RE: [TLS] Please discuss: draft-housley-evidence-extns-00
"Mark Brown" <mark@redphonesecurity.com> Wed, 20 December 2006 22:29 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gx9vu-0004xC-6T; Wed, 20 Dec 2006 17:29:06 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gx9vt-0004wx-5n for tls@ietf.org; Wed, 20 Dec 2006 17:29:05 -0500
Received: from cenn.mc.mpls.visi.com ([208.42.156.9]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gx9vr-0003Ls-Tm for tls@ietf.org; Wed, 20 Dec 2006 17:29:05 -0500
Received: from rpud1 (v-209-98-144-171.mn.visi.com [209.98.144.171]) by cenn.mc.mpls.visi.com (Postfix) with ESMTP id 38F9881FE; Wed, 20 Dec 2006 16:29:01 -0600 (CST)
From: Mark Brown <mark@redphonesecurity.com>
To: martin.rex@sap.com, tls@ietf.org
Subject: RE: [TLS] Please discuss: draft-housley-evidence-extns-00
Date: Wed, 20 Dec 2006 16:30:26 -0600
Message-ID: <00d101c72486$72b4fd30$6801a8c0@rps.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <200612201846.TAA20793@uw1048.wdf.sap.corp>
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
Thread-Index: AcckZzYG9LKA/0cYQA+vriqhAaoNAQACJpvA
X-Spam-Score: 1.1 (+)
X-Scan-Signature: 3e15cc4fdc61d7bce84032741d11c8e5
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Martin, I see some misunderstandings: 1) Application data is fully opaque to TLS Evidence. This is a fundamental principle we both agree on. a) Application data is so opaque to TLS Evidence that it could just as well be encrypted when hashed by TLS Evidence, and the resulting digital signatures would serve users as I've proposed. Although the digital signatures would work fine, most users would want to know what the cleartext app data was too, so draft -01 currently hashes cleartext app data. a) TLS Evidence doesn't know or care if the application data contains a button clicked event, be it recorded as "OK", or "0" or "0xff3456ab" or "button 0x200". It never looks inside at app data, it just hashes & signs. c) Making sense of the app data, handshake messages and digital signatures is a forensic task, not something TLS Evidence implementations worry about. This forensic work will be done some time after the transaction occurred, not inside the crypto protocol as the transaction occurs. I hope to make forensics easier simply by laying out a clear record of what bits actually got sent by whom. TLS Evidence has no idea "what it all means" but designers can configure TLS Evidence systems so that the record is reasonably clear (they likely won't get it perfect, and that's a limit that TLS Evidence accepts). The kind of design work I propose for users of TLS Evidence is analogous to writing intelligent debugging trace outputs -- the intelligence here is to make the record clear so if the software unexpectedly goes belly up, you can put together a good guess as to what happened. I believe that people will benefit from having the option/ability to "turn trace on" for their important transactions. Both parties MUST agree first, as the ID makes clear at a number of points. But that's what I think TLS Evidence should do, a lot like setting up Ethereal for a TLS session and creating two digital signatures over the tracefile. Sure, I hold the opinion that people can employ TLS Authorizations so the tracefile is more useful -- might even help show intent. But TLS Evidence doesn't propose any magic/legal tricks. 2) TLS Evidence is incompatible with the "Click-through" aspect of click-wrap licenses, but it's not incompatible with existing laws. TLS Evidence requires client authentication, which doesn't just mean some PKC but a PKC that the server knows (i.e. can authenticate). You have to install the right PKC first. You can't just use any PKC you have on hand and expect to get in to some server that's demanding client authentication. Even if it did, and your TLS client accidentally authenticated to the server(?!?), you will still need to configure "turn trace on" and choose acceptable crypto before evidence happens. TLS Evidence gives you two out-of-band ways to confirm "Are you sure? Are you really sure?" This is the opposite of a casual in-band click wrap. I hope that puts us on the same page. --mark _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Please discuss: draft-housley-evidence-extn… Eric Rescorla
- Re: [TLS] Please discuss: draft-housley-evidence-… Eric Rescorla
- RE: [TLS] Please discuss: draft-housley-evidence-… Ari Medvinsky
- Re: [TLS] Please discuss: draft-housley-evidence-… Eric Rescorla
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- RE: [TLS] Please discuss: draft-housley-evidence-… Peter Williams
- RE: [TLS] Please discuss: draft-housley-evidence-… Peter Williams
- RE: [TLS] Please discuss: draft-housley-evidence-… Peter Williams
- RE: [TLS] Please discuss: draft-housley-evidence-… Stefan Santesson
- RE: [TLS] Please discuss: draft-housley-evidence-… Peter Williams
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Peter Williams
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Eric Rescorla
- RE: [TLS] Please discuss: draft-housley-evidence-… Stefan Santesson
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Eric Rescorla
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… Eric Rescorla
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Kyle Hamilton
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Stefan Santesson
- Re: [TLS] Please discuss: draft-housley-evidence-… Kyle Hamilton
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Omirjan Batyrbaev
- Re: [TLS] Please discuss: draft-housley-evidence-… Eric Rescorla
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Eric Rescorla
- RE: [TLS] Please discuss: draft-housley-evidence-… Kemp, David P.
- RE: [TLS] Please discuss: draft-housley-evidence-… Russ Housley
- Re: [TLS] Please discuss: draft-housley-evidence-… Eric Rescorla
- RE: [TLS] Please discuss: draft-housley-evidence-… Kemp, David P.
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… Russ Housley
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… Omirjan Batyrbaev
- RE: [TLS] Please discuss: draft-housley-evidence-… Stefan Santesson
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Stefan Santesson
- Re: [TLS] Please discuss: draft-housley-evidence-… Omirjan Batyrbaev
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… home_pw
- Re: [TLS] Please discuss: draft-housley-evidence-… Steven M. Bellovin
- Re: [TLS] Please discuss: draft-housley-evidence-… Peter Gutmann
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Kemp, David P.
- RE: [TLS] Please discuss: draft-housley-evidence-… Stefan Santesson
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… Omirjan Batyrbaev
- RE: [TLS] Please discuss: draft-housley-evidence-… Stefan Santesson
- Re: [TLS] Please discuss: draft-housley-evidence-… Steven M. Bellovin
- Re: [TLS] Please discuss: draft-housley-evidence-… home_pw
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… home_pw
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… Peter Gutmann
- Re: [TLS] Please discuss: draft-housley-evidence-… Omirjan Batyrbaev
- Re: [TLS] Please discuss: draft-housley-evidence-… home_pw
- RE: [TLS] Please discuss: draft-housley-evidence-… Kemp, David P.
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Stefan Santesson
- Re: [TLS] Please discuss: draft-housley-evidence-… home_pw
- Re: [TLS] Please discuss: draft-housley-evidence-… Steven M. Bellovin
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… home_pw
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Stefan Santesson
- Re: [TLS] Please discuss: draft-housley-evidence-… home_pw
- Re: [TLS] Please discuss: draft-housley-evidence-… Mike
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Eric Rescorla
- RE: [TLS] Please discuss: draft-housley-evidence-… Stefan Santesson
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… Eric Rescorla
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex