Re: [therightkey] Basically, it's about keeping the CAs honest
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 16 February 2012 18:17 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C70221E803F for <therightkey@ietfa.amsl.com>; Thu, 16 Feb 2012 10:17:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tTT6Y5HRD5d6 for <therightkey@ietfa.amsl.com>; Thu, 16 Feb 2012 10:17:06 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id A2EEF21E803C for <therightkey@ietf.org>; Thu, 16 Feb 2012 10:17:06 -0800 (PST)
Received: from [192.168.13.75] (lair.fifthhorseman.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id 77B9FF970; Thu, 16 Feb 2012 13:17:02 -0500 (EST)
Message-ID: <4F3D481E.40001@fifthhorseman.net>
Date: Thu, 16 Feb 2012 13:17:02 -0500
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:9.0) Gecko/20120125 Icedove/9.0.1
MIME-Version: 1.0
To: Phillip Hallam-Baker <hallam@gmail.com>
References: <gym9r33x3m8ydl4xwbjezwJv4X.penango@mail.gmail.com> <201202160524.q1G5ON2p003570@fs4113.wdf.sap.corp> <CA+cU71n1HeQ3nK_FjM67dO8U7=HmDBG3q0_4cvH9CY6Y0_=9BQ@mail.gmail.com> <CAMm+LwiQdXo6bmYmtyR7aw1S=A889edFdSU5aAJVgN4ZMwNrFw@mail.gmail.com>
In-Reply-To: <CAMm+LwiQdXo6bmYmtyR7aw1S=A889edFdSU5aAJVgN4ZMwNrFw@mail.gmail.com>
X-Enigmail-Version: 1.3.4
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: therightkey@ietf.org, Tom Ritter <tom@ritter.vg>
Subject: Re: [therightkey] Basically, it's about keeping the CAs honest
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Feb 2012 18:17:07 -0000
On 02/16/2012 11:18 AM, Phillip Hallam-Baker wrote: > All that I have seen proposed in this regard is to have a draft that states: > > 1) This is a really bad idea in general > 2) If you really have to do it then do it this way > 2a) It is turned off by default > 2b) It only permits the authorized MITM to intercept > 2c) The user is repeatedly warned that MITM is taking place > 2d) There is no way that any credentials or infrastructure created for > authorized intercept can be used to support unauthorized intercept eh? it seems you're proposing a new mechanism, when Tom just pointed out that the existing mechanism (endpoint-controlled trust policy) already works for nearly every case. (the exceptions being client-side certs, and the hassle for IT staff of having to configure trust stores on each client) > I would rather have a defined path for this than to see another > iteration where the primary goal is to minimize the effort required > for the IT staff deploying the system. IT staff already have a simple way to do this: embed a MITM-enabling root authority (or comparable mechanism) in the client's trust policy. Who exactly is trying to "minimize the effort required for the IT staff" to deploy a MITM? I can't believe that on a list titled "the right key" the majority of the debate seems to be around whether we want a spec that enables transparent MITMing or a spec that enables user-visible MITMing. Which part of "the right key" does any sort of MITM fit into? The main argument seems to be "people need to do this for legal reasons" -- well, ok, let's have someone with a legal requirement for eavesdropping/monitoring step forward and propose an external, session-key-sharing mechanism that is *separate* from TLS. Then IT staff can deploy such a system on the clients they're required to monitor. If someone has a legal requirement to not only snoop but to alter traffic in flight beyond just terminating a session (i find this implausible, but what do i know), this can also be proposed as a separate mechanism, outside of TLS, or as a TLS extension. I don't see how it's appropriate for this list, though. Can we get back to discussing how to get the actual "right key" for the network peer? --dkg
- [therightkey] Basically, it's about keeping the C… Nico Williams
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… David Conrad
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Nico Williams
- Re: [therightkey] Basically, it's about keeping t… David Conrad
- Re: [therightkey] Basically, it's about keeping t… Martin Millnert
- Re: [therightkey] Basically, it's about keeping t… Martin Millnert
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Benjamin Kreuter
- Re: [therightkey] Basically, it's about keeping t… Yoav Nir
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Chris Palmer
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Chris Palmer
- Re: [therightkey] Basically, it's about keeping t… Martin Millnert
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Nico Williams
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Nico Williams
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Stephen Farrell
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Carl Wallace
- Re: [therightkey] Basically, it's about keeping t… Kyle Hamilton
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Martin Rex
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Tom Ritter
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Daniel Kahn Gillmor
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker
- Re: [therightkey] Basically, it's about keeping t… Tom Ritter
- Re: [therightkey] Basically, it's about keeping t… Daniel Kahn Gillmor
- Re: [therightkey] Basically, it's about keeping t… Paul Lambert
- Re: [therightkey] Basically, it's about keeping t… Phillip Hallam-Baker