Re: [TLS] Rethink TLS 1.3

Jeffrey Walton <noloader@gmail.com> Sun, 23 November 2014 21:40 UTC

Return-Path: <noloader@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FD821A1AAD for <tls@ietfa.amsl.com>; Sun, 23 Nov 2014 13:40:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.101
X-Spam-Level:
X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0GVVyAIl5SEK for <tls@ietfa.amsl.com>; Sun, 23 Nov 2014 13:40:34 -0800 (PST)
Received: from mail-ie0-x229.google.com (mail-ie0-x229.google.com [IPv6:2607:f8b0:4001:c03::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DF6C1A01D8 for <tls@ietf.org>; Sun, 23 Nov 2014 13:40:34 -0800 (PST)
Received: by mail-ie0-f169.google.com with SMTP id y20so7826756ier.14 for <tls@ietf.org>; Sun, 23 Nov 2014 13:40:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=A7AgsaSKGdU/NOr/Dt7wxyKoSPbGE79Jbq+doh8jZU4=; b=V/daHn9S1B8YD/2ekjIW2inuVFCCg5mSxM4Mzs1KMyb9QOkUw1gPtIENSUVKKNNmvq W2sOtpALKAK2KFnRyXfb2/+ni+h1Kf2Pljj2RFefEH+iTiK6FL7F34phxgTyNzAx9GmR b9hkiBXUFGIHw/KZEkyu0MDzpOzrLEJCIueimURX+50P6qUsQKVcgmScKWuURPBZEPg6 7AL2o70XkJd4hYmHlQorgcm+UTAp3kCL5qe99jRk4h/IU43xAxOQT//tOI2Lp+X2sZHX DY+2vB3c1BftdIHeaC8eOq679Pyw4ie+qqOXk2t6185Sbu5rSZJooFdT+vdTmyu/H7jO bGVg==
MIME-Version: 1.0
X-Received: by 10.50.114.199 with SMTP id ji7mr8145166igb.49.1416778833057; Sun, 23 Nov 2014 13:40:33 -0800 (PST)
Received: by 10.107.134.170 with HTTP; Sun, 23 Nov 2014 13:40:32 -0800 (PST)
In-Reply-To: <CA+K9O5QqX1fwLHVguoM4C0n=VAkg5C_ytnBfBTp-ckvCKzFuDA@mail.gmail.com>
References: <CACsn0ckmYrx+S--pP6P7VgjsmqQsoYnp+m-9hTPT-OJ9waUtkA@mail.gmail.com> <5470742A.8020002@streamsec.se> <CACsn0cnKqkHxw0Hudw0OGM1mVxZKJhj04ig2G3KtURtWhYTacw@mail.gmail.com> <CA+K9O5QqX1fwLHVguoM4C0n=VAkg5C_ytnBfBTp-ckvCKzFuDA@mail.gmail.com>
Date: Sun, 23 Nov 2014 16:40:32 -0500
Message-ID: <CAH8yC8myNFg6tkHiA5eAGO8NfXjkUjB6ft9noR3gS_V6m5v3Ww@mail.gmail.com>
From: Jeffrey Walton <noloader@gmail.com>
To: Ralph Holz <ralph.ietf@gmail.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/85sOOY2ulvorq_QvgnRMdASmq-M
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Rethink TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: noloader@gmail.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Nov 2014 21:40:35 -0000

On Sun, Nov 23, 2014 at 8:27 AM, Ralph Holz <ralph.ietf@gmail.com> wrote:
> I'd disagree with the notion of "it is clear what TLS supports" - there is
> no threat model describing the strength of an attacker (and there never has
> been). It's not even clear what TLS means by "authentication".
+1.

The charter could be a bit more clear about the security goals and
objectives. The current charter is more like a TODO or task list. The
task list is good, but the overall goals and objectives would be even
better.

Watson's statement about "interception free connection (sic)" caught
my eye. That's never been a goal (cf.,
http://datatracker.ietf.org/wg/tls/history/).

In fact, the IETF seem to accommodate interception in its standards,
which makes me wonder if its an unwritten agenda. For example, Public
Key Pinning opaquely accommodates interception by allowing attackers
to break pinsets (cf. Section 2.7 of
https://tools.ietf.org/html/draft-ietf-websec-key-pinning-21). And the
ability to surreptitiously break a pinset is not listed in security
considerations.

Interception support is so pervasive at times I'm wondering when the
PKIX WG is going to allocate INTERCEPTION as a certificate Key Usage.