Re: [TLS] datacenter TLS decryption as a three-party protocol
Andrei Popov <Andrei.Popov@microsoft.com> Thu, 20 July 2017 07:33 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D558126B72 for <tls@ietfa.amsl.com>; Thu, 20 Jul 2017 00:33:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2uY49KtHgi1W for <tls@ietfa.amsl.com>; Thu, 20 Jul 2017 00:33:35 -0700 (PDT)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0099.outbound.protection.outlook.com [104.47.40.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8526A126557 for <tls@ietf.org>; Thu, 20 Jul 2017 00:33:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=BCqcA0bqQ/a92LxVIfGrhBEJFcIg05kKT0ZPnWMbpng=; b=gyXYUHmpWAejlfTDl7yHBPkdmNJJMXc+t2ykR+CBXz/N6nHpXNaWjmRijMwLWB3oFgrgf93O2r9zTJnT8ibZK+SBgEGAnAcYbyEi8517NXnxM3M8nsRHrXGoAHhKOA8I4w6J9xfTo3sIsCdjSathwmMEuSnUUYGZFMu+WQUWurM=
Received: from DM2PR21MB0091.namprd21.prod.outlook.com (10.161.141.14) by DM2PR21MB0089.namprd21.prod.outlook.com (10.161.141.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1304.7; Thu, 20 Jul 2017 07:33:33 +0000
Received: from DM2PR21MB0091.namprd21.prod.outlook.com ([fe80::c8c3:4f7d:e655:1fb2]) by DM2PR21MB0091.namprd21.prod.outlook.com ([fe80::c8c3:4f7d:e655:1fb2%13]) with mapi id 15.01.1304.007; Thu, 20 Jul 2017 07:33:33 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Colm MacCárthaigh <colm@allcosts.net>
CC: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] datacenter TLS decryption as a three-party protocol
Thread-Index: AQHTAJBeA74CtGrHzkK8oKin6MaiBqJbXOSAgAAClACAAAm5AIAAAWoAgAAB0ICAAFVOAIAABBqAgAB+TgCAAAWGgIAAADdw
Date: Thu, 20 Jul 2017 07:33:33 +0000
Message-ID: <DM2PR21MB00910D605F561667F655D1698CA70@DM2PR21MB0091.namprd21.prod.outlook.com>
References: <81de2a21-610e-c2b3-d3ff-2fc598170369@akamai.com> <87796a4e-e958-7119-d91a-b564db2cef39@cs.tcd.ie> <3f9e5ccf-2d5f-5182-5b76-ae24f8e7ecb5@akamai.com> <94ba928f-a6e3-5b10-7bd5-94c22deb5827@cs.tcd.ie> <CAPt1N1kDjeWSXucZJmxNr9rpVOh=hZoXknWn+HzL7sOYTXc4mQ@mail.gmail.com> <CAAF6GDcCnf=O64bnVQXnNHXQAQGY3h5RSjDD0sEE=R1ruEzGcA@mail.gmail.com> <cec29b2f-0bac-0758-569d-d341ee81b842@cs.tcd.ie> <CAAF6GDfyTsn9uqxBhFiw0gUo76xtTCS8jhvKruGyFpFRoB=zOw@mail.gmail.com> <DM2PR21MB00915FC926FEE6F64324E62D8CA70@DM2PR21MB0091.namprd21.prod.outlook.com> <CAAF6GDfSk3z4WfGx5GQ_3YqUWcsF76cqG5HVvLEYxobr8CApTg@mail.gmail.com>
In-Reply-To: <CAAF6GDfSk3z4WfGx5GQ_3YqUWcsF76cqG5HVvLEYxobr8CApTg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: allcosts.net; dkim=none (message not signed) header.d=none; allcosts.net; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [2001:67c:1232:184:f5ce:6e9b:d5c1:2697]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM2PR21MB0089; 7:bR/3DcpqJTicvnW3y0UgceuA4+4dBgRjaeUzfWchnb9FGXQ3S+nWCsQlLVztigjHxB0HGrXY0EHy7ztLUUvRKNi9QR/6pi7ItGW0eYpWF30bCxadv/IzThGuoP/D/25Tg7eRB6M5VuzLVy+iqk849cF5gMptP9XymdLD8itA/f0xHTGY8+VfgT8TEwj3k68pQXGsYdfA8/jAsHjCFHa5hzRZ4+1424Of9nkr1v0UYqW4pboUaemtRHQHvDZjo7xqDs+OIs/cxs3rZ1+anrFlDYruKoeTLPuEh9+10eHgli656V7g6dMKH6y7znztWx4hlQmvE1EmD1cNmV/8SXBH5ZU1kvv0Jm3JJ4ZT2g2FaHh83USlz6PpGoeEMy+GKnhOPInuRoHP3fjm+EvLXc6Tr3aTOApVGOXJbAyHW4z+wRDMwyh3ZAmGjqvXjPIUqz9NbL2kEs6iDsY20oU0y5BeajMZIADHChPF+gNMK/ZNFXAN9EXMV16otRyj1ZB9TeCtJ+/RJYe+8S1DOp6vEXLSeumI+AIsIEUaTJYOcLP3H904X+3EBXKVdQMWMxc68wmmg2DrJhQXi7Kb/bs1x2o0kEVILVaZXp3vtwzXUIO5yiQ5RMs4skOC5Wi7EBlNJ7yxytfwd1Y2NBemvvR6+20hAjzhbrDgfgG/czvXEokAkC3XLuLhCPUzYZon9By5L/KcguFSV0QBzNqusKCZslJaG81Z5VEpUxG9/AKePIAeD6slz/qukvavnv/tka3ocDZbrq93HBGVfVkg0ncsP0eUdP+xzf8ipjfySxyc6K10JioxG588Wft9zeva44z9Iwkq
x-ms-office365-filtering-correlation-id: fa1f2a62-b7e4-449b-a196-08d4cf41a073
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(48565401081)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DM2PR21MB0089;
x-ms-traffictypediagnostic: DM2PR21MB0089:
x-exchange-antispam-report-test: UriScan:(151999592597050)(32856632585715)(158342451672863)(133145235818549)(26388249023172)(236129657087228)(148574349560750)(21748063052155);
x-microsoft-antispam-prvs: <DM2PR21MB0089DD0A0A89227B48D710B48CA70@DM2PR21MB0089.namprd21.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(61425038)(6040450)(601004)(2401047)(8121501046)(5005006)(2017060910075)(100000703101)(100105400095)(10201501046)(93006095)(93001095)(3002001)(6055026)(61426038)(61427038)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123562025)(20161123564025)(20161123560025)(20161123558100)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM2PR21MB0089; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM2PR21MB0089;
x-forefront-prvs: 0374433C81
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39850400002)(39400400002)(39450400003)(39840400002)(39860400002)(39410400002)(24454002)(377454003)(38730400002)(55016002)(99286003)(6436002)(93886004)(6916009)(229853002)(54906002)(10290500003)(6246003)(110136004)(53936002)(6306002)(54896002)(9686003)(236005)(5250100002)(74316002)(25786009)(86362001)(2900100001)(4326008)(53546010)(72206003)(7736002)(2950100002)(14454004)(478600001)(19609705001)(33656002)(102836003)(5660300001)(54356999)(50986999)(76176999)(8936002)(7696004)(8676002)(81166006)(189998001)(3660700001)(2906002)(10090500001)(790700001)(6506006)(6116002)(3280700002)(5005710100001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR21MB0089; H:DM2PR21MB0091.namprd21.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM2PR21MB00910D605F561667F655D1698CA70DM2PR21MB0091namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jul 2017 07:33:33.6432 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR21MB0089
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/NvPvs50maXZTGi7XhwamrPq0HXE>
Subject: Re: [TLS] datacenter TLS decryption as a three-party protocol
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jul 2017 07:33:38 -0000
Ah, I get what you’re saying. DH parameter reuse for performance reasons is not a good thing, and it is not something recommended in the TLS RFCs. But offering standardized ways of exporting/importing keys for wiretapping/surveillance/discovery/analysis purposes is quite different. If a browser were to support this, I would want to avoid using such a browser. Industry or corporate standards could define key import/export/escrow methods, and certainly SW vendors may choose to support them. At the IETF, IMHO, we can better contribute by focusing on key protection, non-exportability and attestation. Cheers, Andrei From: Colm MacCárthaigh [mailto:colm@allcosts.net] Sent: Thursday, July 20, 2017 8:57 AM To: Andrei Popov <Andrei.Popov@microsoft.com> Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>; <tls@ietf.org> <tls@ietf.org> Subject: Re: [TLS] datacenter TLS decryption as a three-party protocol On Wed, Jul 19, 2017 at 11:40 PM, Andrei Popov <Andrei.Popov@microsoft.com<mailto:Andrei.Popov@microsoft.com>> wrote: Hi Colm, * Today browsers do turn on wiretapping support in the normal case. There's nothing they can do about it, and it works right now. This is news to me; which browsers do this (so that I can avoid using them)? Like I said, all of them. I don't know of a single browser that forces DH-only and insists on unique DH parameters today, and it wouldn't be practical. So if we're going to refer to an operator who has the server's private key using their own key to decrypt traffic as wire-tapping, then in those terms currently all browsers have support for that turned on, as it's part of existing versions of TLS. -- Colm
- [TLS] datacenter TLS decryption as a three-party … Benjamin Kaduk
- Re: [TLS] datacenter TLS decryption as a three-pa… Ted Lemon
- Re: [TLS] datacenter TLS decryption as a three-pa… Kyle Rose
- Re: [TLS] datacenter TLS decryption as a three-pa… Ted Lemon
- Re: [TLS] datacenter TLS decryption as a three-pa… Kyle Rose
- Re: [TLS] datacenter TLS decryption as a three-pa… Roland Zink
- Re: [TLS] datacenter TLS decryption as a three-pa… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] datacenter TLS decryption as a three-pa… Yoav Nir
- Re: [TLS] datacenter TLS decryption as a three-pa… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] datacenter TLS decryption as a three-pa… Derrell Piper
- Re: [TLS] datacenter TLS decryption as a three-pa… Stephen Farrell
- Re: [TLS] datacenter TLS decryption as a three-pa… Benjamin Kaduk
- Re: [TLS] datacenter TLS decryption as a three-pa… Stephen Farrell
- Re: [TLS] datacenter TLS decryption as a three-pa… Ted Lemon
- Re: [TLS] datacenter TLS decryption as a three-pa… Colm MacCárthaigh
- Re: [TLS] datacenter TLS decryption as a three-pa… Ted Lemon
- Re: [TLS] datacenter TLS decryption as a three-pa… Colm MacCárthaigh
- Re: [TLS] datacenter TLS decryption as a three-pa… BITS Security
- Re: [TLS] datacenter TLS decryption as a three-pa… Martin Rex
- Re: [TLS] datacenter TLS decryption as a three-pa… Martin Rex
- Re: [TLS] datacenter TLS decryption as a three-pa… Salz, Rich
- Re: [TLS] datacenter TLS decryption as a three-pa… Roland Zink
- Re: [TLS] datacenter TLS decryption as a three-pa… Stephen Farrell
- Re: [TLS] datacenter TLS decryption as a three-pa… Stephen Farrell
- Re: [TLS] datacenter TLS decryption as a three-pa… Colm MacCárthaigh
- Re: [TLS] datacenter TLS decryption as a three-pa… Tony Arcieri
- Re: [TLS] datacenter TLS decryption as a three-pa… Andrei Popov
- Re: [TLS] datacenter TLS decryption as a three-pa… Colm MacCárthaigh
- Re: [TLS] datacenter TLS decryption as a three-pa… Andrei Popov
- Re: [TLS] datacenter TLS decryption as a three-pa… Salz, Rich
- Re: [TLS] datacenter TLS decryption as a three-pa… Colm MacCárthaigh
- Re: [TLS] datacenter TLS decryption as a three-pa… Stephen Farrell
- Re: [TLS] datacenter TLS decryption as a three-pa… Colm MacCárthaigh
- Re: [TLS] datacenter TLS decryption as a three-pa… Stephen Farrell
- Re: [TLS] datacenter TLS decryption as a three-pa… Colm MacCárthaigh
- Re: [TLS] datacenter TLS decryption as a three-pa… Martin Rex
- Re: [TLS] datacenter TLS decryption as a three-pa… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] datacenter TLS decryption as a three-pa… Ilari Liusvaara
- Re: [TLS] datacenter TLS decryption as a three-pa… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] datacenter TLS decryption as a three-pa… Ilari Liusvaara
- Re: [TLS] datacenter TLS decryption as a three-pa… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] datacenter TLS decryption as a three-pa… Ted Lemon
- Re: [TLS] datacenter TLS decryption as a three-pa… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] datacenter TLS decryption as a three-pa… Stephen Farrell
- Re: [TLS] datacenter TLS decryption as a three-pa… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] datacenter TLS decryption as a three-pa… Ted Lemon
- Re: [TLS] datacenter TLS decryption as a three-pa… Christian Huitema
- Re: [TLS] datacenter TLS decryption as a three-pa… Ted Lemon
- Re: [TLS] datacenter TLS decryption as a three-pa… Jeffrey Walton
- Re: [TLS] datacenter TLS decryption as a three-pa… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] datacenter TLS decryption as a three-pa… Felix Wyss
- Re: [TLS] datacenter TLS decryption as a three-pa… Ted Lemon
- Re: [TLS] datacenter TLS decryption as a three-pa… Stephen Farrell
- Re: [TLS] datacenter TLS decryption as a three-pa… Brian Sniffen
- Re: [TLS] datacenter TLS decryption as a three-pa… Kyle Rose
- Re: [TLS] datacenter TLS decryption as a three-pa… Paul Turner
- Re: [TLS] datacenter TLS decryption as a three-pa… Brian Sniffen
- Re: [TLS] datacenter TLS decryption as a three-pa… Paul Turner
- Re: [TLS] datacenter TLS decryption as a three-pa… Kyle Rose
- Re: [TLS] datacenter TLS decryption as a three-pa… Sean Turner
- Re: [TLS] datacenter TLS decryption as a three-pa… Ilari Liusvaara