IETF Logo Mail Archive

Re: [therightkey] Basically, it's about keeping the CAs honest

"Kyle Hamilton" <aerowolf@gmail.com> Tue, 14 February 2012 01:44 UTC

Return-Path: <aerowolf@gmail.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD08C21E8043 for <therightkey@ietfa.amsl.com>; Mon, 13 Feb 2012 17:44:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.588
X-Spam-Level:
X-Spam-Status: No, score=-1.588 tagged_above=-999 required=5 tests=[AWL=0.258, BAYES_00=-2.599, MIME_BASE64_TEXT=1.753, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id esvdQYfFj+vq for <therightkey@ietfa.amsl.com>; Mon, 13 Feb 2012 17:44:29 -0800 (PST)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by ietfa.amsl.com (Postfix) with ESMTP id D499121E8037 for <therightkey@ietf.org>; Mon, 13 Feb 2012 17:44:28 -0800 (PST)
Received: by iagf6 with SMTP id f6so6080913iag.31 for <therightkey@ietf.org>; Mon, 13 Feb 2012 17:44:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=from:to:cc:date:message-id:subject:in-reply-to:references :mime-version:content-type; bh=XA/16KzuVQXRxYLw7irpQ58b9H2gY4HmSAei7vbrErk=; b=SGvAZ0zTBx9V+KPq+Z/s97Sg1iiCUUi7xrun7GHuQ9DYzty6L5HTKiAGHHiQWmFv+M joFqDBgdlJMUDhhCEpuYNV9BXDGfFYCb3+W2qn63b1rLiWMrAxUpt37qPFT128y+g+6D pQbPhY7ukR3SLmIqoIZGledkIv2Tz/IMku0/U=
Received: by 10.42.168.197 with SMTP id x5mr25378288icy.6.1329183868517; Mon, 13 Feb 2012 17:44:28 -0800 (PST)
Received: from penango (c-67-188-178-93.hsd1.ca.comcast.net. [67.188.178.93]) by mx.google.com with ESMTPS id ng9sm23567784igc.3.2012.02.13.17.44.25 (version=SSLv3 cipher=OTHER); Mon, 13 Feb 2012 17:44:26 -0800 (PST)
From: Kyle Hamilton <aerowolf@gmail.com>
To: Adam Back <adam@cypherspace.org>
Date: Mon, 13 Feb 2012 17:44:21 -0800
Message-ID: <gym9r33x3m8ydl4xwbjezwJv4X.penango@mail.gmail.com>
In-Reply-To: <CAK3OfOhx_xbx1TrJL==BjmqVM8zZKDa8u4rQ7wCpKom4ZZODOg@mail.gmail.com>
References: <CAK3OfOhx_xbx1TrJL==BjmqVM8zZKDa8u4rQ7wCpKom4ZZODOg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="gmsm1.9.5eqgym9r34zabjgptik512"
Cc: Nico Williams <nico@cryptonector.com>, therightkey@ietf.org, mrex@sap.com
Subject: Re: [therightkey] Basically, it's about keeping the CAs honest
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2012 01:44:29 -0000

If I were the voice of the user, I'd be arguing for the right to impose and enforce my own personal security policy, without interference from anyone else's attempts to shovel pay-to-play policies down my throat.  I'd be arguing for the ability to make a choice without having my software libel, slander, or otherwise denigrate the systems that I'm working with.

If I were the voice of the user, I'd be arguing for simplifying the process of getting cryptography to work, without a pay-to-play model.

If I were the voice of the user, I'd be arguing against providing false assurances which aren't backed up by the model.

My examples:  Securities and Exchange Commission-regulated trading networks, which do have to support TLS because it's the major means of being able to provide strong authentication over a VPN.  Insurance companies (a specific one that I'm certain of) who must audit to ensure that regulated financial information is not being illegally distributed outside the network.  Educational institutions (a specific one that I'm certain of) who use it to ensure that protected student information isn't illegally distributed.  And on and on and on.

If I were the voice of the user, I'd be arguing against trying to impose what I can and can't do with my own hardware and software.  I'd be arguing against things which reduce the willingness of systems to communicate -- the decision of whether to accept what's communicated is mine alone.  I have an exclusive right to determine what happens here.  No standards body has a right to tell me what I can't do.  No consortium of people, other than the elected legislative bodies, has any right to do that.

We MUST permit every use of our protocols.  We MUST describe the computational processes and we MUST define the intended semantics, but we MUST NOT try to sabotage anything that the standards' implementors or consumers try to do.  If we do, we're overstepping the bounds of what authority we can legitimately claim as standards designers.

-Kyle H

On Mon, Feb 13, 2012 at 3:22 PM, Adam Back <adam@cypherspace.org> wrote:
> If you are the voice of the user, you'd be arguing for freedom from mitm by
> robust protocol design.
>
> Its news to me that there are networks that mandate decryption of any higher
> level comms protocols going over TCP/IP on the network.
>
> Closest you get to that kind of thing is voice telecoms where the crypto is
> hop-by-hop and most likely broken by design ciphers etc but there is no SSL
> mitm of 3g/4g gsm-data etc at least in western countries, nor even
> advertised/admitted anywhere else.
>
> Did you have some other example in mind?
>
> Adam
>
>
> On Mon, Feb 13, 2012 at 03:08:59PM -0800, Kyle Hamilton wrote:
>>
>>
>>
>> On Mon, Feb 13, 2012 at 8:36 AM, Martin Rex <mrex@sap.com> wrote:
>>>
>>> The fact that there are products (client-side HTTPS proxies that
>>> perform MITM and inspect content) actively sold and used,
>>> which are vitally dependent on being able to exploit weaknesses
>>> of the existing TLS X.509 PKI security&trust model, is a sure proof
>>> that something is wrong with the existing security model.
>>
>>
>> I completely agree.  The existing security model does not take into
>> account the fact that owners of networks get to impose their own security
>> policies, and aims to do everything it can to prevent useful deployment of
>> interoperable low-security routine key-continuity verification that isn't
>> "pay to play".
>>
>>> I do not think there is value in maintaining backward compatible
>>> weaknesses, and personally, I do not mind the slightest about breaking
>>> those protocol subverting middle boxes, be it by the use of TLS channel
>>> bindings, or the checking of DANE TLSA records.
>>
>>
>> There are environments in which the data sent off of the network MUST NOT
>> be unknown to the network owner/operator.  This is not by any protocol
>> standards body action, but rather by law or regulation.  It's just like the
>> original order from DARPA Command, that TCP/IP would be used on ARPAnet --
>> once it comes down, it's too late to argue.  I think law rather trumps our
>> desire to deprive everyone of the capacity to perform MITM.
>>
>> We can continue to outlaw it, in which case it will continue to exist
>> outside of our sight.  We can continue to do the things we've tried to do
>> before, to break what currently exists and to try to prevent technological
>> subversion in an arms race.  That will only ensure that other standards
>> bodies will step up to fill the void of workable standards for
>> authentication, and ensure that companies will still do anything they can to
>> make a buck and find ways to subvert our in-loco-parentis "you can't do
>> that, it's for your own good" security model.  It's time for us to get over
>> ourselves.
>>
>> There might be a useful compromise: the built-in/vendor-supplied roots
>> show a blue or a green address bar, and non-vendor-supplied roots show a
>> yellow address bar.  Eventually, this might lead to the partitioning of
>> "vendor-supplied state identity service provider" from "these CAs are known
>> to issue to businesses which must ensure complete knowledge of all incoming
>> and outgoing data, but nevertheless provide a useful service to the browser
>> user", with the latter provided by the vendor but also being shown in yellow
>> within the application.
>>
>> Or, you know, any certificate that's issued to * or *.tld could just as
>> easily be displayed in yellow.  Nobody considers that it's ultimately the
>> application developers who decide whether to allow and how to present
>> anything we come up with.
>>
>> I think the existing mandate that everything be authenticated and tunneled
>> end-to-end only hurts the IETF.  We need to develop systems within models
>> that actually work.  I am here as the voice of the user and of the network
>> administrator, the one who needs to be able to trust his hardware and
>> software to do precisely what he expects them to, the one who needs to
>> actually use the services we specify.
>>
>> -Kyle H
>
>
>
>
>> _______________________________________________
>> therightkey mailing list
>> therightkey@ietf.org
>> https://www.ietf.org/mailman/listinfo/therightkey
>
>

v2.23.0 | Report a Bug | By Email