Re: [TLS] Read-only vs. read-write proxies
Yaron Sheffer <yaronf.ietf@gmail.com> Wed, 03 August 2011 16:52 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 007A521F8B50 for <tls@ietfa.amsl.com>; Wed, 3 Aug 2011 09:52:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.417
X-Spam-Level:
X-Spam-Status: No, score=-103.417 tagged_above=-999 required=5 tests=[AWL=0.182, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AV++S6uaSDWS for <tls@ietfa.amsl.com>; Wed, 3 Aug 2011 09:52:29 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by ietfa.amsl.com (Postfix) with ESMTP id 024D321F8B37 for <tls@ietf.org>; Wed, 3 Aug 2011 09:52:28 -0700 (PDT)
Received: by wyj26 with SMTP id 26so797637wyj.31 for <tls@ietf.org>; Wed, 03 Aug 2011 09:52:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=z+pAWt5UscpMjgmDU4fQNL8CGk8+0Re5dWglN8DxzrE=; b=jHgmE/2jle7jLFx1JtuESWF3/xnq9wW4wcRfAtlGjB1jOaWok4dXBfPBBHMJ5lMSgn PS+bDZBIwxPchth7DRRBKyqcCWNbuDkL2C87df1voi4NdExHcQWhVKr6JsyH96QPgqWC st2dEgl42jQnIiEUjH9dclz/bu/TAeECb7Ds4=
Received: by 10.227.174.142 with SMTP id t14mr2363858wbz.59.1312390360119; Wed, 03 Aug 2011 09:52:40 -0700 (PDT)
Received: from [10.0.0.6] (93-173-6-225.bb.netvision.net.il [93.173.6.225]) by mx.google.com with ESMTPS id gb1sm817233wbb.54.2011.08.03.09.52.38 (version=SSLv3 cipher=OTHER); Wed, 03 Aug 2011 09:52:39 -0700 (PDT)
Message-ID: <4E397CD4.5030004@gmail.com>
Date: Wed, 03 Aug 2011 19:52:36 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:5.0) Gecko/20110627 Thunderbird/5.0
MIME-Version: 1.0
To: Marsh Ray <marsh@extendedsubset.com>
References: <4E38E69D.3000608@gmail.com> <4E396B8D.7090101@extendedsubset.com>
In-Reply-To: <4E396B8D.7090101@extendedsubset.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] Read-only vs. read-write proxies
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2011 16:52:30 -0000
This is true, but we would like to move forward, possibly towards a
future where mutual authentication is widely used. Either at the TLS
level (similar to TLS-PSK and TLS-SRP), or at the HTTP or app level, as
in the http-auth discussions. The first option would break with a RW
proxy, but would work fine with a RO proxy. The second option would
survive either one without being completely pwned - you don't get the
credentials even if you get the date of the next anti-government
demonstration. Then the question becomes: you trust this proxy to
protect you from getting/sending malware. But do you also trust it to
perform operations on your bank account?
Thanks,
Yaron
On 08/03/2011 06:38 PM, Marsh Ray wrote:
> On 08/03/2011 01:11 AM, Yaron Sheffer wrote:
>>
>> I have not been convinced by David's explanation of the need for R/W
>> proxies, nor by Yoav's use case. A malware detection proxy can drop
>> the connection precisely at the time malware is detected [...] What
>> are the reasons proxies need to modify the stream?
>
> But isn't this distinction between RO and RW interception the kind of
> thing only a transport layer crypto engineer could consider meaningful?
>
> I mean, look at how authentication is handled on the web: form-submit
> passwords and secret session cookies. If the MitM in practice learns all
> the plaintext credentials of the end user, of what consolation is it to
> say that he couldn't actually modify some particular byte stream?
> "Other than that, Mrs. Lincoln, how did you like the play?"
>
> In Tunisia, for example,
> the attacker modified the web page only just enough to capture the
> credentials. His goal was to read the data in transit and the script
> injection was simply a means to that end.
> http://www.cpj.org/internet/2011/01/tunisia-invades-censors-facebook-other-accounts.php
>
>
> Perhaps there are protocols where it makes a meaningful difference, but
> for most stuff riding on TLS I'd wager that 3rd party decryption
> violates such fundamental assumptions that the overall system is
> effectively "pwned".
>
> - Marsh
- [TLS] Read-only vs. read-write proxies Yaron Sheffer
- Re: [TLS] Read-only vs. read-write proxies Marsh Ray
- Re: [TLS] Read-only vs. read-write proxies Yaron Sheffer