Re: [TLS] Industry Concerns about TLS 1.3

Bill Frantz <frantz@pwpconsult.com> Sat, 24 September 2016 01:30 UTC

Return-Path: <frantz@pwpconsult.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 822A912BF29 for <tls@ietfa.amsl.com>; Fri, 23 Sep 2016 18:30:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.589
X-Spam-Level:
X-Spam-Status: No, score=-2.589 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_BL=0.01, RCVD_IN_MSPIKE_L5=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B4ziAmsIKl42 for <tls@ietfa.amsl.com>; Fri, 23 Sep 2016 18:30:54 -0700 (PDT)
Received: from elasmtp-junco.atl.sa.earthlink.net (elasmtp-junco.atl.sa.earthlink.net [209.86.89.63]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C31A212BF15 for <tls@ietf.org>; Fri, 23 Sep 2016 18:30:54 -0700 (PDT)
Received: from [47.143.125.162] (helo=Williams-MacBook-Pro.local) by elasmtp-junco.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <frantz@pwpconsult.com>) id 1bnbnf-0004QH-BZ; Fri, 23 Sep 2016 21:30:43 -0400
Date: Fri, 23 Sep 2016 18:30:38 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: BITS Security <BITSSecurity@fsroundtable.org>
X-Priority: 3
In-Reply-To: <DM5PR11MB14191AABED7E43F904133787F4C80@DM5PR11MB1419.namprd11.prod.outlook.com>
Message-ID: <r470Ps-10116i-4C64C69C85D443BF91A20D2FDB8F48E9@Williams-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.4 (470)
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec7962191a97eb8fb34bcf82d2ce172cc8b8350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 47.143.125.162
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/9lXqTdL8B-JOVQhy9fBT0YcuMBw>
Cc: tls@ietf.org
Subject: Re: [TLS] Industry Concerns about TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Sep 2016 01:30:56 -0000

On 9/23/16 at 2:24 PM, BITSSecurity@fsroundtable.org (BITS 
Security) wrote:

>But general-purpose messaging services (and other collaboration 
>services) which don’t have an explicit man-in-the-middle (and 
>don’t permit server-side access to user plaintext and can’t 
>be observed by other means) can’t be used in supervised 
>environments. This rules out many cloud-hosted services today.

I see a train wreck coming and it looks like this:

The public internet, Google, Cloud services, Facebook, Twitter, 
etc. etc. move in the direction of improving security using 
things like PFS, because the idea of protecting human rights 
advocates in the parts of the world where people are routinely 
tortured sells well to the general public, people like me, and 
others on this list.

On the other hand, some major enterprises continue to depend on 
being able to break the security of their employees to monitor 
their networks in ways that the bad guys can easily use, as 
opposed to installing endpoint or gateway monitoring.

This train wreck results in fewer and fewer public internet 
services being available to users within these enterprises. 
Eventually, employees give up on the corporate network and start 
using their cell phones to communicate with customers, research 
investments etc., completely bypassing the regulatory required monitoring.

This scenario says it doesn't matter whether TLS 1.3 and 
successors allows RSA. If they have any PFS modes, these will be 
the only ones public internet servers will accept. If they are 
turned off in enterprise clients, they will not be able to 
connect without going through a gateway which turns them on.

My conclusion is that enterprises that depend on being able to 
decrypt traffic without involving the endpoints should start 
moving to systems that do involve the endpoints.

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | Ham radio contesting is a    | Periwinkle
(408)356-8506      | contact sport.               | 16345 
Englewood Ave
www.pwpconsult.com |  - Ken Widelitz K6LA / VY2TT | Los Gatos, 
CA 95032