IETF Logo Mail Archive

Re: [TLS] datacenter TLS decryption as a three-party protocol

Andrei Popov <Andrei.Popov@microsoft.com> Thu, 20 July 2017 07:33 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D558126B72 for <tls@ietfa.amsl.com>; Thu, 20 Jul 2017 00:33:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2uY49KtHgi1W for <tls@ietfa.amsl.com>; Thu, 20 Jul 2017 00:33:35 -0700 (PDT)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0099.outbound.protection.outlook.com [104.47.40.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8526A126557 for <tls@ietf.org>; Thu, 20 Jul 2017 00:33:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=BCqcA0bqQ/a92LxVIfGrhBEJFcIg05kKT0ZPnWMbpng=; b=gyXYUHmpWAejlfTDl7yHBPkdmNJJMXc+t2ykR+CBXz/N6nHpXNaWjmRijMwLWB3oFgrgf93O2r9zTJnT8ibZK+SBgEGAnAcYbyEi8517NXnxM3M8nsRHrXGoAHhKOA8I4w6J9xfTo3sIsCdjSathwmMEuSnUUYGZFMu+WQUWurM=
Received: from DM2PR21MB0091.namprd21.prod.outlook.com (10.161.141.14) by DM2PR21MB0089.namprd21.prod.outlook.com (10.161.141.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1304.7; Thu, 20 Jul 2017 07:33:33 +0000
Received: from DM2PR21MB0091.namprd21.prod.outlook.com ([fe80::c8c3:4f7d:e655:1fb2]) by DM2PR21MB0091.namprd21.prod.outlook.com ([fe80::c8c3:4f7d:e655:1fb2%13]) with mapi id 15.01.1304.007; Thu, 20 Jul 2017 07:33:33 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Colm MacCárthaigh <colm@allcosts.net>
CC: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] datacenter TLS decryption as a three-party protocol
Thread-Index: AQHTAJBeA74CtGrHzkK8oKin6MaiBqJbXOSAgAAClACAAAm5AIAAAWoAgAAB0ICAAFVOAIAABBqAgAB+TgCAAAWGgIAAADdw
Date: Thu, 20 Jul 2017 07:33:33 +0000
Message-ID: <DM2PR21MB00910D605F561667F655D1698CA70@DM2PR21MB0091.namprd21.prod.outlook.com>
References: <81de2a21-610e-c2b3-d3ff-2fc598170369@akamai.com> <87796a4e-e958-7119-d91a-b564db2cef39@cs.tcd.ie> <3f9e5ccf-2d5f-5182-5b76-ae24f8e7ecb5@akamai.com> <94ba928f-a6e3-5b10-7bd5-94c22deb5827@cs.tcd.ie> <CAPt1N1kDjeWSXucZJmxNr9rpVOh=hZoXknWn+HzL7sOYTXc4mQ@mail.gmail.com> <CAAF6GDcCnf=O64bnVQXnNHXQAQGY3h5RSjDD0sEE=R1ruEzGcA@mail.gmail.com> <cec29b2f-0bac-0758-569d-d341ee81b842@cs.tcd.ie> <CAAF6GDfyTsn9uqxBhFiw0gUo76xtTCS8jhvKruGyFpFRoB=zOw@mail.gmail.com> <DM2PR21MB00915FC926FEE6F64324E62D8CA70@DM2PR21MB0091.namprd21.prod.outlook.com> <CAAF6GDfSk3z4WfGx5GQ_3YqUWcsF76cqG5HVvLEYxobr8CApTg@mail.gmail.com>
In-Reply-To: <CAAF6GDfSk3z4WfGx5GQ_3YqUWcsF76cqG5HVvLEYxobr8CApTg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: allcosts.net; dkim=none (message not signed) header.d=none; allcosts.net; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [2001:67c:1232:184:f5ce:6e9b:d5c1:2697]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM2PR21MB0089; 7:bR/3DcpqJTicvnW3y0UgceuA4+4dBgRjaeUzfWchnb9FGXQ3S+nWCsQlLVztigjHxB0HGrXY0EHy7ztLUUvRKNi9QR/6pi7ItGW0eYpWF30bCxadv/IzThGuoP/D/25Tg7eRB6M5VuzLVy+iqk849cF5gMptP9XymdLD8itA/f0xHTGY8+VfgT8TEwj3k68pQXGsYdfA8/jAsHjCFHa5hzRZ4+1424Of9nkr1v0UYqW4pboUaemtRHQHvDZjo7xqDs+OIs/cxs3rZ1+anrFlDYruKoeTLPuEh9+10eHgli656V7g6dMKH6y7znztWx4hlQmvE1EmD1cNmV/8SXBH5ZU1kvv0Jm3JJ4ZT2g2FaHh83USlz6PpGoeEMy+GKnhOPInuRoHP3fjm+EvLXc6Tr3aTOApVGOXJbAyHW4z+wRDMwyh3ZAmGjqvXjPIUqz9NbL2kEs6iDsY20oU0y5BeajMZIADHChPF+gNMK/ZNFXAN9EXMV16otRyj1ZB9TeCtJ+/RJYe+8S1DOp6vEXLSeumI+AIsIEUaTJYOcLP3H904X+3EBXKVdQMWMxc68wmmg2DrJhQXi7Kb/bs1x2o0kEVILVaZXp3vtwzXUIO5yiQ5RMs4skOC5Wi7EBlNJ7yxytfwd1Y2NBemvvR6+20hAjzhbrDgfgG/czvXEokAkC3XLuLhCPUzYZon9By5L/KcguFSV0QBzNqusKCZslJaG81Z5VEpUxG9/AKePIAeD6slz/qukvavnv/tka3ocDZbrq93HBGVfVkg0ncsP0eUdP+xzf8ipjfySxyc6K10JioxG588Wft9zeva44z9Iwkq
x-ms-office365-filtering-correlation-id: fa1f2a62-b7e4-449b-a196-08d4cf41a073
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(48565401081)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DM2PR21MB0089;
x-ms-traffictypediagnostic: DM2PR21MB0089:
x-exchange-antispam-report-test: UriScan:(151999592597050)(32856632585715)(158342451672863)(133145235818549)(26388249023172)(236129657087228)(148574349560750)(21748063052155);
x-microsoft-antispam-prvs: <DM2PR21MB0089DD0A0A89227B48D710B48CA70@DM2PR21MB0089.namprd21.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(61425038)(6040450)(601004)(2401047)(8121501046)(5005006)(2017060910075)(100000703101)(100105400095)(10201501046)(93006095)(93001095)(3002001)(6055026)(61426038)(61427038)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123562025)(20161123564025)(20161123560025)(20161123558100)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM2PR21MB0089; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM2PR21MB0089;
x-forefront-prvs: 0374433C81
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39850400002)(39400400002)(39450400003)(39840400002)(39860400002)(39410400002)(24454002)(377454003)(38730400002)(55016002)(99286003)(6436002)(93886004)(6916009)(229853002)(54906002)(10290500003)(6246003)(110136004)(53936002)(6306002)(54896002)(9686003)(236005)(5250100002)(74316002)(25786009)(86362001)(2900100001)(4326008)(53546010)(72206003)(7736002)(2950100002)(14454004)(478600001)(19609705001)(33656002)(102836003)(5660300001)(54356999)(50986999)(76176999)(8936002)(7696004)(8676002)(81166006)(189998001)(3660700001)(2906002)(10090500001)(790700001)(6506006)(6116002)(3280700002)(5005710100001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR21MB0089; H:DM2PR21MB0091.namprd21.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM2PR21MB00910D605F561667F655D1698CA70DM2PR21MB0091namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jul 2017 07:33:33.6432 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR21MB0089
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/NvPvs50maXZTGi7XhwamrPq0HXE>
Subject: Re: [TLS] datacenter TLS decryption as a three-party protocol
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jul 2017 07:33:38 -0000

Ah, I get what you’re saying.

DH parameter reuse for performance reasons is not a good thing, and it is not something recommended in the TLS RFCs. But offering standardized ways of exporting/importing keys for wiretapping/surveillance/discovery/analysis purposes is quite different. If a browser were to support this, I would want to avoid using such a browser.

Industry or corporate standards could define key import/export/escrow methods, and certainly SW vendors may choose to support them.
At the IETF, IMHO, we can better contribute by focusing on key protection, non-exportability and attestation.

Cheers,

Andrei

From: Colm MacCárthaigh [mailto:colm@allcosts.net]
Sent: Thursday, July 20, 2017 8:57 AM
To: Andrei Popov <Andrei.Popov@microsoft.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>; <tls@ietf.org> <tls@ietf.org>
Subject: Re: [TLS] datacenter TLS decryption as a three-party protocol



On Wed, Jul 19, 2017 at 11:40 PM, Andrei Popov <Andrei.Popov@microsoft.com<mailto:Andrei.Popov@microsoft.com>> wrote:
Hi Colm,


  *   Today browsers do turn on wiretapping support in the normal case. There's nothing they can do about it, and it works right now.
This is news to me; which browsers do this (so that I can avoid using them)?

Like I said, all of them. I don't know of a single browser that forces DH-only and insists on unique DH parameters today, and it wouldn't be practical.  So if we're going to refer to an operator who has the server's private key using their own key to decrypt traffic as wire-tapping, then in those terms currently all browsers have support for that turned on, as it's part of existing versions of TLS.

--
Colm

v2.23.0 | Report a Bug | By Email