Re: [TLS] datacenter TLS decryption as a three-party protocol

Colm MacCárthaigh <colm@allcosts.net> Thu, 20 July 2017 16:44 UTC

Return-Path: <colm@allcosts.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6C4C127B60 for <tls@ietfa.amsl.com>; Thu, 20 Jul 2017 09:44:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=allcosts-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id biOHQPvXpLKW for <tls@ietfa.amsl.com>; Thu, 20 Jul 2017 09:43:59 -0700 (PDT)
Received: from mail-yw0-x232.google.com (mail-yw0-x232.google.com [IPv6:2607:f8b0:4002:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55B6F129B15 for <tls@ietf.org>; Thu, 20 Jul 2017 09:43:59 -0700 (PDT)
Received: by mail-yw0-x232.google.com with SMTP id a12so15060588ywh.3 for <tls@ietf.org>; Thu, 20 Jul 2017 09:43:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=allcosts-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=eNEpreL1hgL1SLp693KexCrIXVMbzbCaZv0SVaEz2hY=; b=RuOTJuwP76eYJLwaBPpjWKJCfpXWejtQJKJR4kEUNpX3JyGfh7vmiLxUH96HG0MC92 PVB5Xh/eKpYCKk+acee8GK6HwQKpG07JFNAnWZvX76NHLiHeKdn8nkm1sTagx7faQm9X nfx9VZq4+MssS3JzwV3qDhmq0Uqxk71N1yiUiWhet3yW0ZN/su8swC0E6zelxh8GB1T/ eMF+AA8Cbp0ueHJdAV+XgaZhCKMvu9x2K20lv/qXnnmWxjlWXyp8ndfpMmuCMDOdUz1A ZeDnhscLyK4MhfehzaMm3IcjC4lh4CSiyqhyrQV9FsznpP+0MTqbU5VBcbL/Id7z3ekz xUZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=eNEpreL1hgL1SLp693KexCrIXVMbzbCaZv0SVaEz2hY=; b=MQjxBAlqvTDiAR8s7yi5v76V5eiMzwMC2o/6zgFbBIRdk6J7dLE7vDWIs7EYV/7vpV O2QmaRs01V56k/qZTD74YO6iqxRdQ8YuQH/3Gv0R+y46GVDU4tC//iGAGk0tpZ1KhB/y kK3JqIgmUBCRKNgGG6hdDJHkBdVi57PKHZmLjp61ISGosdArvOwCPcoSjPlPLOALGjVT C/z53IrW3op+ZG+/SUHbdJsjO8bAIzKciAnSmuc6LuKnrLKD84EukKWEJvyM0CeUbvSB jM1yhO+STEIMLnVWpHxGL2guKdI1F1Y9rXbs08pk9aFRO9F0BhT4F58hiOkusJ+hwNkw GQbw==
X-Gm-Message-State: AIVw111gyGKSuKj0fO/jpFRFpN8eeBUik9pMXV/yc1tSVomjhTMbCJyy Ts5bqpgzeV9he6R++vZVfsALcvsYXDfLlpk=
X-Received: by 10.129.177.74 with SMTP id p71mr3605127ywh.388.1500569038371; Thu, 20 Jul 2017 09:43:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.27.4 with HTTP; Thu, 20 Jul 2017 09:43:57 -0700 (PDT)
In-Reply-To: <a5d8e3f6fdd24fae858ce5d1a4c3b36f@usma1ex-dag1mb1.msg.corp.akamai.com>
References: <81de2a21-610e-c2b3-d3ff-2fc598170369@akamai.com> <87796a4e-e958-7119-d91a-b564db2cef39@cs.tcd.ie> <3f9e5ccf-2d5f-5182-5b76-ae24f8e7ecb5@akamai.com> <94ba928f-a6e3-5b10-7bd5-94c22deb5827@cs.tcd.ie> <CAPt1N1kDjeWSXucZJmxNr9rpVOh=hZoXknWn+HzL7sOYTXc4mQ@mail.gmail.com> <CAAF6GDcCnf=O64bnVQXnNHXQAQGY3h5RSjDD0sEE=R1ruEzGcA@mail.gmail.com> <cec29b2f-0bac-0758-569d-d341ee81b842@cs.tcd.ie> <CAAF6GDfyTsn9uqxBhFiw0gUo76xtTCS8jhvKruGyFpFRoB=zOw@mail.gmail.com> <DM2PR21MB00915FC926FEE6F64324E62D8CA70@DM2PR21MB0091.namprd21.prod.outlook.com> <CAAF6GDfSk3z4WfGx5GQ_3YqUWcsF76cqG5HVvLEYxobr8CApTg@mail.gmail.com> <DM2PR21MB00910D605F561667F655D1698CA70@DM2PR21MB0091.namprd21.prod.outlook.com> <a5d8e3f6fdd24fae858ce5d1a4c3b36f@usma1ex-dag1mb1.msg.corp.akamai.com>
From: Colm MacCárthaigh <colm@allcosts.net>
Date: Thu, 20 Jul 2017 09:43:57 -0700
Message-ID: <CAAF6GDcX-Oxeb5iTeL_jWEtNEdWFQb9+SqSkspmTKVf5WZSwrg@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: Andrei Popov <Andrei.Popov@microsoft.com>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c13d5c27e851a0554c2744d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/7NF98iFYSfSEzkAoDuj9CZzYkOo>
Subject: Re: [TLS] datacenter TLS decryption as a three-party protocol
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jul 2017 16:44:01 -0000

On Thu, Jul 20, 2017 at 12:44 AM, Salz, Rich <rsalz@akamai.com> wrote:

> It’s like saying “all browsers that support TLS support wiretapping
> because of the static RSA key exchange.”
>
>
>
> It’s a little disingenuous
>


It sure is! and hyperbolic, but that's the term that people keep applying,
so it's clarifying to use it consistently whenever we talk about this.

While I'm at it, I can't make sense of:

"Using the RSA key to decrypt traffic to your server is wire-tapping."
"Using the RSA key to impersonate and MITM your server isn't wire-tapping."

We'll still support the latter, which is much worse than the former :( I
can't see how offering something /between/ the two, more secure than the
latter, isn't a net improvement on where we'll be with TLS1.3.

-- 
Colm