Re: [TLS] chairs - please shutdown wiretapping discussion...
Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 11 July 2017 19:41 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A73512EC29 for <tls@ietfa.amsl.com>; Tue, 11 Jul 2017 12:41:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Level:
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fx_lVQdSvJeu for <tls@ietfa.amsl.com>; Tue, 11 Jul 2017 12:41:00 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DA7112EC0B for <tls@ietf.org>; Tue, 11 Jul 2017 12:41:00 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 1225FBE38; Tue, 11 Jul 2017 20:40:59 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zhd8Wt8VvcdP; Tue, 11 Jul 2017 20:40:57 +0100 (IST)
Received: from [10.244.2.100] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id B6737BE2F; Tue, 11 Jul 2017 20:40:57 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1499802057; bh=gB7Bw7PVDvO29XzO370DVexwSQBv+bUAt2TRHf7zBVE=; h=Subject:To:References:From:Date:In-Reply-To:From; b=HmjtqybD2rviksyasweoIlROVoxSZbpcLqVvYTuLKrIexySYiEPU3tAq6zk6YG+xa 7uMpU7QwyLB4sDrdOeCuJbqhs0zC/4nvAZ6FvIfpgKKOsaXz2bjtcsveZxjmZYM1w1 O/m1mTJUdoa6xUFaOKypOE0JnnLJWo5tI/wi3dfs=
To: Christian Huitema <huitema@huitema.net>, tls@ietf.org
References: <E9640B43-B3AD-48D7-910D-F284030B5466@nist.gov> <CY4PR14MB13688370E0544C9B84BB52A3D7A90@CY4PR14MB1368.namprd14.prod.outlook.com> <9693fc25-6444-e066-94aa-47094700f188@cs.tcd.ie> <CY4PR14MB1368BA01881DD9495FE86DF0D7A90@CY4PR14MB1368.namprd14.prod.outlook.com> <d806a69c-af30-c963-a361-91075332a61b@cs.tcd.ie> <F87D7646-DC53-4EF8-A2D8-D0939A0FB351@vigilsec.com> <b9001044-83d7-805c-2a49-c2780401bbf8@cs.tcd.ie> <C4125902-CA3A-4EA8-989B-8B1CE41598FB@fugue.com> <0c87999c-9d84-9eac-c2c4-0f1fc8a70bdb@cs.tcd.ie> <6DA3E09E-5523-4EB2-88F0-2C4429114805@fugue.com> <fa6e64a2-b1c8-9c55-799b-b687b830a246@huitema.net>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <26848de4-ce08-8ebd-bd67-ed3af3417166@cs.tcd.ie>
Date: Tue, 11 Jul 2017 20:40:57 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <fa6e64a2-b1c8-9c55-799b-b687b830a246@huitema.net>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="L77iVtv85SjDtxD4BAFmiOfgnSN2xTbdg"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/DJXy0epnEpZZotUCgsGX0f2YC9U>
Subject: Re: [TLS] chairs - please shutdown wiretapping discussion...
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jul 2017 19:41:02 -0000
On 11/07/17 20:11, Christian Huitema wrote: > > For various reasons, some implementations may be tempted to use static > (EC) DH private key. Using such keys lowers the security guarantees of > TLS 1.3. Adversaries that get access to the static (EC) DH private key > can now get access to the content of the communication. Adversaries that > acquire the key in real-time can compromise the confidentiality of the > conversation. Adversaries that acquire the key later can use it to > access the content of recorded sessions, thus breaking the forward > secrecy promise of the protocol. TLS 1.3 clients should detect the use > of static (EC)DH keys by corresponding servers, and should treat servers > using such keys as compromised. Clients can perform this detection by > comparing keys proposed by servers at different time, or by cooperating > with other clients to compare the keys proposed to them by servers. I generally like the idea of such text but I'm not at all sure client detection is really feasible in the general case. It'd seem possible for a server to hold a rather long list of re-used static DH values and unlikely for normal clients to detect those. And it also seems like an arms race too, e.g. if a special zmap-like survey was used to detect this kind of bad crypto. Still worth testing for no doubt, (it'd make for a nice academic publication) but I'm not sure detection could be sufficiently probable that we could make the statement above. Speaking of text changes though, if this wiretapping scheme were to be adopted in any sense, there would be a load of tweaks to text in tls1.3 needed as a result - starting with the abstract to -21 for example as we could no longer say that TLS is "designed to prevent eavesdropping" without a highly embarrassing qualifier. (Hence my request to not have this discussion until after DTLS1.3 is done - and chairs if you're reading this please do reconsider.) Sigh, S.
- [TLS] chairs - please shutdown wiretapping discus… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Yaron Sheffer
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Paul Turner
- Re: [TLS] chairs - please shutdown wiretapping di… Tony Arcieri
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Tony Arcieri
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Yoav Nir
- Re: [TLS] chairs - please shutdown wiretapping di… Russ Housley
- Re: [TLS] chairs - please shutdown wiretapping di… Tony Arcieri
- Re: [TLS] chairs - please shutdown wiretapping di… Eric Mill
- Re: [TLS] chairs - please shutdown wiretapping di… Colm MacCárthaigh
- Re: [TLS] chairs - please shutdown wiretapping di… Dan Brown
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Sean Turner
- Re: [TLS] chairs - please shutdown wiretapping di… Polk, Tim (Fed)
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Nikos Mavrogiannopoulos
- Re: [TLS] chairs - please shutdown wiretapping di… Ackermann, Michael
- Re: [TLS] chairs - please shutdown wiretapping di… Colm MacCárthaigh
- Re: [TLS] chairs - please shutdown wiretapping di… Sean Turner
- Re: [TLS] chairs - please shutdown wiretapping di… Yoav Nir
- Re: [TLS] chairs - please shutdown wiretapping di… Nico Williams
- Re: [TLS] chairs - please shutdown wiretapping di… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Nico Williams
- Re: [TLS] chairs - please shutdown wiretapping di… Watson Ladd
- Re: [TLS] chairs - please shutdown wiretapping di… Ackermann, Michael
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Ackermann, Michael
- Re: [TLS] chairs - please shutdown wiretapping di… Sean Turner
- Re: [TLS] chairs - please shutdown wiretapping di… Russ Housley
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Russ Housley
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Russ Housley
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Eric Mill
- Re: [TLS] chairs - please shutdown wiretapping di… Jeffrey Walton
- Re: [TLS] chairs - please shutdown wiretapping di… Watson Ladd
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Ackermann, Michael
- Re: [TLS] chairs - please shutdown wiretapping di… Michael StJohns
- Re: [TLS] chairs - please shutdown wiretapping di… Christian Huitema
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Christian Huitema
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] chairs - please shutdown wiretapping di… Yoav Nir
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Yoav Nir
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Nico Williams
- Re: [TLS] chairs - please shutdown wiretapping di… Bill Frantz
- Re: [TLS] chairs - please shutdown wiretapping di… Timothy Jackson
- Re: [TLS] chairs - please shutdown wiretapping di… Kyle Rose
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Kyle Rose
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Richard Barnes
- Re: [TLS] chairs - please shutdown wiretapping di… Kyle Rose
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Kyle Rose
- Re: [TLS] chairs - please shutdown wiretapping di… Ilari Liusvaara
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Kyle Rose
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Kyle Rose
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Kathleen Moriarty
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell