[perpass] Unauthenticated, ephemeral keying in HTTP/1.0 without TLS
Phillip Hallam-Baker <hallam@gmail.com> Sat, 16 November 2013 21:47 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EE4211E8366 for <perpass@ietfa.amsl.com>; Sat, 16 Nov 2013 13:47:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.256
X-Spam-Level:
X-Spam-Status: No, score=-2.256 tagged_above=-999 required=5 tests=[AWL=-0.257, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_33=0.6, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Aguoq-7rI2gZ for <perpass@ietfa.amsl.com>; Sat, 16 Nov 2013 13:47:06 -0800 (PST)
Received: from mail-lb0-x233.google.com (mail-lb0-x233.google.com [IPv6:2a00:1450:4010:c04::233]) by ietfa.amsl.com (Postfix) with ESMTP id 811C311E8365 for <perpass@ietf.org>; Sat, 16 Nov 2013 13:47:03 -0800 (PST)
Received: by mail-lb0-f179.google.com with SMTP id l4so1336881lbv.10 for <perpass@ietf.org>; Sat, 16 Nov 2013 13:47:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=JKnWAZBDx3etA8sC//ldqZDeFvxC1tc4RkO6LKfMmTo=; b=y1tHrKg1/vOh1Tv/fhmDtEUBDe3CSQmPwg0YWGMmFNGfpL7mpjtcOoV1sMSTyyFX8t NktexgaRzIfgqLtgTcjlE5/uZ/RYlDw1/9AmlfcXvRMexbLw3wxjrPhVFbELvwO98JrE FjxMQ8iUDrBsTFm1Ua8LN8b4ATAnvXuSkkz8HGLQJ+YvW9hP1wspwE5EDyMKI0sFgVma aou8PuM5+4RxKVPsI1ufqDstZDAb4YMm+lovmQWW6s+DO9YwIX8GKIfPA/V+TPmMycga /yHsyWEGUUFhWtvrwAr3IsaLaLnRQTV73Q9lZbU1IgRPk7ked+vbg60Pf/vTglz5rG9w qh8A==
MIME-Version: 1.0
X-Received: by 10.112.134.71 with SMTP id pi7mr210688lbb.44.1384638422429; Sat, 16 Nov 2013 13:47:02 -0800 (PST)
Received: by 10.112.46.98 with HTTP; Sat, 16 Nov 2013 13:47:02 -0800 (PST)
Date: Sat, 16 Nov 2013 16:47:02 -0500
Message-ID: <CAMm+Lwg-AF9fZ5=f5W8JDmiCe=U7Uyxso_bdHGaQhddsQ+aGaw@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: perpass <perpass@ietf.org>
Content-Type: multipart/alternative; boundary="047d7b3a8ca44fb5bb04eb524111"
Subject: [perpass] Unauthenticated, ephemeral keying in HTTP/1.0 without TLS
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Nov 2013 21:47:15 -0000
I have been looking at the minimal requirements for pervasive crypto. I like TLS everywhere with strong authentication. The idea of weakening the authentication requirements further and calling the result TLS worries me a lot. The other problem with TLS everywhere is that it changes the communication model of HTTP. Proxies no longer work for a start. Data can't be cached. Which has me thinking about extending my session continuation proposal to add in an ephemeral DH exchange and content encryption options to provide a very lightweight message layer security scheme. The idea is that MLS could be used with or without authentication and this would be understood from the start. High security applications would eventually use TLS+MLS as a matter of course and authenticate at both levels. MLS is a better place to put in client authentication. In a scaled system I almost always want to terminate my TLS tunnel before the actual Web Service. Stephen F. suggests that I should look to WebCrypto as a basis. Which seems OK, though I might have a different approach to key packaging. Crypto libraries seem to expect keys to be packaged up in BASE64 encoded ASN.1. Is anyone interested in reading/reviewing drafts? Looking to shoot for an experimental at this stage. The objective would be to get to a point where all Web content can be encrypted including very large chunks of static data like video. This would essentially recapitulate the work done on SHTTP and Shen back in the early 90s so there is little IPR risk. -- Website: http://hallambaker.com/
- [perpass] Unauthenticated, ephemeral keying in HT… Phillip Hallam-Baker
- Re: [perpass] Unauthenticated, ephemeral keying i… Brian E Carpenter
- Re: [perpass] Unauthenticated, ephemeral keying i… Ted Lemon
- Re: [perpass] Unauthenticated, ephemeral keying i… Brian E Carpenter
- Re: [perpass] Unauthenticated, ephemeral keying i… Ted Lemon
- Re: [perpass] Unauthenticated, ephemeral keying i… Learmonth, Iain Ross
- Re: [perpass] Unauthenticated, ephemeral keying i… Stephen Farrell
- [perpass] CDNs as wiretaps [Unauthenticated, ephe… Brian E Carpenter
- Re: [perpass] TLS discussion Learmonth, Iain Ross
- Re: [perpass] TLS discussion Stephen Farrell
- Re: [perpass] TLS discussion Phillip Hallam-Baker
- Re: [perpass] TLS discussion Stephen Farrell
- Re: [perpass] CDNs as wiretaps [Unauthenticated, … Eric Burger
- Re: [perpass] CDNs as wiretaps [Unauthenticated, … Learmonth, Iain Ross
- Re: [perpass] CDNs as wiretaps [Unauthenticated, … Stephen Kent