Re: [TLS] draft-green-tls-static-dh-in-tls13-01

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Thu, 13 July 2017 15:09 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24F8512741D for <tls@ietfa.amsl.com>; Thu, 13 Jul 2017 08:09:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BmECLx08Ax80 for <tls@ietfa.amsl.com>; Thu, 13 Jul 2017 08:09:02 -0700 (PDT)
Received: from mail-pf0-x229.google.com (mail-pf0-x229.google.com [IPv6:2607:f8b0:400e:c00::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7685812ECB0 for <tls@ietf.org>; Thu, 13 Jul 2017 08:09:02 -0700 (PDT)
Received: by mail-pf0-x229.google.com with SMTP id c73so30896378pfk.2 for <tls@ietf.org>; Thu, 13 Jul 2017 08:09:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=J5qsgwhy8/OctqKRV9xyiO7255aN5HHgNLCqvKv+Abg=; b=rkfstBhtobcNMxexi99emj8hp7WTkKAl5IsFIFCwwyeIXunNtJ9ECnbRAYuiPozUWT AfqHRkhfwYjOTV6Jg8I5tfRjinZSKYd9HGYYEmIX9oA15e6+C13Gip7TdkmrKlCdB3Th hpksHPJdXInw66DR4jKHVfrsDC59unNrvJKhZkEibBH75ucMVGDWOIMGWUrACplM9AqW DfAmELeEpRQfaG5ETZKGIVj95zUT1atS+Sf8JEm5zdtgGsDOSaMYctwQZUhIkEb7/jA+ 5O+tbje971lBaixVWyxAZS2Ow095anUV8tkdxngUkZNDidfckwoCl/fjKBbUlO72qNJk Yc+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=J5qsgwhy8/OctqKRV9xyiO7255aN5HHgNLCqvKv+Abg=; b=G1aeJxysUbQknT1pALprGRJne3PC9Rv2jUhYXAwav2/Gjtspb/Kx+0In8OOgnKEc0+ osmBB9OOweNGKayQU561TeOIvd17VaFmA/svTjl6BOAhjHG8RPg01V5svwga/ogbWzIG HCKyGIcjLB6+iy4O5adf9xcMkTGSoThyDnXcmmbGbYN/LiB4twQG14F70GyIQAf/AifK Ezb4rO/0bCufquEBQhFRwIBzMnWCe6YIiQ3sV3U79yXUSMUSCiRhuSQxosQd8yB/BHCr kPmz1Pxh1+Q4sHclMzTOI4IvEvx5w8vdUZPjWAEEwHAPPI1YO32VqeSZBCoaOdsPO3cd opGw==
X-Gm-Message-State: AIVw112bVFb2cHKi8CiQEKBpzIaWJaSqVRMlBY0L5bkJk2opOy1Dq4W1 VLGHzrsiQaX4dkPJJnQvjA68ktImdg==
X-Received: by 10.98.7.204 with SMTP id 73mr92684pfh.110.1499958541937; Thu, 13 Jul 2017 08:09:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.180.193 with HTTP; Thu, 13 Jul 2017 08:08:21 -0700 (PDT)
In-Reply-To: <CABkgnnU5XTYPoTS8if7H+TknH3JtitRYbL3OnZRyF5UDcEd43w@mail.gmail.com>
References: <D7648213-261E-4A26-BD6A-A5CB7F036D2C@gmail.com> <e0f078a7-5ef7-7cd2-8e88-dceea13638e7@cs.tcd.ie> <2F25802B-195C-47A9-8270-5EF487A1F925@gmail.com> <CABkgnnU5XTYPoTS8if7H+TknH3JtitRYbL3OnZRyF5UDcEd43w@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Thu, 13 Jul 2017 11:08:21 -0400
Message-ID: <CAHbuEH5501c+T+FSpGiU8iysNU=vG=kEfGDEgrR5onJ8wJT89w@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Steve Fenter <steven.fenter58@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/4KDJLMJCWsgDJm6xlPz53ZIJEpc>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jul 2017 15:09:04 -0000

Hi Steve,

Thanks for taking the time to detail out your concerns and current use
cases.  This is helpful.

On Tue, Jul 11, 2017 at 9:39 PM, Martin Thomson
<martin.thomson@gmail.com>; wrote:
> On 12 July 2017 at 09:59, Steve Fenter <steven.fenter58@gmail.com>; wrote:
>>> And if you had one an estimate for how much malware does it's own
>>> obfuscation or home-grown crypto in addition or instead of using TLS.
>>> The reason to ask is that as soon as malware does that then you
>>> are back to analysis based on ciphertext only. From descriptions
>>> of advanced attack schemes, they do seem to do both when calling
>>> home or exfiltrating data. In which case I think your argument
>>> falls.
>>
>> I don't have any numbers for home-grown crypto.  I would think the odds are better for the enterprise if they can decrypt and inspect whatever portion is TLS.
>
> Wouldn't malware avoid connecting to servers that offer the wrong
> credentials?  Implementing elementary key pinning or overriding trust
> anchors is pretty trivial - it's a feature that enterprises frequently
> rely on after all.

It sounds like for malware, we could do something to better document
your security options as well as monitoring.  While the documentation
is there for key pinning and trust anchors, this might not be obvious
to network managers - what RFC to look at and how they fit together.

The points Stephen, Ted, Martin have made are good.  A TLS overview
document with an appendix of use cases might be a good start to help
fill this gap for operators.  Even if it isn't published, we could
figure out wiki space or something like wikipedia to make sure it's
available to operators. If the start of this documentation looks like
it will generate new work developing alternate ways to accomplish the
goals while maintaining the integrity of TLS, a new WG could even be
an option.

For malware, the proposed solution (Matt Green draft) isn't a great
fit as the server side won't be managed within your enterprise to
allow for the decryption described in the proposal.

For the other parts of your original message that were snipped from
this thread, I have a few questions/comments to see how we might be
able to narrow the scope and clarify a few things.

For the Troubleshooting description, could redefining the end point of
the server work as terminating at a load balancer to help with at
least some of your use cases?

For the threat detection and security analytics, I know a number of
current products rely on the ability to TLS.  The primary concern here
would be the remote server not managed by the enterprise.  TLS 1.3
prevents this from being possible and the proposed draft doesn't help,
so I think it would be best to figure out a way forward for this use
case either with the help of MILE (incident responders) or others.
Currently products use proprietary methods to accomplish this task (at
least some do).  For DDoS, the experts say they can work with
fingerprints of encrypted streams, so it's other attack types that may
require some thinking through of options.  I'm happy to chat about
that as I've done a lot of work in incident response and know of
others that may be able to assist as well.

I'm still reading through messages and drafts on this topic, so this
message should not be read as a position on either side, but more to
narrow the scope if possible and think through what is being requested
and why - so it is clarified.

Thanks.
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls



-- 

Best regards,
Kathleen