Re: [TLS] draft-rescorla-tls13-new-flows-01 - Thoughts post-meeting

Michael StJohns <msj@nthpermutation.com> Tue, 18 March 2014 03:34 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 700D51A036C for <tls@ietfa.amsl.com>; Mon, 17 Mar 2014 20:34:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5y1rLHzoRtpx for <tls@ietfa.amsl.com>; Mon, 17 Mar 2014 20:34:00 -0700 (PDT)
Received: from mail-qc0-f175.google.com (mail-qc0-f175.google.com [209.85.216.175]) by ietfa.amsl.com (Postfix) with ESMTP id 9DBB11A035B for <tls@ietf.org>; Mon, 17 Mar 2014 20:34:00 -0700 (PDT)
Received: by mail-qc0-f175.google.com with SMTP id e16so6993268qcx.6 for <tls@ietf.org>; Mon, 17 Mar 2014 20:33:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=2GXKTxhYvwyh17Oi9/Rf47rUOaqNpGchGx6YMys0Ges=; b=XYyxd+QMAsuhjq5+wLpCtLnS3f7rnoSEM8GRnqWSBEVdsNS6CfAiLTgxd+9MZTMWyI mC/Z4+ym1DCLjJfpTWE/r7kVFRcBBS4WHWIpZ8i9yUWSC8sMHDm/8660NYheAUNYmH5P hV+wwuH2XwYZ06d4TY93DUJ4OPvfFkw/9sPo4e4CV/uDfPJQy7KLrZDfEswf1BJJclpC dKO4F6v3mJGLOt+65f2W751x5zAx5nDBJ4VBJuN9wqleyMTk1fJvQzSQ3lLkcDN9Oge1 4vx35K2WDb3f+M2Hso+6LFHJlq6gG21bqkKjpBxBfpJz8kWHNsQWRsO86RKENYZnBvaR Qqlw==
X-Gm-Message-State: ALoCoQmOPQ4xZ8xJpSz5b3zOLvFYcyxUCFq9K/TSCKYkR8MHwCfQdG1wd5P5MPw4rbqJx//x9Tom
X-Received: by 10.224.161.140 with SMTP id r12mr32714253qax.24.1395113632122; Mon, 17 Mar 2014 20:33:52 -0700 (PDT)
Received: from [192.168.1.105] (c-68-34-113-195.hsd1.md.comcast.net. [68.34.113.195]) by mx.google.com with ESMTPSA id 73sm24200762qgg.22.2014.03.17.20.33.51 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 17 Mar 2014 20:33:51 -0700 (PDT)
Message-ID: <5327BEA0.3050000@nthpermutation.com>
Date: Mon, 17 Mar 2014 23:33:52 -0400
From: Michael StJohns <msj@nthpermutation.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Eric Rescorla <ekr@rtfm.com>
References: <5325DDA0.9030006@nthpermutation.com> <CACsn0cmLJJGw5cKmbnUT9tftEd0tn4cJQcf1WN7VQQc1GeO-aA@mail.gmail.com> <53260C51.10407@nthpermutation.com> <CACsn0cnKFQdiq8kx3w4SViN20-9UTxA_1riq-A5XJyaqLUQuFA@mail.gmail.com> <53271007.8050902@nthpermutation.com> <CABcZeBNPqrt4garvk=UmgMgEtQQS4ENY2Vk+OyCmMYCJsW4Fxw@mail.gmail.com>
In-Reply-To: <CABcZeBNPqrt4garvk=UmgMgEtQQS4ENY2Vk+OyCmMYCJsW4Fxw@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------090109050607060400070805"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/17B32Zd_hjQ8rfD06sA2QRAq6kE
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] draft-rescorla-tls13-new-flows-01 - Thoughts post-meeting
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Mar 2014 03:34:03 -0000

On 3/17/2014 11:33 AM, Eric Rescorla wrote:
>
>
>
> On Mon, Mar 17, 2014 at 8:08 AM, Michael StJohns 
> <msj@nthpermutation.com <mailto:msj@nthpermutation.com>> wrote:
>
>     And unfortunately, I don't think EKRs proposal does it either.
>
>     There are a few things you need to do symmetric encryption - a
>     mutual key and an agreed upon cipher suite.  EKR proposes
>     retaining the keys and suite from a previous connection and using
>     them to encrypt the negotiation for the next connection.  To do
>     this, both client and server cache the previous keys.   If you
>     have no previous connection, or you or the server have timed out
>     the cached keys, EKR has you fall back to doing an unencrypted
>     negotiation followed by an encrypted negotiation.  Unfortunately,
>     as I understand how this works, the SNI needs to be in the first
>     negotiation so that the director can steer the packets to the
>     appropriate server.
>
>
> Just for clarity, this is not quite what I was proposing. Rather, I was
> proposing that if the cached keys expired, you did an anonymous
> DH exchange, so you get protection for the target server against
> passive attack but not active attack. I agree that you can mount
> an active attack as suggested below, though it cannot be done
> totally transparently.

Right - what I said - you do an unencrypted negotiation by offering an 
ANON suite or suites (probably the latter to prevent DH from becoming 
indispensible) in a clear text ClientHello.  You then re-use the key 
from that negotiation to encrypt the re-negotiation handshake exchanges.

>
>
>     This gets worse when the virtual server director isn't actually on
>     the same server as the actual server, as the director will need
>     copies of the keys in the same timely fashion as the servers.  And
>     that makes the director a big juicy target.  (Seriously a single
>     box with all the session keys for 1000s of sessions with 100s of
>     servers? Let me at it)
>
>
> Note that this situation is a fairly standard configuration for SSL 
> acceleration
> devices in any case. What's different here is primarily that the load 
> balancer
> is not generally required to be trusted.

Yup.

>
>
>      The threat could be partly mitigated by deriving a separate set
>     of keys for "next session encryption negotiation", but that would
>     change the current key expansion stages a bit.  And still begs the
>     question of how keys get from the virtual server to the director
>     so this can be done.
>
>     Another approach might be for the client (only) to retain the
>     public key of the specific destination server, or a special use
>     public key handed to the client by the server as part of another
>     negotiation (and which related private key is shared with the
>     director - said key being very long lived).  Use that to encrypt
>     the SNI (either RSA encryption, or something like ECIES for
>     elliptic curve).   And even use that as the encryption over the
>     negotiation.
>
>
> Without digging too much into the details just yet, it seems to me
> that the key element if you want to have protection against active
> attack is that the client must be able to directly verify that a given
> key is owned by the server in a way that cannot be substituted by
> the attacker. The challenge, of course, is that the information
> that the server uses to authenticate that key inherently reveals
> the server's identity. I see two basic options [0]:
three?

>
> - Have the client acquire the server's key over some untrusted channel
> and accept that it can be monitored the first time.
>
> - Have the server provide a large set of keys (like all the ones that
> it supports) to the client and then the client can choose one.
Do this as a public key operation instead of a symmetric key op, and 
have the server provide a public key specific to the "encrypt the 
handshake" protection during one of the prior connections.  That gets 
cached by the client.

I mention this for completeness.  It has the benefit of not requiring 
the server to cache anything, but the potential downside of a DOS attack 
based on the cost to derive a key.  But that's no worse than an ANON 
negotiation I think.  If you cache the client public key and/or the 
derived shared secret you mostly eliminate that issue (but loses you 
some of the benefit of the approach).

>
> Note that in either case, this represents a commitment by the server to
> use that key through it's expiry window. i.e., it's hard state rather
> than soft state, which people have been so far reluctant to do with
> HPKP. Both of these have obvious drawbacks, so it's a
> compromise.
>
> -Ekr
>
> [0] I'm assuming we restrict ourselves entirely to the TLS channel.
> If we are willing to have data in, for instance, the DNS, there are other
> options for disseminating the initial key data.
>