Re: [TLS] datacenter TLS decryption as a three-party protocol

Colm MacCárthaigh <colm@allcosts.net> Wed, 19 July 2017 23:05 UTC

Return-Path: <colm@allcosts.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D2501200F3 for <tls@ietfa.amsl.com>; Wed, 19 Jul 2017 16:05:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=allcosts-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id anyBunvIz_r4 for <tls@ietfa.amsl.com>; Wed, 19 Jul 2017 16:05:15 -0700 (PDT)
Received: from mail-yb0-x235.google.com (mail-yb0-x235.google.com [IPv6:2607:f8b0:4002:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CDE112778E for <tls@ietf.org>; Wed, 19 Jul 2017 16:05:15 -0700 (PDT)
Received: by mail-yb0-x235.google.com with SMTP id c127so2512362ybf.4 for <tls@ietf.org>; Wed, 19 Jul 2017 16:05:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=allcosts-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ONv24w0xHscV3/XLYbWChFio6npzBJNwrjZANFt2fQA=; b=0yIWbI6IwZGv7UdBT0d42KN0Dd+39lx5dOxk9+Ob86qRs/jkdfOwhz84znnfGiticR zY7Wb+h+CBaFtnP+oX2jvoeUfilU2eZ15aVvE601xUtuw82Ub/UBamkO6mW9CGbtKnXi z5wwVa5Te+V/eRkOZTn5oVpkFLMtvl4uodctTnXT/Q6iZBwHv3mBWZI4RX38n1Z3Oj35 Puq8m2rtb1711QmNzsPQtfVH8FyYih+QtzUYhrrHquxalHAxlA0plyQ7C6NhoSqlCmXr 1QDbRTTtTGqsotwsd1n8AdSeeZpbmVUFIiA6NT3qF22V6oG+7YRreXCcZn+n77rXvI0O H2Gg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ONv24w0xHscV3/XLYbWChFio6npzBJNwrjZANFt2fQA=; b=EDbTxy+TUo7zB4MSDxKT5fRZmyeeKC+3Opx+DiXTtiq6IyzaGYVEr7s/XoTIIyiFLf UthsE06TJHGjEqOWHX5l83vZhGhoVpSLT2zyKMrdLxzAcqU9fInOUl2wMg+JjsstpS7e UIhq/59icJCYxhU8AF+l0ZzI9kUq+/r1cwQVwjTDje7c3AvZuPEyp51krNeEkcsirQPx d6Jy1P2LNFMq70vJWve3MwXV+YRQ98EHGcfxJHCbWOtTzP6hF5UdTFo3q8fR38mQ+LTl WXzJtAWZ5um7rpg7k1tUhiDjt16FgsnRb13x8eIzjtNSuOUnJZbd/LdLoJxYtX4DIUBx u7iw==
X-Gm-Message-State: AIVw113qAHunfN82w5Oj2tQn8VtBAug6NIYDp4znFYTKBTOPDrvPGGfo 5xP1TGr2yDTzreb9mbRUA8KxSIzRt5qlxIU=
X-Received: by 10.37.220.74 with SMTP id y71mr1659983ybe.220.1500505514344; Wed, 19 Jul 2017 16:05:14 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.27.4 with HTTP; Wed, 19 Jul 2017 16:05:13 -0700 (PDT)
In-Reply-To: <cec29b2f-0bac-0758-569d-d341ee81b842@cs.tcd.ie>
References: <81de2a21-610e-c2b3-d3ff-2fc598170369@akamai.com> <87796a4e-e958-7119-d91a-b564db2cef39@cs.tcd.ie> <3f9e5ccf-2d5f-5182-5b76-ae24f8e7ecb5@akamai.com> <94ba928f-a6e3-5b10-7bd5-94c22deb5827@cs.tcd.ie> <CAPt1N1kDjeWSXucZJmxNr9rpVOh=hZoXknWn+HzL7sOYTXc4mQ@mail.gmail.com> <CAAF6GDcCnf=O64bnVQXnNHXQAQGY3h5RSjDD0sEE=R1ruEzGcA@mail.gmail.com> <cec29b2f-0bac-0758-569d-d341ee81b842@cs.tcd.ie>
From: Colm MacCárthaigh <colm@allcosts.net>
Date: Wed, 19 Jul 2017 16:05:13 -0700
Message-ID: <CAAF6GDfyTsn9uqxBhFiw0gUo76xtTCS8jhvKruGyFpFRoB=zOw@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Ted Lemon <mellon@fugue.com>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c18f3282aac8a0554b3aa17"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Lay_5c4F_Uzt3MDZHjM5RyppgjA>
Subject: Re: [TLS] datacenter TLS decryption as a three-party protocol
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jul 2017 23:05:17 -0000

On Wed, Jul 19, 2017 at 3:50 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie>
wrote:

> That is a perfect example of the hideous dangers of all of this.
> The implication in the above is that browsers would/should turn
> on wiretapping support in the normal case.
>

Today browsers do turn on wiretapping support in the normal case. There's
nothing they can do about it, and it works right now.

If static-DH is permitted, and I don't mean if we release a document
describing it, I mean if we don't forbid static DH parameters; this will
also continue to be the case. My take: I think we should forbid static DH
for this reason.

Next, if proxies are deployed as the mechanism, this will also continue to
be the case. Again, nothing a browser can do, and I argue that real-world
security is left much much worse for users too.

On the other hand, if we standardize a signaled, opt-in, mechanism; then
browsers have more fine-grained options. I suspect that browsers would NOT
support this by default, just as they don't accept private CAs by default.
Instead the browser would have to configured per a corporate policy. But
they could /also/ choose to disable incognito mode in such circumstances,
to be more fair to end-users. It's an example of something that can't be
done today at all.

Such a mode is likely fine for the corporate users and what they want, but
is not so useful for intelligence agencies and so on, precisely because its
signaled and a bit more transparent. In real world terms, I would regard it
much /less/ likely to create the kind of MITM infrastructure that's useful
for that case.

-- 
Colm