Re: [TLS] TLS interception technologies that can be used with TLS 1.3

"Salz, Rich" <rsalz@akamai.com> Thu, 15 March 2018 22:42 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36539127419 for <tls@ietfa.amsl.com>; Thu, 15 Mar 2018 15:42:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sd7yo9OAohRj for <tls@ietfa.amsl.com>; Thu, 15 Mar 2018 15:42:27 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5AE41241FC for <tls@ietf.org>; Thu, 15 Mar 2018 15:42:26 -0700 (PDT)
Received: from pps.filterd (m0050096.ppops.net [127.0.0.1]) by m0050096.ppops.net-00190b01. (8.16.0.22/8.16.0.22) with SMTP id w2FMg3Po012188; Thu, 15 Mar 2018 22:42:24 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=ngm0+9zvTYL9gGr2uNiFyoBrE9/RFkuqHS7cjX0I3Bc=; b=dn975VEGH8pu3O4xEW9yMc2oLuaSwBoocyhDnp0hiW/P36z4cA8Lw6LzhgZN2vIuY0yV 1aPceK1Qz4ephku7XEKoYH1l5U6FRNi/YgFAtcIpDTTbYT4bu6qDVS/A3ywnj46KHkYa JjS414tXhmosxfYp6dxvBPNEqqvuIkx475KYu2g0A7BfsAWKdSQ72XNVG3I+3xdxD21U K0oTohwVEOc24oYuBZH+jwfL5Dk7PM67l0OrVuRYZgRblm/7GdmCK3hR7f5pbwfgQJt0 HHL8C5YPnPdbWC1Xh1zHSINbdv4TjcGs2ludlyGPkQ6CBBUpceqJZCliTNhAMHKLlAO/ +Q==
Received: from prod-mail-ppoint4 ([96.6.114.87]) by m0050096.ppops.net-00190b01. with ESMTP id 2gqjee2hm3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 15 Mar 2018 22:42:24 +0000
Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w2FMesnw024644; Thu, 15 Mar 2018 18:42:23 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.53]) by prod-mail-ppoint4.akamai.com with ESMTP id 2gmbk1fbtq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 15 Mar 2018 18:42:23 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb2.msg.corp.akamai.com (172.27.123.102) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 15 Mar 2018 18:42:22 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1263.000; Thu, 15 Mar 2018 18:42:22 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Yoav Nir <ynir.ietf@gmail.com>, Richard Barnes <rlb@ipv.sx>
CC: Hubert Kario <hkario@redhat.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] TLS interception technologies that can be used with TLS 1.3
Thread-Index: AQHTu/LleKIGS5pg0EG93eNA8cP5nqPQ/bqAgABxswCAAGzPAP//zRMAgAB4QwCAAAciAP//vSkA
Date: Thu, 15 Mar 2018 22:42:22 +0000
Message-ID: <619FD02D-8F30-4261-BFE9-22CCFD145BE7@akamai.com>
References: <CACsn0cmNuuG4dhkouNzb=RDfYwG25VaKN7cGhm21wfLk-NmS5A@mail.gmail.com> <9B30F837-8F6A-4AF0-A3BD-69F9AFED5D7B@gmail.com> <2832089.SA8sAEVfAM@pintsize.usersys.redhat.com> <6BC4335A-D2E9-41FC-9F72-04B06594883B@gmail.com> <5CFD360D-818E-41A0-A140-59C283DC6CB0@akamai.com> <CAL02cgQQ7vve5+ndj1tUNgO+eH8cro2Mhhwj-bfBK=BnxECfRw@mail.gmail.com> <A2B23437-63DE-42B0-A29E-3A0635BCA85E@gmail.com>
In-Reply-To: <A2B23437-63DE-42B0-A29E-3A0635BCA85E@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.b.0.180311
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.41.26]
Content-Type: multipart/alternative; boundary="_000_619FD02D8F304261BFE922CCFD145BE7akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-03-15_11:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1803150248
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-03-15_11:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1803150248
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/08IHLUxXuH7Jh0FXIIQcYNmG7lY>
Subject: Re: [TLS] TLS interception technologies that can be used with TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Mar 2018 22:42:29 -0000

I think if we ship the keys over some kind of secure socket layer we should be okay, right?


From: Yoav Nir <ynir.ietf@gmail.com>;
Date: Thursday, March 15, 2018 at 6:41 PM
To: Richard Barnes <rlb@ipv.sx>;
Cc: Rich Salz <rsalz@akamai.com>;, Hubert Kario <hkario@redhat.com>;, "tls@ietf.org"; <tls@ietf.org>;
Subject: Re: [TLS] TLS interception technologies that can be used with TLS 1.3

IIUC not quite. There is an API, so the application that uses the library can get the keys. The application can then save it to a file, send it to a central repository, send it to the government, or whatever else it might want to do.

There is no built-in setting where OpenSSL writes the keys to a file, nor do applications such as web servers do this AFAIK.

It should not be difficult to write, but is not provided in off-the-shelf software.

Making the library send this in-band in some protocol extension is a far bigger endeavor. It’s also a dangerous switch to leave lying around.


On 16 Mar 2018, at 0:16, Richard Barnes <rlb@ipv.sx<mailto:rlb@ipv.sx>> wrote:

Just to confirm that I understand the scope of the discussion here:

- TLS libraries have facilities to export keys from the library
- Obviously, it's possible to ship these exported keys elsewhere (`tail -f $SSLKEYLOGFILE | nc $LOGBOX`)

So all we're really talking about is whether to define a way to do the shipment of the exported keys in-band to the TLS session.


On Thu, Mar 15, 2018 at 3:05 PM, Salz, Rich <rsalz@akamai.com<mailto:rsalz@akamai.com>> wrote:
This is what OpenSSL provides:
    https://www.openssl.org/docs/manmaster/man3/SSL_CTX_get_keylog_callback.html


_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls