IETF Logo Mail Archive

Re: [TLS] datacenter TLS decryption as a three-party protocol

Ted Lemon <mellon@fugue.com> Sun, 23 July 2017 14:33 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E86F129AD1 for <tls@ietfa.amsl.com>; Sun, 23 Jul 2017 07:33:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mcj6v6E-A3TW for <tls@ietfa.amsl.com>; Sun, 23 Jul 2017 07:33:30 -0700 (PDT)
Received: from mail-qk0-x22e.google.com (mail-qk0-x22e.google.com [IPv6:2607:f8b0:400d:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10F1D126C2F for <tls@ietf.org>; Sun, 23 Jul 2017 07:33:29 -0700 (PDT)
Received: by mail-qk0-x22e.google.com with SMTP id y126so44711797qke.4 for <tls@ietf.org>; Sun, 23 Jul 2017 07:33:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=WScJCeJYJrqL6Q4VPhAiBiIgFgO30rUO/4VmZ8/Igec=; b=erI9OQWn2wnVkFTfiXxPa91oJHVXb8AMs81uWuOz549FMRNyG3EOf0wR0CqYuYcJzi RXxlFX/RN3kploHjSQz+L6ukVi64Mgwy0RgK7g43E2HYUE788ilvMcayPp1OdSQA0V5s PgnsmhxNoqRLjemX1Mz5i0lQ0QgGq9aodKRoVODWP4mll+hIACf5vpJYz+MmIbWLqvMS BP++TYhjjslnGA8H5diXY+b77BrqbyhqcK8u9P/rPPkKV4+4ncwEZsg4XvMxLwm+U32e CN7Of0al0ULOzPnA5lwVJJhk/KQXgV4NdHF4GO0FJOE9JNQAQqQjlRXZoRU+3KNR2zaF kIGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=WScJCeJYJrqL6Q4VPhAiBiIgFgO30rUO/4VmZ8/Igec=; b=NrbzyXObm0mTDEMLHpWHxDnG2lX3mtptIvVKdtPi+L+M1PPuJ9LVTjmzp/6GaZxLh3 d1qt481B0J0CKFYNgnKJVN0sGuIVIzg6BZof9nUVYtuXmOFNbzNdU/YmEs06Fw75S/uH FvNkQBVb5oxCSs8UAo8HstjQIJPsACPZk67bmcq+ipdmqP4u0PxNbfMw8Pwl8PLKIjGF qO3oYknzVMkeZnVGejm5b15bPPsPJad42x7QaI//pyEb+5GiTb/JWk5RK0sq8plh7jA+ OeWu36bGADJENcxgRObGouJpjfEO433zQTVamK2QgxzhW7telYV73vxyqwVhYNA04wV6 q20w==
X-Gm-Message-State: AIVw113I1VUDT+Dqx7FJm+lyM+VCFz9lbkkI/8zc/RqBxNDJhcawkL8B 3GcrtjtCNPjWgsb3gjWf5g==
X-Received: by 10.55.19.29 with SMTP id d29mr17067245qkh.296.1500820408906; Sun, 23 Jul 2017 07:33:28 -0700 (PDT)
Received: from macbook-pro-6.w50.lede.home (c-73-167-64-188.hsd1.ma.comcast.net. [73.167.64.188]) by smtp.gmail.com with ESMTPSA id i9sm7233937qtc.66.2017.07.23.07.33.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 23 Jul 2017 07:33:27 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <35FD3356-8300-405A-B8D8-FC2574DB9A56@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_BCE45AE1-4CCF-41CF-B779-12E0FAB509A5"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Sun, 23 Jul 2017 10:33:26 -0400
In-Reply-To: <C0772D29-CB26-418F-981B-BC2E2435E655@ll.mit.edu>
Cc: Ilari Liusvaara <ilariliusvaara@welho.com>, "<tls@ietf.org>" <tls@ietf.org>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
References: <CAAF6GDeFuRy0DN6w3FwmR_nh1G=YBi4+qiEcw0MfSRj4SUCbZQ@mail.gmail.com> <20170720200114.AA2F91A6CB@ld9781.wdf.sap.corp> <06AE85BC-87AD-4CA5-8408-44F670358701@ll.mit.edu> <20170720203238.e66zurx5yn2jja3a@LK-Perkele-VII> <17109486-336E-44C0-B9FC-D65EE14310B5@ll.mit.edu> <20170723070240.x7kmynzmu4jqco5t@LK-Perkele-VII> <C0772D29-CB26-418F-981B-BC2E2435E655@ll.mit.edu>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/6cpYbxlnInoMZo453MxzqOyWqfw>
Subject: Re: [TLS] datacenter TLS decryption as a three-party protocol
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Jul 2017 14:33:31 -0000

I did a little bit of rubber-duck debugging on this proposal with Andrea on the way back from Boston this morning.   It's actually better for the server to secretly use a static key than to negotiate.   Stephen has already explained why: if this is a negotiation, then it's possible for a third party to simply block any negotiation that doesn't allow it.   We have no control over evil endpoints, and it's silly to pretend otherwise.   Pretending otherwise makes us less secure, not more secure.

v2.23.0 | Report a Bug | By Email