Re: [TLS] Four concerns (was Re: draft-rhrd-tls-tls13-visibility at IETF101)

Russ Housley <housley@vigilsec.com> Wed, 14 March 2018 19:28 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B1ED126DEE for <tls@ietfa.amsl.com>; Wed, 14 Mar 2018 12:28:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UAEKcMZ4DqKh for <tls@ietfa.amsl.com>; Wed, 14 Mar 2018 12:28:41 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B467124BE8 for <tls@ietf.org>; Wed, 14 Mar 2018 12:28:41 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 60BC83005B6 for <tls@ietf.org>; Wed, 14 Mar 2018 15:28:39 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id JYC5pFN55Vpg for <tls@ietf.org>; Wed, 14 Mar 2018 15:28:38 -0400 (EDT)
Received: from [172.20.6.66] (unknown [5.148.123.140]) by mail.smeinc.net (Postfix) with ESMTPSA id 0E5E13005AB; Wed, 14 Mar 2018 15:28:37 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <99D1D595-F5FA-439B-A7EF-882F82EF587E@akamai.com>
Date: Wed, 14 Mar 2018 15:28:39 -0400
Cc: IETF TLS <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <5003F8E0-E520-44FD-8CB2-D9075843A16D@vigilsec.com>
References: <CABkgnnUiQsCtQ+u_-yAg90FkLOM96PunqoeyeOP-9AvJhpdtPw@mail.gmail.com> <99D1D595-F5FA-439B-A7EF-882F82EF587E@akamai.com>
To: Rich Salz <rsalz@akamai.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Kos8Kq_0ivzBT6ISL4KwJ-BYSr0>
Subject: Re: [TLS] Four concerns (was Re: draft-rhrd-tls-tls13-visibility at IETF101)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Mar 2018 19:28:45 -0000

> On Mar 14, 2018, at 9:42 AM, Salz, Rich <rsalz@akamai.com>; wrote:
> 
> 
>>   So aside from enabling MitM, this also enables session resumption by
>    the decryption service, something that the security considerations
>    neglects to include in its list.
> 
> So I think this is an important point.  I assume the authors did not realize this. That shows how hard, and risky, it is to get this right.  In the US, we have been having arguments where the national police force (FBI) is insisting that tech companies can create a "golden key" that only they can use, and the security people are saying it is impossible.  This seems like another instance, no?
> 
> Oh heck, let me ask the uncomfortable question:  Russ, did you know this or was Martin's point new to you?

I think my reply to Martin already sows that I missed the point about resumption.  I was trying to send the smallest amount of data, I should have made sure the things needed for resumption were not included.

Russ