Re: [TLS] draft-green-tls-static-dh-in-tls13-01

Watson Ladd <watsonbladd@gmail.com> Sat, 08 July 2017 01:39 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A3B512EC26 for <tls@ietfa.amsl.com>; Fri, 7 Jul 2017 18:39:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BLsDuIYi-Iin for <tls@ietfa.amsl.com>; Fri, 7 Jul 2017 18:39:43 -0700 (PDT)
Received: from mail-pg0-x22b.google.com (mail-pg0-x22b.google.com [IPv6:2607:f8b0:400e:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4703112EB27 for <tls@ietf.org>; Fri, 7 Jul 2017 18:39:43 -0700 (PDT)
Received: by mail-pg0-x22b.google.com with SMTP id k14so24703289pgr.0 for <tls@ietf.org>; Fri, 07 Jul 2017 18:39:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ix6YxyOCOqE5RNnT7143Cds8VMI4dwTNo4ynb6V8hmI=; b=Rmiz0kkG2bzYz1MQyV0FqTgZqDM1n51HXIJC/UyFbrt7f2Y8MMCu9La58MAdjZnd/Q 4OAQzHDx33ijpVWWaW84Fuwlxk1lSYrnPG55Cbh/oG4bhL1PhVky8XrXw7uEauiySzzl bL2lcU4MOSihuXRnBzLhIpWe6Ur1OiuKtqKPCTlCX1CKebiAUQXS6PYioGo8x/K0ns3N F5Fb0c/odHm2Ink/gB6RnglCaN8Mt0qpJ48nMO0nrlImaWU3j6ZYoZZgDMBt4TB95rBx 11mqc2r7hN+nwE5Itnp0RXMD9KF/DFgcNGZ6GE/4UWqYyEWm1T3/2Gmjy5AVKQNue3U4 ghaQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ix6YxyOCOqE5RNnT7143Cds8VMI4dwTNo4ynb6V8hmI=; b=tz+CvdT2H9jM2Ggel3JhJ31jEhXDBJmB356ecu3DUAKoL4QprHyzO6jENM1W9FXuTB JgJzJK5hmPms9eo2WhVgkj2K52W0plXLwL/LJs561NF5ts/HfCEfn3mU4G9GRQ5UtODg J6wNHV9FsYVFKrD/iUZ9s5AtUFeJfdYMuQSK1raVquD2HHi1GA1xHJGtmfSpCL/dlLqd NEKehpgWKkZLm6n9db/kkKiyo2+7bt6L795ika2GUbTI4ZbNGFnuhOqrFrMHlPNinxn3 WIyQs+eBPqiGPfIyxUHOpjX7XGoT/CWXq3AyJuwYAcXedp9fbxSxfKrXvyDX0XLrTIRj q+PQ==
X-Gm-Message-State: AIVw1129kfz08M9MoOeAXzq0Trm7DgpJ9YkeK5wMae86Hg8Eew/4eduG v546HHdZYFGtQcLWzWZ+V+xKGtJrNYEr
X-Received: by 10.84.229.79 with SMTP id d15mr6175062pln.4.1499477982863; Fri, 07 Jul 2017 18:39:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.187.77 with HTTP; Fri, 7 Jul 2017 18:39:42 -0700 (PDT)
In-Reply-To: <4f733022-dabb-53a2-2eb7-425134c137f8@huitema.net>
References: <CAPCANN-xgf3auqy+pFfL6VO5GpEsCCHYkROAwiB1u=8a4yj+Fg@mail.gmail.com> <CAL02cgRJeauV9NQ2OrGK1ocQtg-M2tbWm2+5HUc4-Wc8KC3vxQ@mail.gmail.com> <71E07F32-230F-447C-B85B-9B3B4146D386@vigilsec.com> <39bad3e9-2e17-30f6-48a7-a035d449dce7@cs.tcd.ie> <CAJU8_nXBFkpncFDy4QFnd6hFpC7oOZn-F1-EuBC2vk3Y6QKq3A@mail.gmail.com> <f0554055-cdd3-a78c-8ab1-e84f9b624fda@cs.tcd.ie> <A0BEC2E3-8CF5-433D-BA77-E8474A2C922A@vigilsec.com> <658a6b50-54a7-600a-2f6a-480daf2321dc@cs.tcd.ie> <F830F0DA-F3F1-4A61-8B42-100D31E6F831@vigilsec.com> <1ebb85c3-842e-36f6-ccd5-da7074342118@cs.tcd.ie> <E639C60A-D90C-46C2-9A18-5D02D6EBD9E4@vigilsec.com> <d16833ed-3b6b-3685-e109-1673f69c67a5@cs.tcd.ie> <5CF364CB-96E1-4103-9C83-81187897F5F3@vigilsec.com> <4f733022-dabb-53a2-2eb7-425134c137f8@huitema.net>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Fri, 7 Jul 2017 18:39:42 -0700
Message-ID: <CACsn0ck8P0Dn3L_tmVmmAez=xo0hmFxQEqkfqw+O7ZzcHpwtTw@mail.gmail.com>
To: Christian Huitema <huitema@huitema.net>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Fk088IMWV0l1eJhlY2y42qNs4tY>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Jul 2017 01:39:45 -0000

On Fri, Jul 7, 2017 at 6:10 PM, Christian Huitema <huitema@huitema.net>; wrote:
>
>
> On 7/7/2017 2:54 PM, Russ Housley wrote:
>> Stephen:
>> ...
>>> And also: I'm sorry to have to say it, but I consider that
>>> attempted weasel wording around the clear intent of 2804. The
>>> clear and real effect if your wiretapping proposal were standardised
>>> by the IETF would be that we'd be standardising ways in which
>>> TLS servers can be compelled into breaking TLS - it'd be a standard
>>> wiretapping API that'd be insisted upon in many places and would
>>> mean significantly degrading TLS (only *the* most important
>>> security protocol we maintain) and the community's perception
>>> of the IETF. It's all a shockingly bad idea.
>> I clearly disagree.  Otherwise, I would not have put any work into the draft.
> Russ,
>
> What are the specific mechanisms that would allow this technique to be
> used where you
> intend it, i.e. within a data center, and not where Stephen fears it
> would be, i.e., on
> the broad Internet? For example, what mechanism could a client use to
> guarantee
> that this sort of "static DH" intercept could NOT be used against them?

The server can send the plaintext to whomever it likes.

This is the solution enterprises can use today. Nothing can stop that
from happening. So I don't see why static DH is a) so essentially
necessary and b) so controversial.

>From a technical point I prefer using DH shares derived from
ServerRandom as this avoids certain bugs I've been known to exploit
from time to time.

>
> --
> Christian Huitema
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls



-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.