Re: [pkix] How do we differentiate authentic servers from proxies performing TLS interception?

"Tom Gindin" <tgindin@us.ibm.com> Sun, 15 November 2015 22:27 UTC

Return-Path: <tgindin@us.ibm.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E68411ACD3B for <pkix@ietfa.amsl.com>; Sun, 15 Nov 2015 14:27:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.784
X-Spam-Level:
X-Spam-Status: No, score=-4.784 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q3GbUkJFCETp for <pkix@ietfa.amsl.com>; Sun, 15 Nov 2015 14:27:33 -0800 (PST)
Received: from e39.co.us.ibm.com (e39.co.us.ibm.com [32.97.110.160]) (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16B741ACD38 for <pkix@ietf.org>; Sun, 15 Nov 2015 14:27:32 -0800 (PST)
Received: from localhost by e39.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for <pkix@ietf.org> from <tgindin@us.ibm.com>; Sun, 15 Nov 2015 15:27:31 -0700
Received: from d03dlp02.boulder.ibm.com (9.17.202.178) by e39.co.us.ibm.com (192.168.1.139) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Sun, 15 Nov 2015 15:27:29 -0700
X-IBM-Helo: d03dlp02.boulder.ibm.com
X-IBM-MailFrom: tgindin@us.ibm.com
X-IBM-RcptTo: pkix@ietf.org
Received: from b03cxnp07028.gho.boulder.ibm.com (b03cxnp07028.gho.boulder.ibm.com [9.17.130.15]) by d03dlp02.boulder.ibm.com (Postfix) with ESMTP id 049903E4003E for <pkix@ietf.org>; Sun, 15 Nov 2015 15:27:29 -0700 (MST)
Received: from d03av01.boulder.ibm.com (d03av01.boulder.ibm.com [9.17.195.167]) by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id tAFMNx2O62062820 for <pkix@ietf.org>; Sun, 15 Nov 2015 15:23:59 -0700
Received: from d03av01.boulder.ibm.com (localhost [127.0.0.1]) by d03av01.boulder.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id tAFMRS9D008099 for <pkix@ietf.org>; Sun, 15 Nov 2015 15:27:28 -0700
Received: from d50lp02.ny.us.ibm.com (d50lp02.pok.ibm.com [146.89.104.208]) by d03av01.boulder.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id tAFMRRAg008058 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <pkix@ietf.org>; Sun, 15 Nov 2015 15:27:28 -0700
Message-Id: <201511152227.tAFMRRAg008058@d03av01.boulder.ibm.com>
Received: from /spool/local by d50lp02.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for <pkix@ietf.org> from <tgindin@us.ibm.com>; Sun, 15 Nov 2015 17:27:27 -0500
Received: from smtp.notes.na.collabserv.com (192.155.248.81) by d50lp02.ny.us.ibm.com (158.87.18.21) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256/256) Sun, 15 Nov 2015 17:27:26 -0500
Received: from /spool/local by smtp.notes.na.collabserv.com with smtp.notes.na.collabserv.com ESMTP for <pkix@ietf.org> from <tgindin@us.ibm.com>; Sun, 15 Nov 2015 22:27:24 -0000
Received: from us1a3-smtp03.a3.dal06.isc4sb.com (10.106.154.94) by smtp.notes.na.collabserv.com (10.106.227.88) with smtp.notes.na.collabserv.com ESMTP; Sun, 15 Nov 2015 22:27:22 -0000
Received: from us1a3-mail59.a3.dal09.isc4sb.com ([10.142.3.90]) by us1a3-smtp03.a3.dal06.isc4sb.com with ESMTP id 2015111522275436-119806 ; Sun, 15 Nov 2015 22:27:54 +0000
In-Reply-To: <BY2PR09MB10945A7D32E11E8C5E74750AE120@BY2PR09MB109.namprd09.prod.outlook.com>
To: "Miller, Timothy J." <tmiller@mitre.org>
From: "Tom Gindin" <tgindin@us.ibm.com>
Date: Sun, 15 Nov 2015 17:27:21 -0500
References: <BY2PR09MB1094EA71ADDC83440AE82F2AE120@BY2PR09MB109.namprd09.prod.outlook.com> <20151112163810.E8F351A368@ld9781.wdf.sap.corp> <BY2PR09MB109B9B70BC1746B516CB335AE120@BY2PR09MB109.namprd09.prod.outlook.com> <CAH8yC8n41uA-Aj3pLKRHgjGu1P6smwG-r-dA595rXHMjhAZC_A@mail.gmail.com> <BY2PR09MB10945A7D32E11E8C5E74750AE120@BY2PR09MB109.namprd09.prod.outlook.com>
MIME-Version: 1.0
X-KeepSent: CD76F17E:AF96C4D5-85257EFE:007ABB38; type=4; name=$KeepSent
X-Mailer: IBM Notes Release 9.0.1FP4 Octobe4, 2013
X-LLNOutbound: False
X-Disclaimed: 59983
X-TNEFEvaluated: 1
Content-Type: multipart/alternative; boundary="=_alternative 007B599685257EFE_="
x-cbid: 15111522-0033-0000-0000-000006D84084
X-IBM-ISS-SpamDetectors: Score=0.4332; BY=0; FL=0; FP=0; FZ=0; HX=0; KW=0; PH=0; SC=0.4332; ST=0; TS=0; UL=0; ISC=
X-IBM-ISS-DetailInfo: BY=3.00004589; HX=3.00000236; KW=3.00000007; PH=3.00000004; SC=3.00000121; SDB=6.00617937; UDB=6.00274012; UTC=2015-11-15 22:27:23
x-cbparentid: 15111522-4536-0000-0000-000004F59BE1
X-TM-AS-MML: disable
X-Content-Scanned: Fidelis XPS MAILER
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/U5zi__SQN9S6DSlFRG76JPZB-yU>
Cc: PKIX <pkix@ietf.org>
Subject: Re: [pkix] How do we differentiate authentic servers from proxies performing TLS interception?
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Nov 2015 22:27:35 -0000

        Tim:

        One good reason for a separate EKU value for proxies might be to 
let the client invoke a different name matching algorithm, although I see 
no case for changing KeyUsage bits here.  It is reasonable for a client 
inside a proxied network to configure a single proxy name + issuer chain 
that will be accepted in advance.
        Making certificates for this purpose distinguishable from ordinary 
TLS server certificates seems unlikely to encourage the use of such 
proxies in countries where they are forbidden by law.

Tom Gindin, CISSP
P.S.    The opinions above are mine and not necessarily those of my 
employer



From:   "Miller, Timothy J." <tmiller@mitre.org>
To:     "noloader@gmail.com" <noloader@gmail.com>
Cc:     PKIX <pkix@ietf.org>
Date:   11/12/2015 03:11 PM
Subject:        Re: [pkix] How do we differentiate authentic servers from 
proxies performing TLS interception?
Sent by:        "pkix" <pkix-bounces@ietf.org>



> It seems like that's putting the cart before the horse. Getting the 
certificate
> bits right is a Security Engineering 101 issue. Have whomever declare 
their
> intents in advance, and then enforce it. Don't allow certificates to be
> arbitrarily re-purposed or used outside their design parameters. 

Nothing about TLS interception is using certs outside their design 
parameters, or re-purposing a cert.  An intercept MitM creates a valid 
cert binding a specific name under a new authority.  Whether that 
authority has the right to claim that name is not something PKIX 
addresses--that's an enrollment problem and is outside the certificate 
specification.

You can't fix trust by twiddling certificate bits.

-- T
_______________________________________________
pkix mailing list
pkix@ietf.org
https://www.ietf.org/mailman/listinfo/pkix