Re: [TLS] TLS Proxy Server Extension

"Kemp, David P." <DPKemp@missi.ncsc.mil> Wed, 03 August 2011 20:55 UTC

Return-Path: <DPKemp@missi.ncsc.mil>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5E7111E808C for <tls@ietfa.amsl.com>; Wed, 3 Aug 2011 13:55:48 -0700 (PDT)
X-Quarantine-ID: <EB-lz4qiZUDu>
X-Amavis-Modified: Mail body modified (defanged) by ietfa.amsl.com
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BANNED, message contains part: multipart/mixed | application/ms-tnef, .tnef, winmail.dat
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EB-lz4qiZUDu for <tls@ietfa.amsl.com>; Wed, 3 Aug 2011 13:55:48 -0700 (PDT)
Content-Type: multipart/mixed; boundary="----------=_1312404948-28110-1"
Content-Transfer-Encoding: binary
MIME-Version: 1.0
Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.50.20]) by ietfa.amsl.com (Postfix) with ESMTP id 08C1E11E807C for <tls@ietf.org>; Wed, 3 Aug 2011 13:55:47 -0700 (PDT)
Received: from AUGUSTINE.missi.ncsc.mil (augustine.missi.ncsc.mil [144.51.60.33]) by stingray.missi.ncsc.mil with ESMTP id p73KtwGj097211; Wed, 3 Aug 2011 16:55:58 -0400 (EDT)
Received: from DABECK.missi.ncsc.mil ([144.51.60.15]) by AUGUSTINE.missi.ncsc.mil with Microsoft SMTPSVC(6.0.3790.4675); Wed, 3 Aug 2011 16:56:07 -0400
Date: Wed, 3 Aug 2011 16:55:57 -0400
Message-ID: <C1A47F1540DF3246A8D30C853C05D0DA03DE24AC@DABECK.missi.ncsc.mil>
In-Reply-To: <2A88269D-38AF-4695-8DD0-0543C2391423@cisco.com>
References: <201108011615.p71GFGMT019612@fs4113.wdf.sap.corp> <2A88269D-38AF-4695-8DD0-0543C2391423@cisco.com>
From: "Kemp, David P." <DPKemp@missi.ncsc.mil>
To: "David McGrew" <mcgrew@cisco.com>, <mrex@sap.com>
Cc: tls@ietf.org
Subject: Re: [TLS] TLS Proxy Server Extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2011 20:55:48 -0000

WARNING: contains banned part
--- Begin Message ---


From: David McGrew
> On Aug 1, 2011, at 9:15 AM, Martin Rex wrote:
>>  If the proxy terminates the clients
>> TLS connection and establishes a new connection to the real server,
>> then it will have to impersonate the real server to the client
>
> No, that's not right, at least not if "impersonate" is meant in the  
> cryptographic sense.   If "impersonate" is meant in the sense that a  
> proxy can modify the traffic passing through it, then yes, that is a  
> goal for the system; it is a requirement if TLS is to be used to  
> protect communications when an HTTP proxy is present (for many types  
> of proxies).

A TLS connection between S and C provides integrity protection (which by
definition is impossible without authentication): C knows that data it
receives is identical to that sent by S.

How do you propose to define roles that extend integrity properties to a
three-party protocol?  C must know that data it receives from S is sent
by S, with no insertions or deletions.  And that data it receives from P
was sent by P with no insertions or deletions.  "Modifying" traffic is
fundamentally incompatible with data integrity - the concept is
meaningless.  There must be either two independent unmodifiable data
streams between C and S and between C and P, or there must be a single
stream between C and P, where C trusts P to be the data provider without
knowing or caring where P got the data in the first place.  That is what
is meant by impersonation.

In an application protocol it would be appropriate to tag sections of
data that have different properties and originated from different
sources - think chat room, or a portion-marked word document.  TLS
claims to protect an application-independent data stream - I have no
idea how you define semantics of a 3-party "session" without becoming
application-specific.

Dave
--- End Message ---