Re: [TLS] RFC4492bis - Removing ECDH

Michael Clark <michael@metaparadigm.com> Sun, 11 January 2015 02:17 UTC

Return-Path: <michael@metaparadigm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8BC91A0A85 for <tls@ietfa.amsl.com>; Sat, 10 Jan 2015 18:17:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.378
X-Spam-Level:
X-Spam-Status: No, score=-0.378 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, GB_I_LETTER=-2, IP_NOT_FRIENDLY=0.334, J_CHICKENPOX_22=0.6, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qsM8JWZvw2Yt for <tls@ietfa.amsl.com>; Sat, 10 Jan 2015 18:17:22 -0800 (PST)
Received: from klaatu.metaparadigm.com (klaatu.metaparadigm.com [67.207.128.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00AF31A0373 for <tls@ietf.org>; Sat, 10 Jan 2015 18:17:21 -0800 (PST)
Received: from monty.local (unknown.maxonline.com.sg [58.182.90.50] (may be forged)) (authenticated bits=0) by klaatu.metaparadigm.com (8.14.4/8.14.4/Debian-4) with ESMTP id t0B2cphX011751 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for <tls@ietf.org>; Sun, 11 Jan 2015 02:38:55 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=metaparadigm.com; s=klaatu; t=1420943937; bh=EOSUQ9z5anmad0m1oLO1cLo2X2P8C/rPQ/IA5/gotCg=; h=Date:From:To:Subject:References:In-Reply-To:From; b=RHQecGkuXmJICIEpjeQUDRluayG1rdKMaSOM/Tlt0ejp5b645ixq6T5A86dQ7n73D cux5LNHy25RcYWgHdVvq7Sg2iqE83qX+XziUbkFxeUSIGfMLey3oyRcGQHwgJ/cSgP 9tXJOeiP9Yiib90wryLKWywRVWOTNJ7RihZmkY/w=
Message-ID: <54B1DD25.8090305@metaparadigm.com>
Date: Sun, 11 Jan 2015 10:17:09 +0800
From: Michael Clark <michael@metaparadigm.com>
Organization: Metaparadigm Pte Ltd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
References: <274716D0-EC91-4131-A8F7-CD13A9B42CE7@gmail.com> <CA5F50E8-9FEE-481D-85B5-9DEAB333F4A8@gmail.com> <54ADE9B6.4080700@metaparadigm.com> <702F318A-FE04-45F7-8CA1-30256D628CF7@gmail.com>
In-Reply-To: <702F318A-FE04-45F7-8CA1-30256D628CF7@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.98.4 at klaatu.metaparadigm.com
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/-xTELEkfG6bfdNzDIStgedz25XY>
Subject: Re: [TLS] RFC4492bis - Removing ECDH
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Jan 2015 02:17:26 -0000

tl;dr

> #4 is a TLS proxy. And it does get noticed, because you don’t trust Gogo’s CA, so it’s not so great as an attack. I do wonder why they would apply it to Youtube of all services. Filter out video clips with crashing planes?

I've come to the conclusion that the GoGo full proxy case is impossible
to do anything about but is highly visible to the user. It's like being
on an Island in the Sky without much Internet, a big cache and a high
latency satellite link. It reminds me of New Zealand Internet in the mid
90s when I worked at an ISP with sat and copper submarine cables. The
router guys did policy routes to send latency sensitive stuff over cable
(SYN,SYNACK,ACK) and bulk transfer to latency insensitive stuff over
satellite (NNTP). Similar mechanism to the grey box (see below).

| |
 O -< full proxy
| |

If GoGo were smarter, they would put a trusty looking logo on their WiFi
captive portal signin pop-up e.g. a gold crown with a red seal and
ribbon; like those on a Reader's Digest prize letter; asking users to
install and trust their certificate for "Enhanced in-flight security".
Put an advertisement for Fidelity A-ssurance and a picture of Benjamin
next to it, and then you can just generate certificates "on the fly"
after snarfing out all of the ASN.1 fields from the remote end. They
could even do EV and point to their own OCSP. Any address they like (NAT
and anycast). Conclusion: Bank in Hawaii, but fly there to make withdrawals.

However I believe that GoGo is kind of a cover story to show off crude
tampering to mask much more subtle tampering.

In fact there is no way around someone who is friends with a CA as they
can implement a full proxy, especially if they have insertion points at
all major POPs, deep packet inspection and selective policy routes to
send you off to their grey boxes. Public-Key-Pins will only work if you
initiate your first connection on a network you know is trusted. i.e. at
the office. When you know the Tier 1 (backbone) in your own country is
part of the five eyes then all bets are off. Vodafone fessed up and made
a public statement about the 5 countries and they *don't approve*
http://www.bbc.com/news/business-27732743

If *they* can compel Vodafone then they can compel a CA or 'Chorus' our
own Fibre backbone provider to do whatever they want. Who knows what
they are doing? Everyone. The law is "search warrant" and "probable
cause". Wholesale wiretapping is illegal in almost all democracies. OK,
it's a "representative" democracy. I'm a-political. Who cares what crowd
gets in. Mil is going to be there either way. Military or Militant.
What's the diff? One drives a fiat apparently.

| |
¦ ¦<- pass-through tampering.
| |

There is a more subtle pass through case where handshake messages can be
tampered with (without access to a CA, just an Internet coffee bucks
WiFi tap). Allows attacks such as editing cipher lists and any other
associated handshake metadata (curve format extensions, switching on
compression) that are not properly authenticated. Until I am certain
they are completely mitigated I remain skeptical.

I am still thinking about pass-through tamper mitigation using random
constant as AD and MAC for all pre-kex handshake messages and having the
server returning the client MAC it saw from the client signed with its
RSA or ECDSA key (and notify that all were equal including its original
ServerHello MAC signed in the Finished message (given ChangeCipherSpec
is proposed to be removed). Both can do this when they have a shared
chain of trust and the client offers a certificate.

Until I've finished my proxy, its just reasoning from auditing the spec.
I am curruently unsure how MITM handshake tampering in the rouge WiFi or
ISP active tapping case is mitigated. I've read SCSV but it confuses me
a little. If it's in the clear and unauthenticate it can be tampered
with. Any slightly milicious WiFi provider can do NAT and transparent
proxy, introduce delays, drop handshake messages and rewrite cipher
lists and extensions for anything not authenticated.

Just wiresharking again... I can't see why I can't try to emulate
WindowsXP ClientHello in a pass through proxy, by dropping, delaying or
rewriting messages I don't like (including fallback).

Windows XP IE 8 offers a 1.0 CLientHello often gets given
TLS_WITH_RSA_RC4_128_SHA. Firefox has a 1.2 ClientHello and it gets
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 but TLS_WITH_RSA_RC4_128_SHA is
offered in its ClientHello and it can talk TLS1.0.

MiFi could fool a client into thinking all servers are TLS1.0 (for
servers that still support TLS1.0)? and downgrade them to
TLS_WITH_RSA_RC4_128_SHA and rewrite/filter their responses. Still we
can't easily crack RC4. We'd need a huge black building in the dessert
with acres of GPUs or a cave under a mountain, protected by ninjas.

It seems the other direction is minimizing negotiation and removing
extensions. Make SNI mandatory field. No compression. No renegotiation.
It's all wise stuff. Label all cryptographic primitives with 'notional
labels' in the spec so everything is pre-negotiated. Sign the chosen
label with random salt. Return all offered and negotiated parameters
signed after the kex (small negotiation or an HMAC known to the other
end). Make TLSv1.3 require all of the existing primitives such as  curve
point formats, and make everything based on a tiny label.

enum ssf { ssf56, ssf112, ssf168, ssf224, ssf336, ssf448, mssf56,
mssf112, mssf168, mssf224, mssf336, mssf448 };

enum kex { kex_dh_anon, kex_psk_rsa, key_ffdhe_rsa, kex_ecdhe_rsa,
kex_psk_eddsa, kex_ecdhe_eddsa };

enum orphan { srp }; /* protocol layer auth? */

Still, even when the negotiation is small, if *all* parameters offered
in the Hellos are not returned signed (or by using a AD anti-tamper MAC
of the negotiation parameters), then we can still be downgraded to ssf56
if we were to offer it in the range we are willing to accept.

We want to know if we offer a range from ssf112 to ssf448 that ssf448 is
an option and we are not going to be downgraded to ssf112. All
negotiation parameters need to be signed no matter what the chosen kex
is, and in the symmetric case (psk or client and server certs), then
both ends can detect tampering (except in the crude case with RSA and
compromised CAs). It makes downgrading hard instead of trivial.

That said, SCSV helps mitigate without an overhaul of the handshake and
I can understand why it is there. This is not despite SCSV, as
fundamental changes to TLS negotiation and authentication are much more
intrusive changes; and even with a solid spec there are chances of
implementation bugs. We are humans.

P.S. I'm not on any sec list; as if I was I would have a duty to keep
quiet. I'm just auditing the spec based on public discourse and am not
under any non-disclosure agreements expressed or implied. Just a candid
third eye.


=====================================================================
TL;DR Free Idea - semi-off-topic - symmetry likely already considered
=====================================================================

It seems to me pinning and so forth are just papering around lack of
tamper-resistance in TLS handshakes and CA transparency and the price of
random bits. It's harder to change TLS but if you make changes to
servers and clients that have common issues then browsers can mitigate
using a common mechanism. Pinning. We all have a common interest. Public
audit records for CA make huge sense. The cert is offered by the server
so the CA should let you look in an audit trail of fingerprints. But
re-issue doesn't imply revocation (unless it's handled like a domain
transfer). Hard problem.

A TLS derivative (essentially policy) could add (or remove) symmetry and
make CertificateShare (either chained or self-signed) a requirement for
clients (browsers, or whatever). This would allow the servers to see if
clients were being impersonated if they stored client certs (or simply
fingerprints, like sessions, in a paxos/flashcached), on behalf of the
user, to allow service providers to give their users protection against
impersonation (most good people don't want their identity stolen), and
at the TLS level (essentially making them device certificates) using
pre-existing functionality. At the moment we have n-methods of
impersonation protection (all on behalf of users) for n-service
providers. HTTPS/SMTP(TLS) everywhere would let service providers
leverage RSA or EdDSA for protection of their users against identity
theft. We clearly need (tamper-resistant) TLS everywhere. In support of
AGL, Google, Firefox and everyone else working on TLS and Internet
security in general. I'm just adding to the fire. Soon we will need some
SMTP providers to start blocking based on certificate verification. Of
course an anonymous client cert with a random common name could only be
used for "confidence" after seeing it behave in a particular way
repeatedly. It seems Asia needs a lot of work:

  http://www.google.com/transparencyreport/saferemail/

Anonymity would then become at the expense of CPU cycles. i.e. Opening
up an incognito window would require cycles to generate a key and
self-signed certificate. Sending anonymous SPAM would require more CPU
cycles and it would have no effect on solicited bulk mail performance as
legitimate mailers aren't trying to get their certificate fingerprints
blacklisted. We could use certs in DNSSEC for SMTP blacklists (as one
example). Back to stamps for mail.

This would allow a server to detect someone trying to impersonate a
client using the same mechanisms the client can use. i.e. signing of the
handshake MAC in both directions when both sides have a cert.

Servers could have an MCU (most commonly used) cache to expire client
certs (or just their fingerprints). i.e. scaling the fingerprint expiry
based on frequency of usage. i.e. Bayesian confidence in the association
between a user and their certificate. Paranoid clients could generate a
new cert for each domain. It takes ~200ms to create a 2048bit RSA key.
This would make unsolicited bulk mail expensive.

Attackers that wanted to make wide attacks would be CPU bound as honest
clients and servers do key generation infrequently. Anyone who wanted to
be trusted would leave fingerprints.

This would make anonymous SPAM (SMTP with MX DVSNI vs self-signed certs)
add almost no extraordinary expense for normal usage but anyone covering
their tracks would have to use lots of CPU.

Browsers might someday start serving up certificates to servers. The
question is whether they prompt the user? prompt for policy choice? or
do so implicitly to protect the identity of their users? That's policy.
Not my area. Just putting ideas out there based on public knowledge from
lots of awesome people (judgement is half perspective).

Michael.