Re: [TLS] draft-green-tls-static-dh-in-tls13-01

Colm MacCárthaigh <colm@allcosts.net> Sun, 09 July 2017 06:05 UTC

Return-Path: <colm@allcosts.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64B1C127369 for <tls@ietfa.amsl.com>; Sat, 8 Jul 2017 23:05:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=allcosts-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fKQA2aCBb3m4 for <tls@ietfa.amsl.com>; Sat, 8 Jul 2017 23:04:58 -0700 (PDT)
Received: from mail-yb0-x232.google.com (mail-yb0-x232.google.com [IPv6:2607:f8b0:4002:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C0F812009C for <tls@ietf.org>; Sat, 8 Jul 2017 23:04:58 -0700 (PDT)
Received: by mail-yb0-x232.google.com with SMTP id p207so20353155yba.2 for <tls@ietf.org>; Sat, 08 Jul 2017 23:04:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=allcosts-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=NRA/6v32h5xy0SROXZDuf1SnH8hVNQq2MfIqtGi6D3Y=; b=tIpl4UXu8SEVyVwQmaJQMeyW++2shggsM/XhjCSOrkSIJDbnCcSQskNC/mBmMprmIJ KqsNCpHgK+UpidLivRXEGyYdXoGseHdg9S6eBPpnV4Ch4xsb75aQpmqRdjIICIe2BJ/m Kpf3XL4MqRrOvHar+PcSXV3+ADSj8gbHAJJWhMfS4WjtwmvR/pPoawBfOJebyd0ZTj+I z1tJnYFihows09wZNu65/YHF0iDpbCw8W7ZoLYEOnAZuitUJKdoF8BogkgFL0jcE6f8O LG1KHt3yHAqhxBqWQfkLsj+IzZzYxNe5qBGQiEeqVXikoXcmO5wexRoIT10TVvje3YLL fWSw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=NRA/6v32h5xy0SROXZDuf1SnH8hVNQq2MfIqtGi6D3Y=; b=N9/xMrMrhykdJtt/5m/v1DXkx7xljc6e9riCgQf1UXDZ2ms5gwBAaTKLAl1fuyzlVy 6LtiZz87+Z/razldhIqKQfos3lzLLb13Ii0E/eNQL2JPwIiVSsWpl1wAxwRkTrDqEkDR fwzGlUr72Rn91OO5FtM3XdDq6d+hSKvPFsEZraMCs2bx7VSnlINlTJKMVi78X/YHXRoJ YKbCjImdr0XC7SNrvpTdQyWK3vBZCfNNNiyEiGJgGhElAsh5LG0CsEzS5aQekvaJKJvS JnHNMRjJHo9yNzZ1vXIKPGDhgxXXAmbvsVzFY12NlF1lSnJkFtMUxTWRSW1mjG+CavsQ 2fEw==
X-Gm-Message-State: AIVw110fh3txkH6mKqsCcVq19rw1KLk6Df3UGnV1Gbunc2AXaqyqc8Bj crWrg/8Bl5AK90WeEw4gN1YnK2kYiSgc
X-Received: by 10.37.208.66 with SMTP id h63mr2025400ybg.163.1499580297726; Sat, 08 Jul 2017 23:04:57 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.27.4 with HTTP; Sat, 8 Jul 2017 23:04:56 -0700 (PDT)
In-Reply-To: <CACsn0cnQUVbTAz7u+wziJgbi1wSyWn63uoHB=AeUb05BE83Gvg@mail.gmail.com>
References: <CAPCANN-xgf3auqy+pFfL6VO5GpEsCCHYkROAwiB1u=8a4yj+Fg@mail.gmail.com> <CAL02cgRJeauV9NQ2OrGK1ocQtg-M2tbWm2+5HUc4-Wc8KC3vxQ@mail.gmail.com> <71E07F32-230F-447C-B85B-9B3B4146D386@vigilsec.com> <39bad3e9-2e17-30f6-48a7-a035d449dce7@cs.tcd.ie> <CAJU8_nXBFkpncFDy4QFnd6hFpC7oOZn-F1-EuBC2vk3Y6QKq3A@mail.gmail.com> <f0554055-cdd3-a78c-8ab1-e84f9b624fda@cs.tcd.ie> <A0BEC2E3-8CF5-433D-BA77-E8474A2C922A@vigilsec.com> <658a6b50-54a7-600a-2f6a-480daf2321dc@cs.tcd.ie> <F830F0DA-F3F1-4A61-8B42-100D31E6F831@vigilsec.com> <1ebb85c3-842e-36f6-ccd5-da7074342118@cs.tcd.ie> <E639C60A-D90C-46C2-9A18-5D02D6EBD9E4@vigilsec.com> <d16833ed-3b6b-3685-e109-1673f69c67a5@cs.tcd.ie> <5CF364CB-96E1-4103-9C83-81187897F5F3@vigilsec.com> <4f733022-dabb-53a2-2eb7-425134c137f8@huitema.net> <CACsn0ck8P0Dn3L_tmVmmAez=xo0hmFxQEqkfqw+O7ZzcHpwtTw@mail.gmail.com> <CY4PR14MB13689ABCC728747E9B999AEFD7AB0@CY4PR14MB1368.namprd14.prod.outlook.com> <kokbii6v34dsk060vpa2if7u.1499483924916@emailplus.mobileiron.com> <B63E3C2C-CA56-442B-829A-9A9985235D1D@gmail.com> <CACsn0cnQUVbTAz7u+wziJgbi1wSyWn63uoHB=AeUb05BE83Gvg@mail.gmail.com>
From: =?UTF-8?Q?Colm_MacC=C3=A1rthaigh?= <colm@allcosts.net>
Date: Sat, 8 Jul 2017 23:04:56 -0700
Message-ID: <CAAF6GDd4a57H_TS5hERc=mk+=d0q7Y0h5CNSNBpVhoD7a6DgnQ@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Cc: Yoav Nir <ynir.ietf@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c0553ccf571960553dc3e94"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Ns6SIEZUmohsmhPoWPbY0G8vU0Y>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Jul 2017 06:05:00 -0000

On Sat, Jul 8, 2017 at 9:27 AM, Watson Ladd <watsonbladd@gmail.com>; wrote:
>
> > They also don’t want to install TLS proxies all over the place.  That’s a
> > large extra expense for them.
>
> Nginx exists. What's the blocker?


Here's how these networks work today:

* Key servers are configured to use RSA KX, no DH.
* In some cases, all outbound (e.g. internet) connectivity is also proxied
via such a server. Clients are made to trust a private CA for this purpose.
* All data is not necessarily logged or stored somewhere, and almost
certainly not in the plain, as that would increase over-all risk.
* Admins use port-mirrors and tools like tcpdump to investigate/scan
suspicious flows from time to time, or as part of a targeted investigation.
Occasionally it might also be used for debugging. The RSA keys can be used
to render the connections plain on demand.
* That doesn't mean that the RSA private keys are readily available, they
are often very tightly controlled.

Migrating to proxies would:

* Be a very big operational change. Gotta get nginx on all of the boxes, is
that even possible?
* Completely change the access mechanisms, invalidate almost all of the
operational controls.
* Probably more than double the basic compute costs associated with
encryption.
* Create more sensitive environments where plaintext is floating around.


That doesn't mean that these vendors/operators are owed a solution, or an
easy-to-insert more-or-less-compatible-with-today mechanism. But it does
help assess whether they are really likely to adopt TLS1.3 to begin with.

-- 
Colm