Re: [TLS] chairs - please shutdown wiretapping discussion...

Colm MacCárthaigh <colm@allcosts.net> Mon, 10 July 2017 16:42 UTC

Return-Path: <colm@allcosts.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA8381317DA for <tls@ietfa.amsl.com>; Mon, 10 Jul 2017 09:42:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=allcosts-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1V3x_tfe8zK4 for <tls@ietfa.amsl.com>; Mon, 10 Jul 2017 09:42:15 -0700 (PDT)
Received: from mail-yw0-x22e.google.com (mail-yw0-x22e.google.com [IPv6:2607:f8b0:4002:c05::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA29F1317D7 for <tls@ietf.org>; Mon, 10 Jul 2017 09:42:15 -0700 (PDT)
Received: by mail-yw0-x22e.google.com with SMTP id v193so38148505ywg.2 for <tls@ietf.org>; Mon, 10 Jul 2017 09:42:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=allcosts-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=JpCnTP4I++yxKyHC4OSIUNZL+P5qu39DdPapdwhveeM=; b=Xh9dyJ6RLpPeclzPs2Sgas0vbVMmPfGWtjmihiuxT9oZDdlRjffOOX/gcwVq6oxZNH e4iX9e66fyBmoUpN/3oV8NteYpUCnrTS4CQDVCsV64rov/xaquxdu9GzPtBtsJoxupTb 0B7ByQOER2BuKyBk378hN9Jw4JwA2abJOrYJ73sL2yOZYM2uksoKt9XywrJXUbO/G8s5 9XMRLaI295ci7oaeDKhmW8lKkTofjf2G1UXaZeAsA1cYHX//C8Uv5L5M1SsyVW6MYetH 8EwbKlF1s3Y/u/vA8FwgNtGxpH1M7G2Lxs4g5Ry2PkIqTncKohU6+CcAmzq+sCf/vXwX juog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=JpCnTP4I++yxKyHC4OSIUNZL+P5qu39DdPapdwhveeM=; b=JVFe/pzlFGRQ91xza9XOQsM/gDYqgdoFG8cSn+uyjsC5dXHOAyFfH0zK2eF5uACUdj 0hV6JZfTCtYBZ/AfwBuJ1ITKjsYWnu4xpHTCC2o6QnMV/RGQ5ARbDljsbNIbbZIo4Y7J JrKs3MpeAbDuGZ5Zr+vGmM1OFuHI4JUfG2jnBzeVrjo7m4YZOMzhSztizeK6I+qE758J b3/WtwyC0L+qyfEAu1MgW/djaTMuWqdJ/tItLa5PbzzfJiYBB4wt61QxDtqMdT7G3IVV L3X2inxlICKSh7C63CgzObarbaXTrTrfD1ZJWGBjb726phjmG09VtAODVLN5mtodl0mZ 12Kg==
X-Gm-Message-State: AIVw112Jc9Ltu94CNe/rqRhnnU9JpeUa9uw1gprXYjd44OA514bJ1C44 y7gYACpbrn1UhHKQjSmhRd1J4PDWyQ2c
X-Received: by 10.129.189.17 with SMTP id b17mr1570339ywi.182.1499704934948; Mon, 10 Jul 2017 09:42:14 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.27.4 with HTTP; Mon, 10 Jul 2017 09:42:14 -0700 (PDT)
In-Reply-To: <1499699684.2933.20.camel@redhat.com>
References: <E9640B43-B3AD-48D7-910D-F284030B5466@nist.gov> <1499699684.2933.20.camel@redhat.com>
From: Colm MacCárthaigh <colm@allcosts.net>
Date: Mon, 10 Jul 2017 09:42:14 -0700
Message-ID: <CAAF6GDe1RBgPbh1y-sVdPkN5FWV6NFuYxOgZJEEvZr+0O4vcWg@mail.gmail.com>
To: Nikos Mavrogiannopoulos <nmav@redhat.com>
Cc: "Polk, Tim (Fed)" <william.polk@nist.gov>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="089e08250514eacb1a0553f943cf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/7PyoPrHFh5F2RPazCZ9lWpQ7JZQ>
Subject: Re: [TLS] chairs - please shutdown wiretapping discussion...
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jul 2017 16:42:17 -0000

On Mon, Jul 10, 2017 at 8:14 AM, Nikos Mavrogiannopoulos <nmav@redhat.com>
wrote:

> Certainly, but that doesn't need to happen on this working group, nor
> protocols which implement similar solutions need to be called TLS.
>

I'll belabor this point: rather than thinking about what these providers
are owed, which is nothing, it is better to think about what is best for
TLS overall. Selfishly, I have a strong preference to see TLS1.3 succeed
and that within a matter of years, we no longer have to support TLS1.2 or
earlier versions.

If some networks and operators feel that they can't feasibly use TLS1.3,
they're very likely to stay on the older versions. We could consider
brinkmanship; and see who blinks first if we try to disable the older
versions anyway, but that's a gambit that often makes hostages out of
innocent users, and can end up serving to taint TLS1.3 with reliability
issues and hold back its adoption.

It's clear that there is a strong distaste here for the kind of MITM being
talked about, and many wish not to give it any kind of stamp of approval
within the standard; that that itself would also taint TLS1.3 with security
concerns. Proxies are proposed as a work-around instead, as it avoids any
changes to protocol. But this seems like cutting our noses off to spite our
faces. Proxies tend to be always-on and render plaintext much more
accessible than a tcpdump tap. Proxies are also inline, read-write, and
subject to exploit in a worse way than a tcpdump tap (which can be network
isolated). In real security terms, I absolutely buy that proxies would be
worse for overall security and all of the properties that TLS is supposed
to provide, in some environments. That would seem like a bizarre conclusion.

-- 
Colm