Re: [TLS] chairs - please shutdown wiretapping discussion...

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 11 July 2017 21:21 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0540E12F268 for <tls@ietfa.amsl.com>; Tue, 11 Jul 2017 14:21:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Level:
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IMcJLpfvLgIO for <tls@ietfa.amsl.com>; Tue, 11 Jul 2017 14:21:20 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E453F12ECF0 for <tls@ietf.org>; Tue, 11 Jul 2017 14:21:19 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 99E08BEBE; Tue, 11 Jul 2017 22:21:17 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s4oc6Hx0_UFl; Tue, 11 Jul 2017 22:21:16 +0100 (IST)
Received: from [10.244.2.100] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 4C301BEAF; Tue, 11 Jul 2017 22:21:16 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1499808076; bh=i27yrwA+I25rMaTZjcfrYUgGdQCnlnqb2NVVeVxYDIU=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=e1qEut9Gd9o6nUEblliL34b9sd5fiLRyPNFEB6LiDP98X5ocjO/Uh9tYZtFgyFyAV D6gwA+KeOrmN+fzEG3/zP86q2u/PWdMuBPBk4sqKzRWTzs0kluC5myiBEOi3RnNsJ8 BTYg+fFwsIEovz7XTbeoM0e/XaYBotrVo73z9YYk=
To: Yoav Nir <ynir.ietf@gmail.com>, Christian Huitema <huitema@huitema.net>
Cc: Ted Lemon <mellon@fugue.com>, tls@ietf.org
References: <E9640B43-B3AD-48D7-910D-F284030B5466@nist.gov> <CY4PR14MB13688370E0544C9B84BB52A3D7A90@CY4PR14MB1368.namprd14.prod.outlook.com> <9693fc25-6444-e066-94aa-47094700f188@cs.tcd.ie> <CY4PR14MB1368BA01881DD9495FE86DF0D7A90@CY4PR14MB1368.namprd14.prod.outlook.com> <d806a69c-af30-c963-a361-91075332a61b@cs.tcd.ie> <F87D7646-DC53-4EF8-A2D8-D0939A0FB351@vigilsec.com> <b9001044-83d7-805c-2a49-c2780401bbf8@cs.tcd.ie> <C4125902-CA3A-4EA8-989B-8B1CE41598FB@fugue.com> <0c87999c-9d84-9eac-c2c4-0f1fc8a70bdb@cs.tcd.ie> <6DA3E09E-5523-4EB2-88F0-2C4429114805@fugue.com> <fa6e64a2-b1c8-9c55-799b-b687b830a246@huitema.net> <26848de4-ce08-8ebd-bd67-ed3af3417166@cs.tcd.ie> <CD0E0745-EA72-41D9-87F6-B40369ED6A70@fugue.com> <bcda4dab-3590-9162-5f5c-c453f7a610ac@cs.tcd.ie> <2500C1F7-480E-44C9-BDB0-7307EB3AF6C2@fugue.com> <d9870cd0-476c-b255-16bd-594e24cd91f0@cs.tcd.ie> <eadd52ec-3f72-7483-864b-8a5251d94bfc@huitema.net> <ACB8BAC5-3560-43EF-B1FB-98F16B5B72B5@gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <104f5108-751a-c8f5-45dc-bf5d7be26f35@cs.tcd.ie>
Date: Tue, 11 Jul 2017 22:21:15 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <ACB8BAC5-3560-43EF-B1FB-98F16B5B72B5@gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="D4unTnFaxvxDR1C0AIO0CNGb5hfOJkuHG"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/1Yjnc8IqcLBQ1RrIkmghxAJCoso>
Subject: Re: [TLS] chairs - please shutdown wiretapping discussion...
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jul 2017 21:21:22 -0000


On 11/07/17 22:10, Yoav Nir wrote:
> If one of the parties to a conversation cooperates with the wiretap,
> this isn’t an attack.
Lemme try on this one again from a different angle.

In classic telephony wiretaps the carrier does the
tap. There are similar situations with TLS...

In hosted platforms (e.g. wordpress.com and many
others) where the senders and receivers (or publishers
& readers) have read and write access via PHP code
and not via a shell, and cannot therefore control web
or TLS configuration, the platform would be doing a
wiretap if it turned this on, whilst colluding with
or being coerced by some other entity that collects
and later decrypts the ciphertext and packets.

Are we agreed that that use-case is wiretapping via
this mechanism?

There are many millions of people who use such
constrained hosted environments.

Cheers,
S.