IETF Logo Mail Archive

Re: [TLS] datacenter TLS decryption as a three-party protocol

Benjamin Kaduk <bkaduk@akamai.com> Wed, 19 July 2017 16:59 UTC

Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25EDB129482 for <tls@ietfa.amsl.com>; Wed, 19 Jul 2017 09:59:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dHNB4dHsVAxy for <tls@ietfa.amsl.com>; Wed, 19 Jul 2017 09:59:01 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC8CA128C81 for <tls@ietf.org>; Wed, 19 Jul 2017 09:59:01 -0700 (PDT)
Received: from pps.filterd (m0050095.ppops.net [127.0.0.1]) by m0050095.ppops.net-00190b01. (8.16.0.21/8.16.0.21) with SMTP id v6JGVvLC017154; Wed, 19 Jul 2017 17:58:55 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=subject : to : references : from : message-id : date : mime-version : in-reply-to : content-type; s=jan2016.eng; bh=j1P9XJIuqY/Ha7ikn31SIc68dg3yrfiD2/reZHUVB+U=; b=i6ROmzBDTo8Z8g1CArAofcM7qXdrGdDoaolP09cZsOMMTFc4y5HYtbf2W9L0ANaXf0vo lwVLFdUiepVfOqzgNtHQVkUNoOXCV/c3R4B5r/KSi5tq7RP/n2w0LlmxBdnw9fUCSueK v7egaksNuWX+bZ9Dl9MW4zqb6bhZXCakjc+Jl+Qs0bCM6wK5jV8QZDIBEyvjzl48vcgp AmdrHQVTkrvD/OLdiRb97nbwWwfhcL/dtpYkcbsoO8v/A3nkFYG+TjrYDXcKO4QKlUmJ xHxbzMIfov00uGLMJ27vJevi2VkEYaDIV6g2tpeopKDNYFrXpeHchF6RFNEQCdmfLDzi sg==
Received: from prod-mail-ppoint1 (a184-51-33-18.deploy.static.akamaitechnologies.com [184.51.33.18] (may be forged)) by m0050095.ppops.net-00190b01. with ESMTP id 2bt1abt9q4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 19 Jul 2017 17:58:54 +0100
Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.17/8.16.0.17) with SMTP id v6JGaVUF031919; Wed, 19 Jul 2017 12:58:53 -0400
Received: from prod-mail-relay10.akamai.com ([172.27.118.251]) by prod-mail-ppoint1.akamai.com with ESMTP id 2bqecud0ys-1; Wed, 19 Jul 2017 12:58:53 -0400
Received: from [172.19.17.86] (bos-lpczi.kendall.corp.akamai.com [172.19.17.86]) by prod-mail-relay10.akamai.com (Postfix) with ESMTP id 523FA1FC71; Wed, 19 Jul 2017 16:58:53 +0000 (GMT)
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "<tls@ietf.org>" <tls@ietf.org>
References: <81de2a21-610e-c2b3-d3ff-2fc598170369@akamai.com> <87796a4e-e958-7119-d91a-b564db2cef39@cs.tcd.ie>
From: Benjamin Kaduk <bkaduk@akamai.com>
Message-ID: <3f9e5ccf-2d5f-5182-5b76-ae24f8e7ecb5@akamai.com>
Date: Wed, 19 Jul 2017 11:58:52 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <87796a4e-e958-7119-d91a-b564db2cef39@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="------------78A896BA47A28AB8E9FC40C6"
Content-Language: en-US
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-07-19_10:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1706020000 definitions=main-1707190274
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-07-19_10:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1706020000 definitions=main-1707190273
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/6K6r4VYoVYmVfr_ehg2__SlEEXs>
Subject: Re: [TLS] datacenter TLS decryption as a three-party protocol
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jul 2017 16:59:03 -0000

On 07/19/2017 11:49 AM, Stephen Farrell wrote:
>
> On 19/07/17 14:09, Benjamin Kaduk wrote:
>> As Stephen noted in his presentation, a lot of the proposals for passive
>> decryption can be seen as trying to turn TLS from a two-party protocol
>> into a three-party protocol.  Which is probably the right way to think
>> about it, even when all (three) parties are within the same
>> administrative domain.
>>
>> Stephen also said something about it being hard to shoehorn a
>> three-party protocol into the API for a two party protocol.  But
>> depending on the specifics, maybe it's not so bad.  For example, if the
>> only semantics you need are a new API for "this is the list of third
>> parties I authorize to wiretap this connection", the scope seems fairly
>> limited.
> I would question the size of the set of applications for which the
> semantics of such a list/interface could make sense. For example,
> asking a person if they're ok with some random IPv6 address spying
> on a TLS session makes zero sense for example.
>

Sure, some random IPv6 address makes no sense, and is not
cryptographically bound to anything.
On the other hand, "this (semi-)static DH key is one currently used by
my enterprise's network monitoring system, and is allowed to read my
traffic" seems closer to what is being asked for.

As has been said downthread, the recommendation is not "you should
always use this thing", it's "you should do TLS 1.3 without backdoors,
but if you really need to, this is a way to do so with known and limited
properties".

-Ben

-Ben

v2.23.0 | Report a Bug | By Email