IETF Logo Mail Archive

Re: [TLS] New Version Notification for draft-kampanakis-tls-scas-latest-00.txt (ICA Supression)

"Kampanakis, Panos" <kpanos@amazon.com> Sat, 26 February 2022 04:17 UTC

Return-Path: <prvs=049e0d181=kpanos@amazon.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1558F3A10E3 for <tls@ietfa.amsl.com>; Fri, 25 Feb 2022 20:17:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.708
X-Spam-Level:
X-Spam-Status: No, score=-7.708 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dakY0oUdZNba for <tls@ietfa.amsl.com>; Fri, 25 Feb 2022 20:17:55 -0800 (PST)
Received: from smtp-fw-33001.amazon.com (smtp-fw-33001.amazon.com [207.171.190.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21DE13A0443 for <tls@ietf.org>; Fri, 25 Feb 2022 20:17:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1645849076; x=1677385076; h=from:to:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version:subject; bh=CPcg8LO0MreXVDS40j6PP3bYc3KJDiQjtvmE8y7OqH4=; b=qdEfWuRJY139pBwXzc99VTfYLI14DLvQ5ixlHoVyMh9KEtapj3xp7k3m lmnLLNVpZkmq2TPkWYRszNqNWFpzSpB6XOBD7k95EXqztcwsl7mo2kleu UGXSIc9jCp4exdUT9FPgjv7lC7RRonSCDNWRBJIQ2tleGBFYPHeDJCe5+ 8=;
X-IronPort-AV: E=Sophos;i="5.90,138,1643673600"; d="scan'208";a="178518431"
Thread-Topic: [TLS] New Version Notification for draft-kampanakis-tls-scas-latest-00.txt (ICA Supression)
Received: from iad12-co-svc-p1-lb1-vlan2.amazon.com (HELO email-inbound-relay-iad-1e-0bfdb89e.us-east-1.amazon.com) ([10.43.8.2]) by smtp-border-fw-33001.sea14.amazon.com with ESMTP; 26 Feb 2022 04:17:39 +0000
Received: from EX13MTAUWB001.ant.amazon.com (iad12-ws-svc-p26-lb9-vlan3.iad.amazon.com [10.40.163.38]) by email-inbound-relay-iad-1e-0bfdb89e.us-east-1.amazon.com (Postfix) with ESMTPS id 0C999E0017; Sat, 26 Feb 2022 04:17:37 +0000 (UTC)
Received: from EX13D01ANC002.ant.amazon.com (10.43.157.162) by EX13MTAUWB001.ant.amazon.com (10.43.161.249) with Microsoft SMTP Server (TLS) id 15.0.1497.28; Sat, 26 Feb 2022 04:17:37 +0000
Received: from EX13D01ANC003.ant.amazon.com (10.43.157.68) by EX13D01ANC002.ant.amazon.com (10.43.157.162) with Microsoft SMTP Server (TLS) id 15.0.1497.28; Sat, 26 Feb 2022 04:17:30 +0000
Received: from EX13D01ANC003.ant.amazon.com ([10.43.157.68]) by EX13D01ANC003.ant.amazon.com ([10.43.157.68]) with mapi id 15.00.1497.028; Sat, 26 Feb 2022 04:17:30 +0000
From: "Kampanakis, Panos" <kpanos@amazon.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Index: AdghU4+EMFFuriJ+SLKnIIleOIJolAAbmTcAABqFvvAAYN9hgAA1XRbQAD85WIABUUaHkA==
Date: Sat, 26 Feb 2022 04:17:30 +0000
Message-ID: <8fa949930e2041cb81c4d8b9e487bd4c@EX13D01ANC003.ant.amazon.com>
References: <83f923185c3741ccb668826f5b11b0c3@EX13D01ANC003.ant.amazon.com> <CAErg=HFamywTBGriKsVd4eB=yo46Mz2JcKnnjHY8s36f12qEFg@mail.gmail.com> <180543c01fdf439cbdfd8214ec75eb76@EX13D01ANC003.ant.amazon.com> <CAErg=HGufDVCKN+PqPQ80MoVobK0N7ocVjLoDaAyqq5+Bma6TQ@mail.gmail.com> <caa7508995694a56b5b5f632ed8bf49a@EX13D01ANC003.ant.amazon.com> <YhDRHwiTXI6T78+c@LK-Perkele-VII2.locald>
In-Reply-To: <YhDRHwiTXI6T78+c@LK-Perkele-VII2.locald>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.43.157.4]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/LBomeTtd2zWr-ThHkaxBaAKDDJQ>
Subject: Re: [TLS] New Version Notification for draft-kampanakis-tls-scas-latest-00.txt (ICA Supression)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Feb 2022 04:17:58 -0000

> I only have some isolated random datapoints on number of disclosed WebPKI ICAs since 2021-02-08 (a bit over year ago), but during that time, that number has grown from 1669 to 1820.

Thx Ilari. Understood. 

We are looking into how we could quantify how the complete ICA list changes over time in order to evaluate TBD3. Probably it would be in the days to weeks timeline than years, but that remains to be seen. Of course that would not cover usecases other than WebPKI, but probably that is the more dynamic one. 



-----Original Message-----
From: TLS <tls-bounces@ietf.org> On Behalf Of Ilari Liusvaara
Sent: Saturday, February 19, 2022 6:15 AM
To: tls@ietf.org
Subject: RE: [EXTERNAL] [TLS] New Version Notification for draft-kampanakis-tls-scas-latest-00.txt (ICA Supression)

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.



On Sat, Feb 19, 2022 at 03:59:23AM +0000, Kampanakis, Panos wrote:

> - If we can assume an OOB mechanism to load the ICAs then we can 
> simplify things. Practically we can assume there is no failure.
> Agreed, but I am not sure that we should not include any non-normative 
> language for the inadvertent corner case though.
> There should be a fallback, one that we are assuming will never 
> happen, but an implementer should account for it.

It seems to me that the dominant failure modes are:

- Using old ICA list that is missing some newly minted ICA.
- Using custom TA that is missing ICA data.


> - Connection re-establishment affects the security and privacy 
> assumptions and should be captured. I am not sure the concern is worse 
> than the regular fingerprinting text already in the draft, but point 
> taken. We can improve the text and I created an issue for it. 
> https://github.com/csosto-pk/tls-suppress-intermediates/issues/12

Regarding security and privacy, the most severe impact of any attack I can come up with is determining if some arbitrary ICA is on the ICA list or not (for passive attacks, that is restricted to the issuing ICA used by the server). Practical impact of attacker being able to do that depends on how many endpoints share that same ICA list.

Rough outline of the attack (active variant): Fabricate a certificate purporting to be from some ICA, send it to client and observe if the client retries (ICA not on the list) or just fails (ICA is on the list).


> I would be interested to track how that ICA list has been changing 
> over time. Let’s see if we can get data on that for FFs preload list, 
> Filippo’s or others.

I only have some isolated random datapoints on number of disclosed WebPKI ICAs since 2021-02-08 (a bit over year ago), but during that time, that number has grown from 1669 to 1820.



-Ilari

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email