IETF Logo Mail Archive

Re: [saag] Ubiquitous Encryption: content filtering

Yoav Nir <ynir.ietf@gmail.com> Tue, 23 June 2015 09:20 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C00C1AC3BC for <saag@ietfa.amsl.com>; Tue, 23 Jun 2015 02:20:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.101
X-Spam-Level:
X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IdtOJpjv6Zui for <saag@ietfa.amsl.com>; Tue, 23 Jun 2015 02:20:46 -0700 (PDT)
Received: from mail-wi0-x22c.google.com (mail-wi0-x22c.google.com [IPv6:2a00:1450:400c:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A254D1AC3B8 for <saag@ietf.org>; Tue, 23 Jun 2015 02:20:45 -0700 (PDT)
Received: by wiwl6 with SMTP id l6so60314830wiw.0 for <saag@ietf.org>; Tue, 23 Jun 2015 02:20:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=5Sbu+MSuxDq1fAtgxqvAWVaF9/Er0EaPsGbXDrhROCI=; b=SHE6C1r7nJ+o6TOrk03LdfDICdiRvQ4E8ImyI6U9jP9LZr2/E4xP7PYZJGCfBdE63Q w+EOXGmNHVgH1spIoc8cL0E7WmsXbpyO+qfA7iGgCOKLQ7COfj8SrzPfwvAS7mDa74iv UTSlxcN+o9e7d5eNaqdTxpOfpp5Mnwh6f6CTm/YcHRhYbvLE0yI4oErvjSlEvzEnZy29 u843c7TseH+ApKdWdVY6C7GxEnqiUdmXjmDigbMBKyHH3/jB7w3hYkiNZZ1my8Xolftm JUIarGmkUMT+HBkGpyYEibHBmP/3uvPVE7LMkMKv2UdP1LZFIcRK8VZG1pW6ZnXKma3n A7xg==
X-Received: by 10.194.61.212 with SMTP id s20mr57991422wjr.18.1435051244428; Tue, 23 Jun 2015 02:20:44 -0700 (PDT)
Received: from [172.24.251.11] (dyn32-131.checkpoint.com. [194.29.32.131]) by mx.google.com with ESMTPSA id m4sm34710914wjb.37.2015.06.23.02.20.42 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 23 Jun 2015 02:20:43 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <CAHbuEH4Rp4DQCRJiED3vKRco8+boLzpZqnp5OZPhhsLuxP7G9g@mail.gmail.com>
Date: Tue, 23 Jun 2015 12:20:40 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <627A7DEB-9BD0-46FA-A4D8-BB448C2BCB16@gmail.com>
References: <99DC814A-2B7D-4802-A1C7-399E77F37BD7@gsma.com> <CABtrr-U9kLfq4GQbWSgPN=wCD=Cdi0uQ+bQqXj35j+PFtuE8Pg@mail.gmail.com> <A4BAAB326B17CE40B45830B745F70F108E070156@VOEXM17W.internal.vodafone.com> <55844743.4030300@cs.tcd.ie> <55886F38.4030906@bbn.com> <20150622211207.GM6117@localhost> <DM2PR0301MB06554ECDB1166C32CF70366CA8A10@DM2PR0301MB0655.namprd03.prod.outlook.com> <CA+cU71ksYZpzg_7jX1xz3aqg-ZVMC-22hCevATrgmHj3h5bVrA@mail.gmail.com> <DE85F7A6-A8F6-48FA-8AAA-EF8ECE17B73E@gsma.com> <CAHbuEH4Rp4DQCRJiED3vKRco8+boLzpZqnp5OZPhhsLuxP7G9g@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Mailer: Apple Mail (2.2098)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/U4t4mnQVrWwQ22KDBRpEDu3_eGw>
Cc: Security Area Advisory Group <saag@ietf.org>
Subject: Re: [saag] Ubiquitous Encryption: content filtering
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jun 2015 09:20:47 -0000

> On Jun 23, 2015, at 11:59 AM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote:
> 
> Thanks for the discussion on this, it's helpful to get this right for documentation purposes.  I'd split out MiTM activities of this sort for enterprises vs. the same done at the service provider level because of employee agreements.  I also choose not to go to many sites from behind a firewall and hope others do too when signaled that there is a certificate mismatch.

I’m not sure if that distinction is meaningful. The technology for interception is the same whether it is used to scan downloaded files for malware or to scan Facebook posts for insufficient appreciation of our Dear Leader.

Employees in a corporate environment are supposedly informed, but corporate computers and devices may come pre-installed with the interception certificate. Even as a conscientious vendor, there is no way I can enforce that corporate IT properly informs the employees. 

Similarly, we’ve seen interception used at service providers at the behest of governments. In some countries devices come pre-installed with the government interception certificate. This makes it transparent to the citizens. Again, it would be nice if citizens at least knew this was happening, but those governments tend to not be “nice”.  At least ISPs don’t have the power to manipulate the endpoints (though in the early days of broadband they would ask you to install a “dialer” - if I were a more suspicious person…), but they do when they work for the government. 

Ideally a solution would reveal the presence of a MITM to both client and server. All solutions discussed thus far can reveal things to the client, but do nothing for the server. I would like to have servers such as financial institutions and medical services be able to enforce a policy where they don’t provide a service through a middlebox. Doing it now requires installing their own client on the user’s machine, which seems to be a trend in mobile, but is not something we should require.

Yoav

v2.23.0 | Report a Bug | By Email