Re: [saag] Ubiquitous Encryption: content filtering
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 23 June 2015 09:48 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C50E1AC40B for <saag@ietfa.amsl.com>; Tue, 23 Jun 2015 02:48:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OyoGEAZmIi8U for <saag@ietfa.amsl.com>; Tue, 23 Jun 2015 02:48:46 -0700 (PDT)
Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD6F31AC405 for <saag@ietf.org>; Tue, 23 Jun 2015 02:48:45 -0700 (PDT)
Received: by wiga1 with SMTP id a1so100854282wig.0 for <saag@ietf.org>; Tue, 23 Jun 2015 02:48:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=MIG4iBuxUN6if6MivfXk6jc089pvYjHQ+KZr5uDDAUg=; b=M+yXSYYW0ZkUjYLMhuCnBkVPKlOBb0stcawx5AfZjJ+vcdu05BiTtVXH54tghCMaqS H6OYwfz74KSQocPpx8MQIfFNkdMRoHxpoa5pRMtTQMIiGE8m3iE7jr8vU6I+yZ8VViQ1 Cw2yh6kG3jGMJkL9h+cD1X+B6nRMx0oDXt+LZcznLdYcm1VwB7yuAiVPPEGF09QBqPJL 2QG0nSdkF/j59O5Ft1vmkT3mjyR4d9HxDR1cXQMF1immXhmQuMh3K0PMgeaCoG3SYHso lBHFsrk4HFep+/qKuMBg8EO47CiaYg3v9wxGUonEXGVJzwZ5bZ2UMgEK8DZ/iVyobzP5 9HmQ==
MIME-Version: 1.0
X-Received: by 10.180.86.73 with SMTP id n9mr1789238wiz.78.1435052924373; Tue, 23 Jun 2015 02:48:44 -0700 (PDT)
Received: by 10.28.188.134 with HTTP; Tue, 23 Jun 2015 02:48:44 -0700 (PDT)
In-Reply-To: <627A7DEB-9BD0-46FA-A4D8-BB448C2BCB16@gmail.com>
References: <99DC814A-2B7D-4802-A1C7-399E77F37BD7@gsma.com> <CABtrr-U9kLfq4GQbWSgPN=wCD=Cdi0uQ+bQqXj35j+PFtuE8Pg@mail.gmail.com> <A4BAAB326B17CE40B45830B745F70F108E070156@VOEXM17W.internal.vodafone.com> <55844743.4030300@cs.tcd.ie> <55886F38.4030906@bbn.com> <20150622211207.GM6117@localhost> <DM2PR0301MB06554ECDB1166C32CF70366CA8A10@DM2PR0301MB0655.namprd03.prod.outlook.com> <CA+cU71ksYZpzg_7jX1xz3aqg-ZVMC-22hCevATrgmHj3h5bVrA@mail.gmail.com> <DE85F7A6-A8F6-48FA-8AAA-EF8ECE17B73E@gsma.com> <CAHbuEH4Rp4DQCRJiED3vKRco8+boLzpZqnp5OZPhhsLuxP7G9g@mail.gmail.com> <627A7DEB-9BD0-46FA-A4D8-BB448C2BCB16@gmail.com>
Date: Tue, 23 Jun 2015 05:48:44 -0400
Message-ID: <CAHbuEH5VC4Uxdvg+oQjwLLbnLnUcXx3uH4rZNZhNwXPsEXHgPA@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="f46d0442806eca90b705192c4b70"
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/fsYp9wL0s1E7pv3mXGqXzIxk5wc>
Cc: Security Area Advisory Group <saag@ietf.org>
Subject: Re: [saag] Ubiquitous Encryption: content filtering
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jun 2015 09:48:48 -0000
On Tue, Jun 23, 2015 at 5:20 AM, Yoav Nir <ynir.ietf@gmail.com> wrote: > > > On Jun 23, 2015, at 11:59 AM, Kathleen Moriarty < > kathleen.moriarty.ietf@gmail.com> wrote: > > > > Thanks for the discussion on this, it's helpful to get this right for > documentation purposes. I'd split out MiTM activities of this sort for > enterprises vs. the same done at the service provider level because of > employee agreements. I also choose not to go to many sites from behind a > firewall and hope others do too when signaled that there is a certificate > mismatch. > > I’m not sure if that distinction is meaningful. The technology for > interception is the same whether it is used to scan downloaded files for > malware or to scan Facebook posts for insufficient appreciation of our Dear > Leader. > Sure, I'm aware the same technique is sometimes used for both scenarios, but not always. It's easy for a company with an agreement to set up a proxy that has 2 TLS sessions, one between the user and proxy and the other from the proxy to the destination site. Other techniques have been used (see UTA's TLS attack RFC - 7457) at the service provider level, including stopping the STARTTLS negotiation. Some have used techniques that are less visible to the user. As problems are fixed in the protocol, what is done shifts of course. > Employees in a corporate environment are supposedly informed, but > corporate computers and devices may come pre-installed with the > interception certificate. Even as a conscientious vendor, there is no way I > can enforce that corporate IT properly informs the employees. > I'm sure this varies between regions. I just think enterprises can be more deliberate about it with user agreements and not worry about error messages. Sure, the sam thing can be done in a pre-installed way, but a user can check the certs if they know enough. > > Similarly, we’ve seen interception used at service providers at the behest > of governments. In some countries devices come pre-installed with the > government interception certificate. This makes it transparent to the > citizens. Again, it would be nice if citizens at least knew this was > happening, but those governments tend to not be “nice”. At least ISPs > don’t have the power to manipulate the endpoints (though in the early days > of broadband they would ask you to install a “dialer” - if I were a more > suspicious person…), but they do when they work for the government. > Yes and that's scary. I think the distinction is acceptability of the approach in environments like work, since your time is paid for. Documenting this in two stages would be good as approaches to resolve may be different. The TLS 1.3 work to use pre-shared keys negotiated via DNS should certainly help on this angle. Enterprises may choose to block access to some sites, where other options might be used by governments or others trying to MiTM traffic. > > Ideally a solution would reveal the presence of a MITM to both client and > server. That would be good. > All solutions discussed thus far can reveal things to the client, but do > nothing for the server. I would like to have servers such as financial > institutions and medical services be able to enforce a policy where they > don’t provide a service through a middlebox. Doing it now requires > installing their own client on the user’s machine, which seems to be a > trend in mobile, but is not something we should require. > > Yoav Thanks, Katheen -- Best regards, Kathleen
- [saag] Ubiquitous Encryption: content filtering Natasha Rooney
- Re: [saag] Ubiquitous Encryption: content filteri… Joseph Lorenzo Hall
- Re: [saag] Ubiquitous Encryption: content filteri… Smith, Kevin, (R&D) Vodafone Group
- Re: [saag] Ubiquitous Encryption: content filteri… Joseph Lorenzo Hall
- Re: [saag] Ubiquitous Encryption: content filteri… Stephen Farrell
- Re: [saag] Ubiquitous Encryption: content filteri… Randy Bush
- Re: [saag] Ubiquitous Encryption: content filteri… Stephen Kent
- Re: [saag] Ubiquitous Encryption: content filteri… Nico Williams
- Re: [saag] Ubiquitous Encryption: content filteri… Christian Huitema
- Re: [saag] Ubiquitous Encryption: content filteri… Nico Williams
- Re: [saag] Ubiquitous Encryption: content filteri… Ted Hardie
- Re: [saag] Ubiquitous Encryption: content filteri… Nico Williams
- Re: [saag] Ubiquitous Encryption: content filteri… Randy Bush
- Re: [saag] Ubiquitous Encryption: content filteri… Tom Ritter
- Re: [saag] Ubiquitous Encryption: content filteri… Natasha Rooney
- Re: [saag] Ubiquitous Encryption: content filteri… Kathleen Moriarty
- Re: [saag] Ubiquitous Encryption: content filteri… Yoav Nir
- Re: [saag] Ubiquitous Encryption: content filteri… Kathleen Moriarty
- Re: [saag] Ubiquitous Encryption: content filteri… Natasha Rooney
- Re: [saag] Ubiquitous Encryption: content filteri… Stephen Kent
- Re: [saag] Ubiquitous Encryption: content filteri… Nico Williams
- Re: [saag] Ubiquitous Encryption: content filteri… Phillip Hallam-Baker
- Re: [saag] Ubiquitous Encryption: content filteri… Tom Ritter
- Re: [saag] Ubiquitous Encryption: content filteri… Natasha Rooney
- Re: [saag] Ubiquitous Encryption: content filteri… Kathleen Moriarty