IETF Logo Mail Archive

[TLS]Re: Trust Anchor Negotiation Surveillance Concerns and Risks

Devon O'Brien <asymmetric@google.com> Sun, 21 July 2024 22:43 UTC

Return-Path: <asymmetric@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27C01C14F69E for <tls@ietfa.amsl.com>; Sun, 21 Jul 2024 15:43:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -22.609
X-Spam-Level:
X-Spam-Status: No, score=-22.609 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5r8s9A5kiRJa for <tls@ietfa.amsl.com>; Sun, 21 Jul 2024 15:43:13 -0700 (PDT)
Received: from mail-qt1-x82e.google.com (mail-qt1-x82e.google.com [IPv6:2607:f8b0:4864:20::82e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A24C4C14F695 for <tls@ietf.org>; Sun, 21 Jul 2024 15:43:13 -0700 (PDT)
Received: by mail-qt1-x82e.google.com with SMTP id d75a77b69052e-447df43324fso662351cf.1 for <tls@ietf.org>; Sun, 21 Jul 2024 15:43:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1721601792; x=1722206592; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=jld0bNHSCNzzwvZDZqEEHIoO7XZPLtHHqi8xVXPwHL0=; b=TO8d2ziWMQEVQPnLM+zR1Y1wTsykOIYEGOusfBtJfRImn0G0P7trAjzbxliUXNKspM xoF7JEXdaMy3fXBshpZqdJ6VvrCrBiw9EJn2taa46K7yTW+naRj8XzoEGu0FvA/8l+gL XveDLWPaNhurEit+aEhjBC87mF/p9XST5FpGRCTpETyiJQEqy5d05TR5idjVOLk5RS3Y 8zikVetl0ekix7uDcj8pAJn1SVHk+CQ9jN98hrcnXp2CzN1wWjOVKKgaJOOXwpnVFnOm n8DGf7sTFzMp/6Hxbha79sCx33UidrvAV3k7oP1/nQJzowT/EqdFdSgqnox9U/XDkKsN nqRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721601792; x=1722206592; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=jld0bNHSCNzzwvZDZqEEHIoO7XZPLtHHqi8xVXPwHL0=; b=TfRdLuViEWz+Bvuzmr6RxiyP/2XHm0AdlHH1lSFldUbsM6JqXCeLVpdJzgHcD6G11m ynZsT/bFREFB/xgYlv5izeq13p2uVzF6UnS0KLMBdobzaV2qEpYonesEcaKec3qbJaKE i1rS1VASpj/VkL0xyl6CFLjhKrI5ML3SUY/abJ5dDr7GBgNBzyY+hind9o9qP92i2RnZ TleqAIr/wO0/JxtbFl7TeApQaH44Eja8eejEWCA9kEdfbY27QWhNJ5d4p2eGqIP/40+d T3mlq2K+MAYCpHJqOWm3bt+kYUqkyAr1Y+0apifHSOBJmkr7HU50Gd12jzK2hcQZIpRA FbsQ==
X-Gm-Message-State: AOJu0YzMI8dqmJvv5ciIQGPh2kGiEUhRZ4Uk++x6DUMMd5Rg0wTn41kW mNAROsy4IkUAG+3Jo74lYexgIuxyTjQSoHBaa4pVIOVXe0fH0nOJisu0k4qrI8DijuCbiHB7KEv 2QsKfx9GIpMoATOEJ9l4f9dtAEQo5qAmQ4VnkFH/mGrKbXhwhGtjbTR8L9w==
X-Google-Smtp-Source: AGHT+IHv9JXweb1ngHegIY50Gj+9BgPI8bj6VcXFsN9NmYOBrz5DlG7s7+UQ5ZM8Ytov/Bu61Ha7qHU3btsMMIraAMg=
X-Received: by 2002:a05:622a:145:b0:447:f21e:4d5b with SMTP id d75a77b69052e-44fa7da333dmr3078801cf.18.1721601792375; Sun, 21 Jul 2024 15:43:12 -0700 (PDT)
MIME-Version: 1.0
References: <CAD2nvsT4qWqudiv1C1wZn6rB4_s-9EDENq5TXEbxr_ygcMFjDQ@mail.gmail.com> <CAChr6Sw+gxK3dO29F9bsLTQReJz6LzT2hZb5O7LAXmKzQbKTSw@mail.gmail.com> <CACf5n7_29CNXLf+SmpKKOWkc_3Oi2BZqZ8irU+z=3btJns_1-Q@mail.gmail.com> <CAChr6SxJ3r88a4Aehv_5fsSWb1JApV6Lg4hfwdm0Oh5x04_shQ@mail.gmail.com> <479BA457-9001-4EBC-A84F-9E3EB71E809F@akamai.com> <CACsn0cmhsh-zeJOaa7xy_2crxgvhAF=nK9FqWxxf1dB2SMhMyQ@mail.gmail.com> <Zpu0reBpH3dtFYdf@LK-Perkele-VII2.locald>
In-Reply-To: <Zpu0reBpH3dtFYdf@LK-Perkele-VII2.locald>
From: Devon O'Brien <asymmetric@google.com>
Date: Sun, 21 Jul 2024 15:43:00 -0700
Message-ID: <CAD2nvsRoqzrq+28M=9uB-y+O3iQ8d5Q9M81P8v2ee-LN2oCW1A@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Content-Type: multipart/alternative; boundary="00000000000047f8e1061dc9a7aa"
Message-ID-Hash: IE5WDPQTXXYQLL3OSXPCOQ3CTSVFITDK
X-Message-ID-Hash: IE5WDPQTXXYQLL3OSXPCOQ3CTSVFITDK
X-MailFrom: asymmetric@google.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: Trust Anchor Negotiation Surveillance Concerns and Risks
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Ebmk0ksF-0q2ZL5VgLz_riSgp1k>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

> Yes, if one drops usecases that are valuable to simplify stuff, later
> adding mechanism for those usecases ends up more complex than if one
> had just gone with the originally more complex solution.
>
> And it might be worse than just supporting both: The features could
> interact in bad ways. For example of bad interaction, certificate
> compression versus certificate extensions.
>
> But on the other side there is excessive complexity from trying to solve
> too much (e.g, certificate policies). Or worse, complexity that does not
> serve any actual purpose (e.g., differing representations of IDNs in
> email certificates).
>

This is indeed the exact motivation behind us proposing solutions to
address the broader use case of trust anchor negotiation in TLS.


The primary purpose of trust anchor negotiation is the same as the broader
TLS parameter negotiation problem: allowing client and server to agree on a
mutually-satisfiable decision when configurations differ, but overlap.
Additionally, in a world in which trust anchor negotiation exists, there is
the possibility of improving upon existing TLS PKI pain points exacerbated
by its absence.


There are existing solutions that address a subset of these pain points.
Combining these together risks increasing complexity beyond a single more
complex solution and introduces possible undefined behavior, unexpected
failure modes, etc.


There are also solutions that are theoretically capable of solving the
broader problem, but with barriers to viable deployment (such as
certificate_authorities).


I am deeply sensitive to the pitfall of adding extensibility for
extensibility's sake and feel that the complexity of TE and TAI are a
result of different tradeoffs, of which the WG may prefer one over the
other. As David Benjamin noted, TE pushed complexity away from TLS clients
and servers and towards root programs and CAs, which are both fewer, and
have a well-formed existing relationship. TAI, on the other hand, is able
to be more simply specified at the cost of adding additional dependencies,
such as maintaining fresh and accurate DNS records.


On the whole, we hope the WG will review both proposals and let us know
which set of tradeoffs we collectively prefer so that we can standardize
and deploy a viable negotiation mechanism.


-Devon

v2.37.1 | Report a Bug | By Email | System Status