Re: [TLS] Malware (was Re: draft-green-tls-static-dh-in-tls13-01)
Carl Mehner <c@cem.me> Mon, 17 July 2017 13:40 UTC
Return-Path: <c@cem.me>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FAEA131BC8 for <tls@ietfa.amsl.com>; Mon, 17 Jul 2017 06:40:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cem.me
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YHTgElS-JQlg for <tls@ietfa.amsl.com>; Mon, 17 Jul 2017 06:40:18 -0700 (PDT)
Received: from mail-ua0-x241.google.com (mail-ua0-x241.google.com [IPv6:2607:f8b0:400c:c08::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CCD1131B5D for <tls@ietf.org>; Mon, 17 Jul 2017 06:40:18 -0700 (PDT)
Received: by mail-ua0-x241.google.com with SMTP id z22so10069709uah.0 for <tls@ietf.org>; Mon, 17 Jul 2017 06:40:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cem.me; s=cem; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=+6N6X32+9t4ifuMMOpZsS1hEYe+PBcm+QBz4PIgNFkU=; b=M39nyEC2ChlGXehM81etLxbmQB4ch3zAf85Svs7qw5XUHjUNRGqx2PnIxUSq4LBBGz N1vgGRGi68N68g4G0w7x+LHjxMhmwL+ikoJ3JoJeLpCIIDk+ItNXBTxf2RxehXZff0JT 57QVLz6TvCGZlOCbMbDGAarREn8h+I2z0eBwY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=+6N6X32+9t4ifuMMOpZsS1hEYe+PBcm+QBz4PIgNFkU=; b=clkZaYHD2wUjENyP00bUNHJc9PQlkKQwepmRBeiW2rUTnNdM9tqoyuRZozv+wUnCjl 8VcAac/vDBzoy2Jv6QXWqdlJc3uqvh6RqmsfNdT+/SUqbeqxLnGrMaf32UmVXMK6IX09 eBxQJl5s/1HnvMKRLVym+a5ErpMzlYv1CXtjzHKUQpoVFbnob7BywO4y9DQoODn2IRg3 iz/Td4Dc+JGvcAc6oixX4GTpupmRlIKeREXcXH2JGodZPKVmiQoLFT5sxLuY+DHSxwOl zpd1OPToW/EBq6UygHOsnCrZ02b2N43/f499NBUiZHI5FbNbKsDKKeHnvKFgI+kvK1Rv RXhQ==
X-Gm-Message-State: AIVw112zqmTTPPHVwzl5K5XtHh836RqysdcIsYOMU1cRzvfcphQOukpu 401YDXGGn50EtUQjRLAG+ckASQZ434Ji
X-Received: by 10.176.24.80 with SMTP id j16mr13035227uag.120.1500298817311; Mon, 17 Jul 2017 06:40:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.159.37.174 with HTTP; Mon, 17 Jul 2017 06:40:16 -0700 (PDT)
X-Originating-IP: [172.8.175.41]
In-Reply-To: <CC3CE5F8-C8C2-4A70-829D-483E26D20733@arbor.net>
References: <CABkgnnU8ho7OZpeF=BfEZWYkt1=3ULjny8hcwvp3nnaCBtbbhQ@mail.gmail.com> <2A9492F7-B5C5-49E5-A663-8255C968978D@arbor.net> <CABkgnnX7w0+iH=uV7LRKnsVokVWpCrF1ZpTNhSXsnZaStJw2cQ@mail.gmail.com> <FDDB46BC-876C-49FC-9DAE-05C61BB5EFC9@vigilsec.com> <9C81BE7B-7C21-4504-B60D-96BA95C3D2FD@arbor.net> <CAEa9xj55jzch-v0mysbRSryNM0Y7Bdtevmrc3+FVxMO8EP5zWA@mail.gmail.com> <CC3CE5F8-C8C2-4A70-829D-483E26D20733@arbor.net>
From: Carl Mehner <c@cem.me>
Date: Mon, 17 Jul 2017 08:40:16 -0500
Message-ID: <CAEa9xj5eR6b_+CsSDArMWWr-u8hx5B81kDVEMEX8sgfUeMUS8g@mail.gmail.com>
To: "Dobbins, Roland" <rdobbins@arbor.net>
Cc: Russ Housley <housley@vigilsec.com>, IETF TLS <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/9_mwbf7lQifmq1fTk4i4_tmQ-lk>
Subject: Re: [TLS] Malware (was Re: draft-green-tls-static-dh-in-tls13-01)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jul 2017 13:40:19 -0000
On Mon, Jul 17, 2017 at 8:35 AM, Dobbins, Roland <rdobbins@arbor.net> wrote: >> On Jul 17, 2017, at 15:15, Carl Mehner <c@cem.me> wrote: >> beginning to encrypt traffic inside the TLS tunnel. > Yes, some (but by no means all) are - which means that in such cases, the > ability to look inside the TLS tunnel so as to be able to detect the > presence of an additional level of encryption as a possible indicator of > compromise is extremely important. Are you worried about malware encrypting traffic between nodes in an intranet communicating with servers on that intranet you control which would use this draft? that seems very unlikely. Why would malware use this draft? Malware would use either it's own server, or basic utilities provided by the system (i.e. wannacry's use of SMB).
- [TLS] Malware (was Re: draft-green-tls-static-dh-… Martin Thomson
- Re: [TLS] Malware (was Re: draft-green-tls-static… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Malware (was Re: draft-green-tls-static… Kathleen Moriarty
- Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
- Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
- Re: [TLS] Malware (was Re: draft-green-tls-static… Martin Thomson
- Re: [TLS] Malware (was Re: draft-green-tls-static… Dobbins, Roland
- Re: [TLS] Malware (was Re: draft-green-tls-static… Russ Housley
- Re: [TLS] Malware (was Re: draft-green-tls-static… Dobbins, Roland
- Re: [TLS] Malware (was Re: draft-green-tls-static… Carl Mehner
- Re: [TLS] Malware (was Re: draft-green-tls-static… Dobbins, Roland
- Re: [TLS] Malware (was Re: draft-green-tls-static… Carl Mehner
- Re: [TLS] Malware (was Re: draft-green-tls-static… Dobbins, Roland
- Re: [TLS] Malware (was Re: draft-green-tls-static… Carl Mehner
- Re: [TLS] Malware (was Re: draft-green-tls-static… Dobbins, Roland
- Re: [TLS] Malware (was Re: draft-green-tls-static… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Malware (was Re: draft-green-tls-static… Jeffrey Walton
- Re: [TLS] Malware (was Re: draft-green-tls-static… Carl Mehner
- Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
- Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
- Re: [TLS] Malware (was Re: draft-green-tls-static… Carl Mehner
- Re: [TLS] Malware (was Re: draft-green-tls-static… Simon Friedberger
- Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
- Re: [TLS] Malware (was Re: draft-green-tls-static… Watson Ladd
- Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
- Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
- Re: [TLS] Malware (was Re: draft-green-tls-static… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Malware (was Re: draft-green-tls-static… Dobbins, Roland
- Re: [TLS] Malware (was Re: draft-green-tls-static… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
- Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins