IETF Logo Mail Archive

Re: [TLS] Please discuss: draft-housley-evidence-extns-00<

<home_pw@msn.com> Fri, 26 January 2007 18:31 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HAVr4-00024t-19; Fri, 26 Jan 2007 13:31:18 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HAVr2-00024Z-1l for tls@ietf.org; Fri, 26 Jan 2007 13:31:16 -0500
Received: from bay0-omc1-s3.bay0.hotmail.com ([65.54.246.75]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HAVqz-0008Vo-AQ for tls@ietf.org; Fri, 26 Jan 2007 13:31:16 -0500
Received: from hotmail.com ([65.55.131.23]) by bay0-omc1-s3.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Fri, 26 Jan 2007 10:31:12 -0800
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 26 Jan 2007 10:31:12 -0800
Message-ID: <BAY126-DAV13022F18D3D11A47D3994292A20@phx.gbl>
Received: from 75.212.179.47 by BAY126-DAV13.phx.gbl with DAV; Fri, 26 Jan 2007 18:31:07 +0000
X-Originating-IP: [75.212.179.47]
X-Originating-Email: [home_pw@msn.com]
X-Sender: home_pw@msn.com
From: home_pw@msn.com
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Subject: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
Date: Fri, 26 Jan 2007 10:31:07 -0800
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="response"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail desktop 8.0.1223
X-MimeOLE: Produced By Microsoft MimeOLE V8.0.1223
X-OriginalArrivalTime: 26 Jan 2007 18:31:12.0288 (UTC) FILETIME=[27CB8A00:01C74178]
X-Spam-Score: 0.2 (/)
X-Scan-Signature: b5d20af10c334b36874c0264b10f59f1
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

I don't see any choice. TLS Evidence has to become a work 
item. This is not to say I support the particular technical 
approach: but the initiative is appropriate, addressing with 
technical means both data retention (corporate wiretapping 
obligations) and the way in which regulated ESIGN sites are 
applying https and SSL in practice.

----- Original Message -----
From: <home_pw@msn.com>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: "Omirjan Batyrbaev" <batyr@sympatico.ca>; <tls@ietf.org>
Sent: Thursday, January 11, 2007 12:49 PM
Subject: Re: [TLS] Please discuss: 
draft-housley-evidence-extns-00<

>> In any event, your analysis and conclusions are wrong.


I've been following up the claim. Specifically, the claim 
that its all wrong (the implication being its peter 
bullshit...) And the facts are more interesting that I first 
thought - mostly because of some new features of IE7 (and 
vista).

I've (re)found two https sites that require custom 
https-plugins or custom https browsers. Each have 
(ESIGN-citing) site policies that assert that the 
plugin/custom-app is the "secure signing device" required by 
ESIGN. One uses a MSN Money plugin to web-browser (or the 
MSN Money application), and the other example used a 
scripted quicktime plugin. Both, plugins interacted with 
(regulated) financial sites, where specific policies were 
disclosed concerning "writings".

Of course, the whole thrust of ESIGN was to define that 
records (such as electronic signature (including the digital 
variety)) can constitute "writings" - despite the 17th 
Century laws being phrased in old-fashioned media terms 
(paper, pens, handwriting, etc). The (legal) nature of any 
writing, ESIGN variants included, continues to demand that 
they must be reduced to tangible form; that requirement does 
not go away, for electronic records/signatures.

In the case of SSL-based signatures, from custom https 
plugins (with their assured trust models and CAs etc), that 
form has to be the server-side audit trail itself - the 
packets, the TCP fragments, the SSL ciphertext, its 
cleartext handshakes, or the http data within. TLS Evidence 
is on the right track, as are other means of exploiting the 
SSL handshake to preserve (and optionally secure) the 
"recordation" act.

One of the cuter features of the modern IE7 browser, and 
vista OS, concerns its support for handling the trusted 
path. One notes from sites that exploit Microsoft own 
CardSpace (federation) layer 5/6/7 identity technology that 
certain critical security operations can now CONTROL the UI: 
presumably to ensure the trust path policy control is in 
effect.

On non-vista reference monitors, IE7 also provides a lower 
assurance version of the same path property. It allows 
HTML/javascript to control the webpage UI, specially. Here, 
something that looks like a "Popup" can be visualized by the 
browser engine instance, whose own rendering backgrounds the 
main page post its page-level rendering. This 
"backgrounding" prevents one from interacting with the 
details material (in any normal sense). Upon clicking the 
http(s) button link in the only party of the page that is 
not-backgrounded, end-user control is resumed - allowing one 
to interact with the page. This all represent a nice "secure 
signing device" in its own right, contrasting with earlier 
generations of plugin-based soft-signing devices. Whether 
the control release the UI based on the response from the 
server or not (e.g. a signed xml msg, or a new https 
sessionid value with a receipt-mac within), is a matter for 
further investigation.

Of course, "secure signing" device is a legal convention, 
not a technical security claim; it is that which merely 
satisfies the legal definitions in ESIGN. It embodies what 
lawyers require when addressing the obligation to ascertain 
the intent of the parties and their consumer consent, when 
using electronic signatures in important transactions 
requiring "writing protocols".

I don't see any choice. TLS Evidence has to become a work 
item. This is not to say I support the particular technical 
approach: but the initiative is appropriate, addressing with 
technical means both data retention (corporate wiretapping 
obligations) and the way in which regulated ESIGN sites are 
applying https and SSL in practice. 


_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email