IETF Logo Mail Archive

Re: [TLS] datacenter TLS decryption as a three-party protocol

Andrei Popov <Andrei.Popov@microsoft.com> Thu, 20 July 2017 06:40 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB5D5127866 for <tls@ietfa.amsl.com>; Wed, 19 Jul 2017 23:40:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HM9QMXgKgmE4 for <tls@ietfa.amsl.com>; Wed, 19 Jul 2017 23:40:24 -0700 (PDT)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0109.outbound.protection.outlook.com [104.47.38.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25C32124217 for <tls@ietf.org>; Wed, 19 Jul 2017 23:40:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=bbG902/PtoVLSHTIvkCrZB/OSX1jl0waNFE9t0I8d60=; b=UuxQcswA2km6Zy7vjVKsHIki7dpq/JC3B9Dk+Nxyhe2O5VEFUqaxikvEcLMw6NmqeZMYPCSSPXaSVwMynYe711VTP9JkMGOAosmuJpn2Guf4JvhivEsTg0GQqWXiz17Qap+oRqkLWZQfaTnAC4OlOvVY6JjV8y+VUDiV379RUkM=
Received: from DM2PR21MB0091.namprd21.prod.outlook.com (10.161.141.14) by DM2PR21MB0108.namprd21.prod.outlook.com (10.161.141.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1304.7; Thu, 20 Jul 2017 06:40:22 +0000
Received: from DM2PR21MB0091.namprd21.prod.outlook.com ([fe80::c8c3:4f7d:e655:1fb2]) by DM2PR21MB0091.namprd21.prod.outlook.com ([fe80::c8c3:4f7d:e655:1fb2%13]) with mapi id 15.01.1304.007; Thu, 20 Jul 2017 06:40:21 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Colm MacCárthaigh <colm@allcosts.net>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
CC: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] datacenter TLS decryption as a three-party protocol
Thread-Index: AQHTAJBeA74CtGrHzkK8oKin6MaiBqJbXOSAgAAClACAAAm5AIAAAWoAgAAB0ICAAFVOAIAABBqAgAB+TgA=
Date: Thu, 20 Jul 2017 06:40:21 +0000
Message-ID: <DM2PR21MB00915FC926FEE6F64324E62D8CA70@DM2PR21MB0091.namprd21.prod.outlook.com>
References: <81de2a21-610e-c2b3-d3ff-2fc598170369@akamai.com> <87796a4e-e958-7119-d91a-b564db2cef39@cs.tcd.ie> <3f9e5ccf-2d5f-5182-5b76-ae24f8e7ecb5@akamai.com> <94ba928f-a6e3-5b10-7bd5-94c22deb5827@cs.tcd.ie> <CAPt1N1kDjeWSXucZJmxNr9rpVOh=hZoXknWn+HzL7sOYTXc4mQ@mail.gmail.com> <CAAF6GDcCnf=O64bnVQXnNHXQAQGY3h5RSjDD0sEE=R1ruEzGcA@mail.gmail.com> <cec29b2f-0bac-0758-569d-d341ee81b842@cs.tcd.ie> <CAAF6GDfyTsn9uqxBhFiw0gUo76xtTCS8jhvKruGyFpFRoB=zOw@mail.gmail.com>
In-Reply-To: <CAAF6GDfyTsn9uqxBhFiw0gUo76xtTCS8jhvKruGyFpFRoB=zOw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: allcosts.net; dkim=none (message not signed) header.d=none; allcosts.net; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [2001:67c:1232:184:f5ce:6e9b:d5c1:2697]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM2PR21MB0108; 7:uB/1i2+6uKHDC2I4g1zhSfcPufvBgf1U25NwyJw6xM5C3iMmWntZ4ejWfKkLgRiQEqlqNqAyrTxKOH5KezNI4SCE7kGEm8xljUB1Vsk9oILbg5VCBPdjVV4/CYdgA47v2niVJtPEMMSqHKU1/Dym7Ze8TRdcu1omKpxlx6z1ryVjJGdXhzJp5nF4z1GuDG3yWPzcfe8WGKZVxPXMxAOfYycIYw5cjgOad3G5SrKDAwbSAz43LMm7SaXUddlvh1yQW6JHPVMcR5jUFaKUTP+wu1bJXvQhw5L7eeyQuS0SPF+6uiBo79i4H+yRDtFSp06sT9BlG3sdSPn1z5NlEWpyHg2yRc2SWvSfcT5zcFqBq0CvGgxMrivsgt1259sgo1qYPzMPOSmz1u1FXMY2QWq3oOnxxcl0Bb9DptLUUl5q3hFqw7Se7cCZMvs1bPGEB553PIECiPmy49koZJC8L4OwbPYDDpvBWuiM+nkCKpXufDacxM7r6eSKuUBSORNSyZzvMlUstdwl3murv0gWN1I1NAxf1pqKbcr36B9vg3KsZe0e8jd61z4VeCAFd1sudFH36Rr72Bg6dPeNvPOZoTMz78+SHadmqAv5saRPqsu8SICLar7zkbOjT9bpupDy0oTPeHQ/K6scOQb5HW+so2wiipfbHDQieiIFUNEoxU+VBXd3kBqF2Zuom6wVfRI31e5xA9k3mrBEkm34RKMvnasIoyMY9SwteE+06GEBvpGJ1jEMq9ek6aofoEzLGYCr8rHSdoS7gjvbRxifH0zM+VuI9jeqqFUUhkQiWdqWGnBpSa5ex75mbg+bY1w0DP5b7MgA
x-ms-office365-filtering-correlation-id: 0a0c8425-f621-4c44-0194-08d4cf3a31fb
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(48565401081)(2017052603031)(201703131423075)(201703031133081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DM2PR21MB0108;
x-ms-traffictypediagnostic: DM2PR21MB0108:
x-exchange-antispam-report-test: UriScan:(151999592597050)(278178393323532)(32856632585715)(133145235818549)(26388249023172)(236129657087228)(192374486261705)(148574349560750)(21748063052155);
x-microsoft-antispam-prvs: <DM2PR21MB010800DA76EC07E3D634280F8CA70@DM2PR21MB0108.namprd21.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(61425038)(6040450)(601004)(2401047)(2017060910075)(5005006)(8121501046)(3002001)(93006095)(93001095)(100000703101)(100105400095)(10201501046)(6055026)(61426038)(61427038)(6041248)(20161123564025)(20161123558100)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123562025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM2PR21MB0108; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM2PR21MB0108;
x-forefront-prvs: 0374433C81
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(39400400002)(39410400002)(39450400003)(39840400002)(39850400002)(24454002)(377454003)(7696004)(5250100002)(4326008)(81166006)(6116002)(790700001)(6506006)(102836003)(86362001)(72206003)(5660300001)(54356999)(76176999)(478600001)(2906002)(53546010)(2950100002)(8676002)(14454004)(25786009)(7736002)(93886004)(10290500003)(53936002)(50986999)(2900100001)(6246003)(74316002)(38730400002)(229853002)(6436002)(189998001)(5005710100001)(55016002)(6306002)(54896002)(236005)(99286003)(9686003)(10090500001)(9326002)(3660700001)(33656002)(3280700002)(8936002)(19609705001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR21MB0108; H:DM2PR21MB0091.namprd21.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM2PR21MB00915FC926FEE6F64324E62D8CA70DM2PR21MB0091namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jul 2017 06:40:21.7950 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR21MB0108
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Ar5na2_WZP4S8HoLh0tlhhDBzaE>
Subject: Re: [TLS] datacenter TLS decryption as a three-party protocol
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jul 2017 06:40:27 -0000

Hi Colm,


  *   Today browsers do turn on wiretapping support in the normal case. There's nothing they can do about it, and it works right now.

This is news to me; which browsers do this (so that I can avoid using them)?

Thanks,

Andrei

From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Colm MacCárthaigh
Sent: Thursday, July 20, 2017 1:05 AM
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: <tls@ietf.org> <tls@ietf.org>
Subject: Re: [TLS] datacenter TLS decryption as a three-party protocol


On Wed, Jul 19, 2017 at 3:50 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie<mailto:stephen.farrell@cs.tcd.ie>> wrote:
That is a perfect example of the hideous dangers of all of this.
The implication in the above is that browsers would/should turn
on wiretapping support in the normal case.

Today browsers do turn on wiretapping support in the normal case. There's nothing they can do about it, and it works right now.

If static-DH is permitted, and I don't mean if we release a document describing it, I mean if we don't forbid static DH parameters; this will also continue to be the case. My take: I think we should forbid static DH for this reason.

Next, if proxies are deployed as the mechanism, this will also continue to be the case. Again, nothing a browser can do, and I argue that real-world security is left much much worse for users too.

On the other hand, if we standardize a signaled, opt-in, mechanism; then browsers have more fine-grained options. I suspect that browsers would NOT support this by default, just as they don't accept private CAs by default. Instead the browser would have to configured per a corporate policy. But they could /also/ choose to disable incognito mode in such circumstances, to be more fair to end-users. It's an example of something that can't be done today at all.

Such a mode is likely fine for the corporate users and what they want, but is not so useful for intelligence agencies and so on, precisely because its signaled and a bit more transparent. In real world terms, I would regard it much /less/ likely to create the kind of MITM infrastructure that's useful for that case.

--
Colm

v2.23.0 | Report a Bug | By Email