IETF Logo Mail Archive

Re: [TLS] datacenter TLS decryption as a three-party protocol

Ted Lemon <mellon@fugue.com> Wed, 19 July 2017 17:55 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 522E0131B87 for <tls@ietfa.amsl.com>; Wed, 19 Jul 2017 10:55:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Ulk6zb35a41 for <tls@ietfa.amsl.com>; Wed, 19 Jul 2017 10:55:56 -0700 (PDT)
Received: from mail-pg0-x234.google.com (mail-pg0-x234.google.com [IPv6:2607:f8b0:400e:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E90D8131B76 for <tls@ietf.org>; Wed, 19 Jul 2017 10:55:55 -0700 (PDT)
Received: by mail-pg0-x234.google.com with SMTP id 125so3320775pgi.3 for <tls@ietf.org>; Wed, 19 Jul 2017 10:55:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=BKitumoi0t6e2VR6RCnmMfSYvYiSx78OxEdsHPwFTws=; b=yX6XHCFBzmT7gCCAdQfQ8J2R+WGEs9nlz0ncF7GZBvFG9KYamYN7A1WROAP5ZlQlgs xtc1ByicqZrB3z/ApPYz1HKriP8nfCkz815Cz43Pn/olxUOUhhk+WdmCkv3MYufRp/Qe I364cCKaFQuBCPL0SzVN33PDQHPHYYlK6o34hGqwMRENKh0lxfbjE978v3Udfwy5guCp NoC34Xvlq3s1wWcfVpsmF7y0a/zgRi2dFYx53Pbyl1KpG10vAyL1Vd1Yv7X5+WFV5w3I JQlrwHTpEr39y+LFZAuZIVml8VHO+4W8/AERu0Q4UYTwqRNrwhio9KITIKSHa+aY41kh AIZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=BKitumoi0t6e2VR6RCnmMfSYvYiSx78OxEdsHPwFTws=; b=MjWZfOgJsvots4kyRrhu/eqTUFmpVMMzGe6jJ2hjvnOfRf1zeAIMZT3YOg6DPRPnfy p1XuMaZZESuTNjSd9rMUz/h0WedFumSDyIXkGRPJOs9imIbJMftWN5s8Ujy/fKujFOOI Yvu/mQB1DYuhmyuFM9PidDJ7T9lnBKrovZOsDkxSspjYSIU4BMfQJmFAeGACH1eJZB2w OFg5YNt6CH8f9gkLjHDXEWHcmh8qj4YEyvaLS/orMujS4LhTRrXCKRvCT4wAgKbYJTkF V/VUG+4G3PW6dJS1n4UcSOJ/OVnpkWGjxdjoza4UKXuBciCutf2xjZ4TY7lTNgVep1gf tZIg==
X-Gm-Message-State: AIVw110C3cS98cT1Wj4KZHe7UBd8SYYZgRxKPj0z8ADspsqkZa1pzE8d mHQLWQEoQWpSBkzP1opUmy+8lLWZssPw
X-Received: by 10.98.18.69 with SMTP id a66mr925163pfj.33.1500486955540; Wed, 19 Jul 2017 10:55:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.181.42 with HTTP; Wed, 19 Jul 2017 10:55:15 -0700 (PDT)
In-Reply-To: <CAAF6GDcCnf=O64bnVQXnNHXQAQGY3h5RSjDD0sEE=R1ruEzGcA@mail.gmail.com>
References: <81de2a21-610e-c2b3-d3ff-2fc598170369@akamai.com> <87796a4e-e958-7119-d91a-b564db2cef39@cs.tcd.ie> <3f9e5ccf-2d5f-5182-5b76-ae24f8e7ecb5@akamai.com> <94ba928f-a6e3-5b10-7bd5-94c22deb5827@cs.tcd.ie> <CAPt1N1kDjeWSXucZJmxNr9rpVOh=hZoXknWn+HzL7sOYTXc4mQ@mail.gmail.com> <CAAF6GDcCnf=O64bnVQXnNHXQAQGY3h5RSjDD0sEE=R1ruEzGcA@mail.gmail.com>
From: Ted Lemon <mellon@fugue.com>
Date: Wed, 19 Jul 2017 19:55:15 +0200
Message-ID: <CAPt1N1=XDBEh4meKLpnZRugEuq4E6HGHUagCpOpEaKM6L819Ug@mail.gmail.com>
To: Colm MacCárthaigh <colm@allcosts.net>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a1145b83af9b7080554af5770"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/FbqIbiYoj5sEhhawXrVaPU2Zd80>
Subject: Re: [TLS] datacenter TLS decryption as a three-party protocol
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jul 2017 17:55:57 -0000

Sorry, the more I think about how to do this in a way that doesn't make
things worse, the less faith I have that it is possible.   But if you know
of a way to do it, I certainly don't oppose you doing it.   I'm not an
expert: the fact that I don't see how to do it doesn't mean it can't be
done.

On Wed, Jul 19, 2017 at 7:45 PM, Colm MacCárthaigh <colm@allcosts.net>
wrote:

>
>
> On Wed, Jul 19, 2017 at 10:38 AM, Ted Lemon <mellon@fugue.com> wrote:
>
>> The problem is that the actual solution to this problem is to accept that
>> you aren't going to be able to decrypt the streams, and then figure out
>> what to do instead.   Which is work the proponents of not doing that are
>> not interested in doing, understandably, and which is also not the work of
>> this working group.
>>
>> I'm skeptical that there is a way for this working group to solve the
>> proposed problem, but if there is, it involves figuring out a way to do
>> this that doesn't make it easy to MiTM *my* connections, or, say, those
>> of activists in dangerous places.
>>
>
> I find this a very bizarre outcome that works against our collective
> goals. If there is no mechanism at all, then it is quite likely that
> organizations will use static-DH or stay on TLS1.2. Those are bad options,
> in my opinion, because there's no signaling or opt-in to the client. We can
> do much better than that.  Client opt-ins are far from academic. For
> example, browser's incognito modes may refuse to support such sessions, if
> they knew what was going on.
>
> It's also bad if organizations end up deploying static-DH and that means
> we can't do things like checking for changing DH parameters.
>
> It seems like we would be rejecting a good opportunity to make what the
> network operators want work in a better and more secure way, while making
> it harder for passive observers and coercive authorities, to use the same
> mechanism for other purposes. What do we gain? beyond a hollow moral
> victory.
>
> --
> Colm
>

v2.23.0 | Report a Bug | By Email