IETF Logo Mail Archive

Re: [saag] Ubiquitous Encryption: content filtering

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 23 June 2015 09:48 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C50E1AC40B for <saag@ietfa.amsl.com>; Tue, 23 Jun 2015 02:48:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OyoGEAZmIi8U for <saag@ietfa.amsl.com>; Tue, 23 Jun 2015 02:48:46 -0700 (PDT)
Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD6F31AC405 for <saag@ietf.org>; Tue, 23 Jun 2015 02:48:45 -0700 (PDT)
Received: by wiga1 with SMTP id a1so100854282wig.0 for <saag@ietf.org>; Tue, 23 Jun 2015 02:48:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=MIG4iBuxUN6if6MivfXk6jc089pvYjHQ+KZr5uDDAUg=; b=M+yXSYYW0ZkUjYLMhuCnBkVPKlOBb0stcawx5AfZjJ+vcdu05BiTtVXH54tghCMaqS H6OYwfz74KSQocPpx8MQIfFNkdMRoHxpoa5pRMtTQMIiGE8m3iE7jr8vU6I+yZ8VViQ1 Cw2yh6kG3jGMJkL9h+cD1X+B6nRMx0oDXt+LZcznLdYcm1VwB7yuAiVPPEGF09QBqPJL 2QG0nSdkF/j59O5Ft1vmkT3mjyR4d9HxDR1cXQMF1immXhmQuMh3K0PMgeaCoG3SYHso lBHFsrk4HFep+/qKuMBg8EO47CiaYg3v9wxGUonEXGVJzwZ5bZ2UMgEK8DZ/iVyobzP5 9HmQ==
MIME-Version: 1.0
X-Received: by 10.180.86.73 with SMTP id n9mr1789238wiz.78.1435052924373; Tue, 23 Jun 2015 02:48:44 -0700 (PDT)
Received: by 10.28.188.134 with HTTP; Tue, 23 Jun 2015 02:48:44 -0700 (PDT)
In-Reply-To: <627A7DEB-9BD0-46FA-A4D8-BB448C2BCB16@gmail.com>
References: <99DC814A-2B7D-4802-A1C7-399E77F37BD7@gsma.com> <CABtrr-U9kLfq4GQbWSgPN=wCD=Cdi0uQ+bQqXj35j+PFtuE8Pg@mail.gmail.com> <A4BAAB326B17CE40B45830B745F70F108E070156@VOEXM17W.internal.vodafone.com> <55844743.4030300@cs.tcd.ie> <55886F38.4030906@bbn.com> <20150622211207.GM6117@localhost> <DM2PR0301MB06554ECDB1166C32CF70366CA8A10@DM2PR0301MB0655.namprd03.prod.outlook.com> <CA+cU71ksYZpzg_7jX1xz3aqg-ZVMC-22hCevATrgmHj3h5bVrA@mail.gmail.com> <DE85F7A6-A8F6-48FA-8AAA-EF8ECE17B73E@gsma.com> <CAHbuEH4Rp4DQCRJiED3vKRco8+boLzpZqnp5OZPhhsLuxP7G9g@mail.gmail.com> <627A7DEB-9BD0-46FA-A4D8-BB448C2BCB16@gmail.com>
Date: Tue, 23 Jun 2015 05:48:44 -0400
Message-ID: <CAHbuEH5VC4Uxdvg+oQjwLLbnLnUcXx3uH4rZNZhNwXPsEXHgPA@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="f46d0442806eca90b705192c4b70"
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/fsYp9wL0s1E7pv3mXGqXzIxk5wc>
Cc: Security Area Advisory Group <saag@ietf.org>
Subject: Re: [saag] Ubiquitous Encryption: content filtering
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jun 2015 09:48:48 -0000

On Tue, Jun 23, 2015 at 5:20 AM, Yoav Nir <ynir.ietf@gmail.com> wrote:

>
> > On Jun 23, 2015, at 11:59 AM, Kathleen Moriarty <
> kathleen.moriarty.ietf@gmail.com> wrote:
> >
> > Thanks for the discussion on this, it's helpful to get this right for
> documentation purposes.  I'd split out MiTM activities of this sort for
> enterprises vs. the same done at the service provider level because of
> employee agreements.  I also choose not to go to many sites from behind a
> firewall and hope others do too when signaled that there is a certificate
> mismatch.
>
> I’m not sure if that distinction is meaningful. The technology for
> interception is the same whether it is used to scan downloaded files for
> malware or to scan Facebook posts for insufficient appreciation of our Dear
> Leader.
>

Sure, I'm aware the same technique is sometimes used for both scenarios,
but not always.  It's easy for a company with an agreement to set up a
proxy that has 2 TLS sessions, one between the user and proxy and the other
from the proxy to the destination site.  Other techniques have been used
(see UTA's TLS attack RFC - 7457) at the service provider level, including
stopping the STARTTLS negotiation.

Some have used techniques that are less visible to the user.  As problems
are fixed in the protocol, what is done shifts of course.



> Employees in a corporate environment are supposedly informed, but
> corporate computers and devices may come pre-installed with the
> interception certificate. Even as a conscientious vendor, there is no way I
> can enforce that corporate IT properly informs the employees.
>

I'm sure this varies between regions.  I just think enterprises can be more
deliberate about it with user agreements and not worry about error
messages.  Sure, the sam thing can be done in a pre-installed way, but a
user can check the certs if they know enough.


>
> Similarly, we’ve seen interception used at service providers at the behest
> of governments. In some countries devices come pre-installed with the
> government interception certificate. This makes it transparent to the
> citizens. Again, it would be nice if citizens at least knew this was
> happening, but those governments tend to not be “nice”.  At least ISPs
> don’t have the power to manipulate the endpoints (though in the early days
> of broadband they would ask you to install a “dialer” - if I were a more
> suspicious person…), but they do when they work for the government.
>

Yes and that's scary.  I think the distinction is acceptability of the
approach in environments like work, since your time is paid for.
Documenting this in two stages would be good as approaches to resolve may
be different.  The TLS 1.3 work to use pre-shared keys negotiated via DNS
should certainly help on this angle.  Enterprises may choose to block
access to some sites, where other options might be used by governments or
others trying to MiTM traffic.


>
> Ideally a solution would reveal the presence of a MITM to both client and
> server.


That would be good.

> All solutions discussed thus far can reveal things to the client, but do
> nothing for the server. I would like to have servers such as financial
> institutions and medical services be able to enforce a policy where they
> don’t provide a service through a middlebox. Doing it now requires
> installing their own client on the user’s machine, which seems to be a
> trend in mobile, but is not something we should require.
>
> Yoav


Thanks,
Katheen



-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email