IETF Logo Mail Archive

Re: [TLS] datacenter TLS decryption as a three-party protocol

Roland Zink <roland@zinks.de> Wed, 19 July 2017 21:34 UTC

Return-Path: <roland@zinks.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A509C126E64 for <tls@ietfa.amsl.com>; Wed, 19 Jul 2017 14:34:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=zinks.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xm3mPykuKXzp for <tls@ietfa.amsl.com>; Wed, 19 Jul 2017 14:34:13 -0700 (PDT)
Received: from mo6-p00-ob.smtp.rzone.de (mo6-p00-ob.smtp.rzone.de [IPv6:2a01:238:20a:202:5300::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 108CC129AF3 for <tls@ietf.org>; Wed, 19 Jul 2017 14:34:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1500500051; l=2265; s=domk; d=zinks.de; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version: Date:From:References:To:Subject; bh=p4JgP9h11oQ0KJKq/cQl05WdSc/lad6LedYUpduSFS0=; b=EsofS0COE0T6nlQmJ6yM9sfDEBWokQBnASIqUaEa+tSPN734DhoYcSatl4rJ5iTXx9 KIfZsRc26GUQgcxpreI5Y8JxJSBocrqQFoYWpUs9ypMXnQ0wuTkmhftB7ctkfffUagyr xePSmlyFYsDRu3DTLOwTBOwvUCFoK67MBMCVA=
X-RZG-AUTH: :PmMIdE6sW+WWP9q/oR3Lt+I+9KAK33vRJaCwLQNJWWlmkPDB+7nwYIvSX1sH
X-RZG-CLASS-ID: mo00
Received: from [10.10.10.91] (p508A6EE0.dip0.t-ipconnect.de [80.138.110.224]) by smtp.strato.de (RZmta 41.1 DYNA|AUTH) with ESMTPSA id v047b6t6JLYB5zC (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp521r1 with 521 ECDH bits, eq. 15360 bits RSA)) (Client did not present a certificate) for <tls@ietf.org>; Wed, 19 Jul 2017 23:34:11 +0200 (CEST)
To: tls@ietf.org
References: <20170719203204.5B2451A6CB@ld9781.wdf.sap.corp>
From: Roland Zink <roland@zinks.de>
Message-ID: <e265c5b8-3048-1014-3b68-10ec3bc555e6@zinks.de>
Date: Wed, 19 Jul 2017 23:34:12 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <20170719203204.5B2451A6CB@ld9781.wdf.sap.corp>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/DfgiNCYNMp5A9wo5v8dDHYBeRYo>
Subject: Re: [TLS] datacenter TLS decryption as a three-party protocol
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jul 2017 21:34:16 -0000


Am 19.07.2017 um 22:32 schrieb Martin Rex:
> Martin Rex wrote:
>> There were a few issues with F5 loadbalancers (that were just forwarding
>> traffic, _not_ acting as reverse proxy) related to a borked F5 option called
>> "FastL4forward", which occasionally caused the F5 box to truncate TCP streams
>> (the box received&ACKed 5 MByte of TCP data towards the TLS Server, but
>> forwarded only 74 KBytes to the client before closing the connection with
>> a TCP FIN towards the TLS client.
>>
>> And once I saw another strange TCP-level data corruption caused by
>> some Riverbed WAN accellerator.
> I forgot to mention how I analyzed the breakage created by the middleboxes:
>
> network capture (tcpdump) with a IP-address capture filter for a dedicated
> client machine was *perfectly* sufficient to determine the TCP-level breakage.
>
> For the F5 cockup, we used a concurrent tcpdump capture on the box in both
> directions, again with IP-address capture filter, in order to prove to the
> vendor that his box is corrupting/truncating the TCP stream between
> TLS client and TLS server.
>
In many companies the app is from one vendor and the loadbalancer from 
another one. Both vendors are telling you the other is causing the 
problem. Then you will have some fun to turn on undocumented app level 
tracing. However the proposed solution will have the same problem when 
the app doesn't support it.

One question to the company proponents, would you allow the end / home 
users the same capabilities? E.g. some equipment at home/cellular  is 
phoning back to the vendor. The owner of the equipment can't see what is 
transferred and need to trust the vendor, so should end users get the 
keys? It can be a similar problem, e.g. the app doesn't work as expected 
and the vendor says this must be the home / cellular network. How to 
proof that it is the app fault and not the home network?

Regards,
Roland

P.S. Be careful as I think preparing for wiretapping and having tools 
for it may already bring you behind bars in Germany, although I think 
this law wasn't used so far.


> -Martin
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email