Re: [TLS] draft-green-tls-static-dh-in-tls13-01

Ilari Liusvaara <ilariliusvaara@welho.com> Sat, 15 July 2017 08:55 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 132131317A9 for <tls@ietfa.amsl.com>; Sat, 15 Jul 2017 01:55:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LRF6WmqguyvI for <tls@ietfa.amsl.com>; Sat, 15 Jul 2017 01:55:49 -0700 (PDT)
Received: from welho-filter3.welho.com (welho-filter3.welho.com [83.102.41.25]) by ietfa.amsl.com (Postfix) with ESMTP id DA7CF13145A for <tls@ietf.org>; Sat, 15 Jul 2017 01:55:48 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter3.welho.com (Postfix) with ESMTP id 2D93324BF4; Sat, 15 Jul 2017 11:55:47 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter3.welho.com [::ffff:83.102.41.25]) (amavisd-new, port 10024) with ESMTP id kn9fmVOiemVQ; Sat, 15 Jul 2017 11:55:46 +0300 (EEST)
Received: from LK-Perkele-VII (87-92-19-27.bb.dnainternet.fi [87.92.19.27]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id ABAEFC4; Sat, 15 Jul 2017 11:55:44 +0300 (EEST)
Date: Sat, 15 Jul 2017 11:55:44 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: "Dobbins, Roland" <rdobbins@arbor.net>
Cc: IETF TLS <tls@ietf.org>
Message-ID: <20170715085544.y3hozzzpqzrfacd7@LK-Perkele-VII>
References: <CAPCANN-xgf3auqy+pFfL6VO5GpEsCCHYkROAwiB1u=8a4yj+Fg@mail.gmail.com> <CAL02cgRJeauV9NQ2OrGK1ocQtg-M2tbWm2+5HUc4-Wc8KC3vxQ@mail.gmail.com> <71E07F32-230F-447C-B85B-9B3B4146D386@vigilsec.com> <39bad3e9-2e17-30f6-48a7-a035d449dce7@cs.tcd.ie> <CAJU8_nXBFkpncFDy4QFnd6hFpC7oOZn-F1-EuBC2vk3Y6QKq3A@mail.gmail.com> <f0554055-cdd3-a78c-8ab1-e84f9b624fda@cs.tcd.ie> <A0BEC2E3-8CF5-433D-BA77-E8474A2C922A@vigilsec.com> <87k23arzac.fsf@fifthhorseman.net> <C4968C13-3229-43C2-B29B-EC9C01D76D06@arbor.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <C4968C13-3229-43C2-B29B-EC9C01D76D06@arbor.net>
User-Agent: NeoMutt/20170609 (1.8.3)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/BKiY3q6NzrVnEELWIlb20JWDsAk>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Jul 2017 08:55:51 -0000

On Sat, Jul 15, 2017 at 07:48:25AM +0000, Dobbins, Roland wrote:
> 
> 
> > On Jul 15, 2017, at 13:26, Daniel Kahn Gillmor <dkg@fifthhorseman.net>; wrote:
> > 
> > (b) we know that network capture is widely used adversarially by the
> >     kinds of attackers that TLS is explicitly intended to defend
> >     against?
> 
> Because we know that network capture is an absolute, unquestionable
> requirement in order to defeat adversaries who are both prevalent
> & who can actually be defeated. 

s/we know/I believe/

You seem to think that more data is better. Except collecting more data
will drive up background. And if you have high background, even common
events will just blend in and be missed completely, or are detected
with very poor efficiency.

Have big enough backgrounds, and one can have estimated over one
million events of certain interesting kind in one year, _while_ taking
data, but not able to be reasonbly sure that even a single event of the
kind occured. And that's while people specifically looking for events
of that kind.

OTOH, with small backgrounds, even very small amount of events will
really stand out. With really small backgrounds, even _one_ event
will stand out.

> There's no talk of 'privileging' anything. The talk is about not
> arbitrarily depriving network administrators & security personnel of
> the tools & techniques they've been using for many years and with
> great success to troubleshoot & defend their networks, applications,
> services, & data. 

You mean using security problems, that are exploited for bad ends too,
in past versions of TLS? E.g. using various problems in session tickets
and RSA key exchange?

Oh, and like any backdoor, this backdoor too has variety of security
problems. And your adversaries would absolutely love to be able to
exploit _you_ using these problems, as that would make their lives much
easier.


-Ilari