[TLS] draft-camwinget-tls-use-cases-05 fix/remove §2.2.1

Nick Lamb <njl@tlrmx.org> Wed, 24 July 2019 21:53 UTC

Return-Path: <njl@tlrmx.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DD10120141 for <tls@ietfa.amsl.com>; Wed, 24 Jul 2019 14:53:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=tlrmx.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h_mFpaXsGSP6 for <tls@ietfa.amsl.com>; Wed, 24 Jul 2019 14:53:46 -0700 (PDT)
Received: from chocolate.birch.relay.mailchannels.net (chocolate.birch.relay.mailchannels.net [23.83.209.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C831A1200CE for <tls@ietf.org>; Wed, 24 Jul 2019 14:53:45 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|njl@tlrmx.org
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 0B2166A1923 for <tls@ietf.org>; Wed, 24 Jul 2019 21:53:45 +0000 (UTC)
Received: from pdx1-sub0-mail-a70.g.dreamhost.com (100-96-83-224.trex.outbound.svc.cluster.local [100.96.83.224]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 8C0F66A1832 for <tls@ietf.org>; Wed, 24 Jul 2019 21:53:44 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|njl@tlrmx.org
Received: from pdx1-sub0-mail-a70.g.dreamhost.com ([TEMPUNAVAIL]. [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.3); Wed, 24 Jul 2019 21:53:44 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|njl@tlrmx.org
X-MailChannels-Auth-Id: dreamhost
X-Stretch-Robust: 6a2387b17eacd63b_1564005224823_3328596093
X-MC-Loop-Signature: 1564005224823:921360160
X-MC-Ingress-Time: 1564005224822
Received: from pdx1-sub0-mail-a70.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a70.g.dreamhost.com (Postfix) with ESMTP id 5426C8193D for <tls@ietf.org>; Wed, 24 Jul 2019 14:53:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=tlrmx.org; h=date:from:to :subject:message-id:mime-version:content-type :content-transfer-encoding; s=tlrmx.org; bh=vn0B35752Sf0pfXt5sPC tC32O5Y=; b=FD7UezdTEmJpkaZ9UtgZWyKKsa9pZve/pakXpVrp5CPks6FTLdXh mePA4/7yigufkL0M+qVH+CU5xwqaJ4zSxhBB6j6dnJkY44cEz36rhuGzFBuJAWGF po9i3e2YIh3K2lmr/mnpj9d1xJrTtFvoqe0KId1nNLm0OJ36wTyuZpQ=
Received: from totoro.tlrmx.org (115.89.2.81.in-addr.arpa [81.2.89.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: njl@tlrmx.org) by pdx1-sub0-mail-a70.g.dreamhost.com (Postfix) with ESMTPSA id AAE1181D1B for <tls@ietf.org>; Wed, 24 Jul 2019 14:53:38 -0700 (PDT)
Date: Wed, 24 Jul 2019 22:53:34 +0100
X-DH-BACKEND: pdx1-sub0-mail-a70
From: Nick Lamb <njl@tlrmx.org>
To: tls@ietf.org
Message-ID: <20190724225334.226e31ba@totoro.tlrmx.org>
X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-redhat-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/9Gy7ib1nXhB-3sKVBjalPFazDBA>
X-Mailman-Approved-At: Sat, 27 Jul 2019 06:15:28 -0700
Subject: [TLS] =?utf-8?q?draft-camwinget-tls-use-cases-05__fix/remove_?= =?utf-8?b?wqcyLjIuMQ==?=
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 21:53:48 -0000

Hi,

My impression from watching Tuesday's session is that this probably
can't end up as a Working Group document, but nevertheless people
seem to keep looking at it and so it's worth fixing errors.

Eric Rescorla touched on this I think briefly, but I want to be more
forthright:

Section 2.2.1 of the draft-camwinget-tls-use-cases-05 document says:

   In TLS 1.2, the ClientHello, ServerHello and Certificate messages are
   all sent in clear-text, however in TLS 1.3, the Certificate message
   is encrypted thereby hiding the server identity from any
   intermediary.

But the contents of Certificate are merely public data, an adversary
can arrange for a server under their control to present any
certificate of their choosing, thereby in fact hiding the server
identity from any intermediary under prior versions of TLS too.


If this document is to continue in any form, even as an individual
submission, it should be updated to either erase 2.2.1 altogether and
any "use cases" that rely on it, or make clear that this technique
couldn't actually work in TLS anyway and is mentioned only because
some products erroneously rely on it.

Nick.