IETF Logo Mail Archive

Re: [saag] Ubiquitous Encryption: content filtering

Nico Williams <nico@cryptonector.com> Mon, 22 June 2015 22:41 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B5721A701D for <saag@ietfa.amsl.com>; Mon, 22 Jun 2015 15:41:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.034
X-Spam-Level: *
X-Spam-Status: No, score=1.034 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mfDEMFRQw2c4 for <saag@ietfa.amsl.com>; Mon, 22 Jun 2015 15:41:29 -0700 (PDT)
Received: from homiemail-a107.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 3C98A1A6FFB for <saag@ietf.org>; Mon, 22 Jun 2015 15:41:29 -0700 (PDT)
Received: from homiemail-a107.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a107.g.dreamhost.com (Postfix) with ESMTP id DB8112004F4E0; Mon, 22 Jun 2015 15:41:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=AijFMAIizA5hEG x9Om0y7/EfcCM=; b=iOJ1b7+u4Kmzg/2nlzUoJlwz2fQTT94rpZJJR2BBTYCd2k n3CGOv62NsAPXKNdVD2ZiiMxk3uTHbkz5vZ8SJpV7bCOmerKTBAEmhheqmW/Igaq pUvhQYs9RbKlsjHmC+eAKVxzQ/FANfr+LcydnsTow5Nl5I+dc5q45wPZ+Q0gs=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a107.g.dreamhost.com (Postfix) with ESMTPA id 729DA2004F4E7; Mon, 22 Jun 2015 15:41:28 -0700 (PDT)
Date: Mon, 22 Jun 2015 17:41:27 -0500
From: Nico Williams <nico@cryptonector.com>
To: Ted Hardie <ted.ietf@gmail.com>
Message-ID: <20150622224126.GO6117@localhost>
References: <99DC814A-2B7D-4802-A1C7-399E77F37BD7@gsma.com> <CABtrr-U9kLfq4GQbWSgPN=wCD=Cdi0uQ+bQqXj35j+PFtuE8Pg@mail.gmail.com> <A4BAAB326B17CE40B45830B745F70F108E070156@VOEXM17W.internal.vodafone.com> <55844743.4030300@cs.tcd.ie> <55886F38.4030906@bbn.com> <20150622211207.GM6117@localhost> <DM2PR0301MB06554ECDB1166C32CF70366CA8A10@DM2PR0301MB0655.namprd03.prod.outlook.com> <20150622214650.GN6117@localhost> <CA+9kkMBqV2aYXLTvA-5Ekd9S5Fqu0JdLTy3ZAdXVfD=X5KZ84A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CA+9kkMBqV2aYXLTvA-5Ekd9S5Fqu0JdLTy3ZAdXVfD=X5KZ84A@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/QVNeFqFhChx6bPRV99p4mK65ge0>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] Ubiquitous Encryption: content filtering
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2015 22:41:30 -0000

On Mon, Jun 22, 2015 at 03:13:36PM -0700, Ted Hardie wrote:
> On Mon, Jun 22, 2015 at 2:46 PM, Nico Williams <nico@cryptonector.com>
> wrote:
> > Authorized MITMing is fundamentally a part of any hierarchical
> > distributed, public key authentication system when the user does not
> > have full control of their user agent. We can detect it in some cases
> >
> when it's unwanted, but if it is "authorized" (by the "owner" of the
> > device) then it's going to happen.
> >
> >
> I'm a little confused by the quotes around both authorized and owner in
> the statement above.  If a user has caused her device to use a proxy for a
> specific protocol by configuration, that user has authorized that proxy's
> activities.  If the user has instead initiated flows with the expectation
> that they are going to the named service, rather than a proxy, then any
> monkey in the middle is not authorized by the user.

I used scare quotes because who the owner is, and whether the unwanted
behavior is authorized may not be obvious at first glance.

The user may not be the device's "owner" in some sense.  E.g., the
device may be locked, thus the user may not have permission to remove
MITM CA certs from the device's trust anchors, and so on.  The user may
have paid for the device and think they are the owner, but effectively
they aren't when the device is locked and the vendor and/or operator are
contractually (or otherwise legally) free to insert MITM CA certs into
the device's trust anchor set.

> > Maybe.  I assume many operators are doing this now, so whatever PR
> > problems might result from starting to filter, they are in the past for
> > many operators.
> 
> As others have mentioned, things change when you shift from intercepting
> unencrypted channels to intercepting encrypted ones, as you are making a
> much larger effort to impersonate the service.  That may be a difference of
> degree, but it looks like a difference in kind.

No doubt!  And I don't disagree.  I was merely pointing out facts.
(Namely: the operators are barking up the wrong tree; they already have
the protocol features that they need and are merely [perhaps] missing
the tools and/or legal framework to do what they think they are being
required to do.)

In any case, I agree with Stephen F. that regulated operators aren't
likely to get more than they already have because the IETF shouldn't be
catering to these needs for all the reasons that Stephen alluded to.
(Among others: regulations in different localities may conflict in such
a way as to leave the IETF with no clear way forward to satisfy them
all.)

Nico
--

v2.23.0 | Report a Bug | By Email