Re: [TLS] OpSec WGLC for draft-ietf-opsec-ns-impact

Nick Lamb <njl@tlrmx.org> Thu, 20 August 2020 23:39 UTC

Return-Path: <njl@tlrmx.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3AF63A149D; Thu, 20 Aug 2020 16:39:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=tlrmx.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IGzgB-gXZg6y; Thu, 20 Aug 2020 16:39:58 -0700 (PDT)
Received: from brown.elm.relay.mailchannels.net (brown.elm.relay.mailchannels.net [23.83.212.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 158053A149C; Thu, 20 Aug 2020 16:39:57 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|njl@tlrmx.org
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id DE9E2541193; Thu, 20 Aug 2020 23:39:56 +0000 (UTC)
Received: from pdx1-sub0-mail-a69.g.dreamhost.com (100-96-9-79.trex.outbound.svc.cluster.local [100.96.9.79]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 15F54541676; Thu, 20 Aug 2020 23:39:56 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|njl@tlrmx.org
Received: from pdx1-sub0-mail-a69.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.18.8); Thu, 20 Aug 2020 23:39:56 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|njl@tlrmx.org
X-MailChannels-Auth-Id: dreamhost
X-Fumbling-Attack: 7851003129eb71e1_1597966796562_3946682550
X-MC-Loop-Signature: 1597966796561:1992449385
X-MC-Ingress-Time: 1597966796561
Received: from pdx1-sub0-mail-a69.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a69.g.dreamhost.com (Postfix) with ESMTP id A0BA28431B; Thu, 20 Aug 2020 16:39:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=tlrmx.org; h=date:from:to :cc:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; s=tlrmx.org; bh=BhUX+Yg Bj8xZjQp2+T3IRJdyAR0=; b=joq36NUMWqurH9N4tQyH2GMAu74YrU3Z+n0c/rn IxvCR6BbX0gMm/4ijI9/78I8gQ+sBrE/HqDBixDsl8GPdQuPdpgwNI3NMtmEJmDK 444DSrZ+GUZM6BGAxwiQYO70Qstro5TWBroLSNAKv8PldgXZFyem79coFa5pALB0 1QCk=
Received: from totoro.tlrmx.org (124.89.2.81.in-addr.arpa [81.2.89.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: njl@tlrmx.org) by pdx1-sub0-mail-a69.g.dreamhost.com (Postfix) with ESMTPSA id 0B1AE7FF29; Thu, 20 Aug 2020 16:39:52 -0700 (PDT)
Date: Fri, 21 Aug 2020 00:39:48 +0100
X-DH-BACKEND: pdx1-sub0-mail-a69
From: Nick Lamb <njl@tlrmx.org>
To: Roelof DuToit <r@nerd.ninja>
Cc: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, "opsec@ietf.org" <opsec@ietf.org>, "tls@ietf.org" <tls@ietf.org>
Message-ID: <20200821003948.04bc5308@totoro.tlrmx.org>
In-Reply-To: <387460EC-D00A-4D12-9E12-713E9E0049B1@nerd.ninja>
References: <20200817163938.07580cee@totoro.tlrmx.org> <2B1FF3B4-949A-4A29-ABDC-B2B91878B947@cisco.com> <20200819234314.29c3bbdc@totoro.tlrmx.org> <387460EC-D00A-4D12-9E12-713E9E0049B1@nerd.ninja>
X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-redhat-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeduiedrudduuddgvdehucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepfffhvffukfgjfhfogggtgfesthejredtredtvdenucfhrhhomheppfhitghkucfnrghmsgcuoehnjhhlsehtlhhrmhigrdhorhhgqeenucggtffrrghtthgvrhhnpeetjeeludefvddtkeffgffgudfgveffffegtdeuleffkedvvedvfedvjedvleelueenucfkphepkedurddvrdekledruddvgeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehtohhtohhrohdrthhlrhhmgidrohhrghdpihhnvghtpeekuddrvddrkeelrdduvdegpdhrvghtuhhrnhdqphgrthhhpefpihgtkhcunfgrmhgsuceonhhjlhesthhlrhhmgidrohhrgheqpdhmrghilhhfrhhomhepnhhjlhesthhlrhhmgidrohhrghdpnhhrtghpthhtohepthhlshesihgvthhfrdhorhhg
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/QEQSVeNUtX7AcN7r02xpUrYOlfE>
Subject: Re: [TLS] OpSec WGLC for draft-ietf-opsec-ns-impact
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Aug 2020 23:40:00 -0000

On Thu, 20 Aug 2020 09:58:58 -0400
Roelof DuToit <r@nerd.ninja> wrote:

> As co-author I am not a proponent of passive TLS inspection - not
> least because of the ossification implications.  It cannot be labeled
> as ineffective though (see further comments below), even if the
> document strongly hints at not using passive TLS inspection in a
> post-TLS-1.2 world.

Mostly I endorse Ekr's comment that a document like this should
actually spell out any convolutions and conditions necessary to the
effective use of passive inspection. I would try to find time to
examine a revised document that did this.

But I do want to address one such in particular now:

> 1. Policy-based control over the use of RSA key exchange.  It should
> not be allowed.

Qualys estimates that when TLS 1.3 was finalised RSA was required for
about 5.7% of web sites (it had been larger previously). That's a
pretty huge caveat.

The same document we're discussing, draft-ietf-opsec-ns-impact-02
actually several times relies upon RSA key exchange (in section 5.3) for
methods it says will now be impacted by TLS 1.3 because that doesn't
allow RSA key exchange.

As written there's no problem, but it seems to me that if you add a
condition saying to disallow RSA key exchange in section 5.1, this has
the effect of implicitly rebuking this approach from section 5.3.

That would be a little bit silly in a single document but it's even
sillier when you recall that actually products in this space straddle
both categories.

Nick.