet Draft posted as req… Diego R. Lopez
- Re: [Patient] [saag] Internet Draft posted as req… Bret Jordan
- Re: [Patient] [EXT] Re: [saag] Internet Draft pos… Mark Kennedy
- Re: [Patient] [saag] Internet Draft posted as req… Melinda Shore
- Re: [Patient] [saag] Internet Draft posted as req… Roland Zink
- Re: [Patient] Internet Draft posted as requested - Roland Zink
- Re: [Patient] [saag] [EXT] Re: Internet Draft pos… Tero Kivinen
- Re: [Patient] [saag] [EXT] Re: Internet Draft pos… Black, David
- Re: [Patient] [saag] Internet Draft posted as req… Bret Jordan
- Re: [Patient] [saag] [EXT] Re: Internet Draft pos… Tero Kivinen
- Re: [Patient] [EXT] Re: [saag] Internet Draft pos… Stephen Farrell
- Re: [Patient] [saag] [EXT] Re: Internet Draft pos… Peter Gutmann
- Re: [Patient] [saag] [EXT] Re: Internet Draft pos… Michael Richardson
- Re: [Patient] [saag] [EXT] Re: Internet Draft pos… Michael Richardson
- [Patient] the IETF participant choice Tony Rutkowski
- Re: [Patient] the IETF participant choice Ted Lemon
- Re: [Patient] the IETF participant choice Tony Rutkowski
- Re: [Patient] the IETF participant choice Ted Lemon
- Re: [Patient] the IETF participant choice Tony Rutkowski
- Re: [Patient] [EXT] Re: the IETF participant choi… Brian Witten
- Re: [Patient] the IETF participant choice Benjamin Kaduk
- Re: [Patient] the IETF participant choice Eggert, Lars
- Re: [Patient] the IETF participant choice Tony Rutkowski
- Re: [Patient] [EXT] Re: the IETF participant choi… Tony Rutkowski
- Re: [Patient] [EXT] Re: the IETF participant choi… Brian Witten
- Re: [Patient] the IETF participant choice Kathleen Moriarty