Re: [TLS] security considerations for draft-rescorla-tls-subcerts
Benjamin Kaduk <bkaduk@akamai.com> Tue, 04 April 2017 23:02 UTC
Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66D971271DF for <tls@ietfa.amsl.com>; Tue, 4 Apr 2017 16:02:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id boG5x4vcsXaI for <tls@ietfa.amsl.com>; Tue, 4 Apr 2017 16:02:38 -0700 (PDT)
Received: from prod-mail-xrelay08.akamai.com (prod-mail-xrelay08.akamai.com [96.6.114.112]) by ietfa.amsl.com (Postfix) with ESMTP id BF030129421 for <tls@ietf.org>; Tue, 4 Apr 2017 16:02:36 -0700 (PDT)
Received: from prod-mail-xrelay08.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 2A849200017; Tue, 4 Apr 2017 23:02:36 +0000 (GMT)
Received: from prod-mail-relay09.akamai.com (prod-mail-relay09.akamai.com [172.27.22.68]) by prod-mail-xrelay08.akamai.com (Postfix) with ESMTP id 1433F200001; Tue, 4 Apr 2017 23:02:36 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1491346956; bh=BfbVUjXl/rCCrGq/t8LvHVcxN/UcgyECw5fLhvS2qvg=; l=7341; h=To:References:From:Date:In-Reply-To:From; b=JIq+P/2Gf87PnvBGPSKakDGT/JhyRaYha7e2pK4sZSnmezG281a8ojF5VJfI/tBp/ PqVnE3HFW60CfnzMnO5S94AJuJXqmnyBxKx6CBZw/0KPTO4BeuC8Es2ST3n1TPV0h3 PofYx9m0f0kECRXJOisF4uljbMT9xwdoOV22F43s=
Received: from [172.19.17.86] (bos-lpczi.kendall.corp.akamai.com [172.19.17.86]) by prod-mail-relay09.akamai.com (Postfix) with ESMTP id 9C34F1E08C; Tue, 4 Apr 2017 23:02:35 +0000 (GMT)
To: Subodh Iyengar <subodh@fb.com>, Brian Sniffen <bsniffen@akamai.com>, "tls@ietf.org" <tls@ietf.org>
References: <m27f362zxm.fsf@dhcp-89ad.meeting.ietf.org> <MWHPR15MB1455F0758BE196CAB4BDF8BDB6360@MWHPR15MB1455.namprd15.prod.outlook.com>
From: Benjamin Kaduk <bkaduk@akamai.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <c5799647-4568-4cbf-1708-52934a961f67@akamai.com>
Date: Tue, 04 Apr 2017 18:02:35 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <MWHPR15MB1455F0758BE196CAB4BDF8BDB6360@MWHPR15MB1455.namprd15.prod.outlook.com>
Content-Type: multipart/alternative; boundary="------------1ADC185C14B1BCF1609F48EA"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Hf8yGSB_yoE74Sl8omQz9hWzbts>
Subject: Re: [TLS] security considerations for draft-rescorla-tls-subcerts
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Apr 2017 23:02:40 -0000
On 04/01/2017 07:13 PM, Subodh Iyengar wrote: > Thanks for your question Brian. > > The motivation behind delegated credentials is to create a more > reasonable deployment model for short lived credentials. My apologies for being blunt, but that text reads like a solution in search of a problem. That is, what is expected to be achieved by having shorter-lived credentials? Is there a threat model for which having them brings security advantages, or are there operational concerns, or ... ? > [....] > This led us to think of whether we could deploy short lived > credentials with another approach. Once you can deploy short lived > credentials we found several use cases for these: > > * Removing private keys from currently trusted hosts and keeping them > in even more secure locations. In this way you could increase security > by moving keys from places they currently exist. > * You could make a security / performance by giving delegated > credentials to your less trusted locations where you could make the > tradeoff that if one of these is stolen it's valid only for a very > short period of time. > > I'm not too familiar with the cloud provider to service owner > trust model, but your idea of giving the cloud provider a delegated > credential instead of a longer lived certificate key sounds great. > > Delegated credentials bounds time, however if used with other > mechanisms you can make security protections even more robust. For > example you could give your cloud provider a delegated credential > bound to a certificate with a different origin. If you find that > something bad has happened you can stop routing traffic to that origin > as well. > These are also some useful analysis, but still leaves me wondering what the actual goal to be achieved is. Put another way, I assume that there is some attacker with some capabilities that will be stymied in some way by the deployment of delegated credentials, as compared to having real certificates/keys deployed to the machines that are going to get delegated credentials on them. But what benefit, and what are the attacker's capabilities? There is also an alternate world in which the TLS terminators should not have certificates/keys on them but it is okay to give them delegated credentials. Here, one benefit is clear: performance. But the attacker capabilities against which this is supposed to be useful/acceptable remain unclear. Can you share some more thoughts about which of these two pictures you have in mind, and what the attacker capabilities are in that scenario? Thanks, Ben
- [TLS] security considerations for draft-rescorla-… Brian Sniffen
- Re: [TLS] security considerations for draft-resco… Subodh Iyengar
- Re: [TLS] security considerations for draft-resco… Benjamin Kaduk
- Re: [TLS] security considerations for draft-resco… Simon Friedberger
- Re: [TLS] security considerations for draft-resco… Salz, Rich
- Re: [TLS] security considerations for draft-resco… Simon Friedberger
- Re: [TLS] security considerations for draft-resco… Subodh Iyengar
- Re: [TLS] security considerations for draft-resco… Benjamin Kaduk
- Re: [TLS] security considerations for draft-resco… Stephen Farrell
- Re: [TLS] security considerations for draft-resco… Subodh Iyengar
- Re: [TLS] security considerations for draft-resco… Simon Friedberger
- Re: [TLS] security considerations for draft-resco… Stephen Farrell
- Re: [TLS] security considerations for draft-resco… Watson Ladd