Re: [TLS] NULL cipher to become a MUST NOT in UTA BCP

"Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu> Tue, 02 September 2014 23:26 UTC

Return-Path: <prvs=4322b3d09f=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 892D41A88FF for <tls@ietfa.amsl.com>; Tue, 2 Sep 2014 16:26:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.867
X-Spam-Level:
X-Spam-Status: No, score=-4.867 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.668, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JWgBGZj2YiCg for <tls@ietfa.amsl.com>; Tue, 2 Sep 2014 16:26:34 -0700 (PDT)
Received: from mx2.ll.mit.edu (MX2.LL.MIT.EDU [129.55.12.46]) by ietfa.amsl.com (Postfix) with ESMTP id A97C11A88F8 for <tls@ietf.org>; Tue, 2 Sep 2014 16:26:34 -0700 (PDT)
Received: from LLE2K10-HUB02.mitll.ad.local (LLE2K10-HUB02.mitll.ad.local) by mx2.ll.mit.edu (unknown) with ESMTP id s82NQXij022011; Tue, 2 Sep 2014 19:26:33 -0400
From: "Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu>
To: "'holz@net.in.tum.de'" <holz@net.in.tum.de>, "'tls@ietf.org'" <tls@ietf.org>
Thread-Topic: [TLS] NULL cipher to become a MUST NOT in UTA BCP
Thread-Index: AQHPxfjrFyzs0NTAq0uDUGuetkiK35vt9W44gABPIQCAACLtAIAAHKCA///6m5s=
Date: Tue, 02 Sep 2014 23:26:33 +0000
Message-ID: <65D2FD736B6B2B48B2EAD2BD189DC9CC20CE23@LLE2K10-MBX01.mitll.ad.local>
In-Reply-To: <54061E6F.6040204@net.in.tum.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [155.34.14.22]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.12.52, 1.0.27, 0.0.0000 definitions=2014-09-03_01:2014-09-02,2014-09-02,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1409020243
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/KNv56l8_H__2H1QNlVjC_j-q5Hw
Subject: Re: [TLS] NULL cipher to become a MUST NOT in UTA BCP
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Sep 2014 23:26:36 -0000

Yes I really do know such organizations. You can call it "first hand experience".

Why not "MiTM" - aka "cracked SSL"? My personal take: I prefer my security guarantees - whatever they are - to be end-to-end. Especially integrity/authenticity. And interrupting the flow at the gateway breaks this. There could be other reasons, which I may not know or think of (not working closely with IT). (Also, I hope you didn't miss the "not allowed" part.)

I add that I violently disagree with Paul L., and insist that while NULL ciphers should not be enabled by default - they "must not" be "MUST NOT"-ed.

--
Regards,
Uri Blumenthal                            Voice: (781) 981-1638
Cyber Systems and Technology   Fax:   (781) 981-0186
MIT Lincoln Laboratory                Cell:  (339) 223-5363
244 Wood Street, Lexington, MA 02420-9185       

Web:  http://www.ll.mit.edu/CST/
MIT LL Root CA:  <https://www.ll.mit.edu/labcertificateauthority.html>

----- Original Message -----
From: Ralph Holz [mailto:holz@net.in.tum.de]
Sent: Tuesday, September 02, 2014 03:45 PM
To: tls@ietf.org <tls@ietf.org>
Subject: Re: [TLS] NULL cipher to become a MUST NOT in UTA BCP

Hi,

>> What could TLS integrity-only protection buy you in that
>> environment?
> 
> Traffic visibility for those who are responsible for monitoring, and
> integrity protection who want tamper detection but don't require (or
> aren't allowed to have) confidentiality.

Is this a real use case? I.e., do you really know
companies/organisations that do this?

> My personal opinion is that VPN should be built upon IPsec, not TLS.
> Unfortunately, the market does not seem to agree. I see (in my
> environment) the need to (sometimes) run a VPN across the corporate
> boundary. One implication is - IT on both sides want to examine the
> traffic, at the same time ensuring nothing is injected into the
> stream.

Why can't they simply monitor on the two gateways?

Or are you suggesting a setup where an organisation fowards internal
traffic via a tunnel, only integrity-protected? Why that?

> I am all for IPsec. Unfortunately, most of the VPNs we're dealing
> with now are TLS-based (and my dislike cannot alter this fact).

I'd disagree with that, but that's another topic. :)

Ralph

-- 
Ralph Holz
I8 - Network Architectures and Services
Technische Universität München
http://www.net.in.tum.de/de/mitarbeiter/holz/
Phone +49.89.289.18043
PGP: A805 D19C E23E 6BBB E0C4  86DC 520E 0C83 69B0 03EF

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls