IETF Logo Mail Archive

Re: [TLS] New Version Notification for draft-kampanakis-tls-scas-latest-00.txt (ICA Supression)

Ilari Liusvaara <ilariliusvaara@welho.com> Sat, 19 February 2022 11:14 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD6243A07DF for <tls@ietfa.amsl.com>; Sat, 19 Feb 2022 03:14:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8eM1zAiWG-Ef for <tls@ietfa.amsl.com>; Sat, 19 Feb 2022 03:14:44 -0800 (PST)
Received: from welho-filter1.welho.com (welho-filter1b.welho.com [83.102.41.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 318843A07DB for <tls@ietf.org>; Sat, 19 Feb 2022 03:14:43 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter1.welho.com (Postfix) with ESMTP id C8E4A22061 for <tls@ietf.org>; Sat, 19 Feb 2022 13:14:40 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter1.welho.com [::ffff:83.102.41.23]) (amavisd-new, port 10024) with ESMTP id S6hxHaulFJAz for <tls@ietf.org>; Sat, 19 Feb 2022 13:14:40 +0200 (EET)
Received: from LK-Perkele-VII2 (87-92-216-160.rev.dnainternet.fi [87.92.216.160]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 79B142320 for <tls@ietf.org>; Sat, 19 Feb 2022 13:14:39 +0200 (EET)
Date: Sat, 19 Feb 2022 13:14:39 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: "tls@ietf.org" <tls@ietf.org>
Message-ID: <YhDRHwiTXI6T78+c@LK-Perkele-VII2.locald>
References: <83f923185c3741ccb668826f5b11b0c3@EX13D01ANC003.ant.amazon.com> <CAErg=HFamywTBGriKsVd4eB=yo46Mz2JcKnnjHY8s36f12qEFg@mail.gmail.com> <180543c01fdf439cbdfd8214ec75eb76@EX13D01ANC003.ant.amazon.com> <CAErg=HGufDVCKN+PqPQ80MoVobK0N7ocVjLoDaAyqq5+Bma6TQ@mail.gmail.com> <caa7508995694a56b5b5f632ed8bf49a@EX13D01ANC003.ant.amazon.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <caa7508995694a56b5b5f632ed8bf49a@EX13D01ANC003.ant.amazon.com>
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/SNrOAxr57Iqjecm3TbXCEzq_f4Q>
Subject: Re: [TLS] New Version Notification for draft-kampanakis-tls-scas-latest-00.txt (ICA Supression)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Feb 2022 11:14:47 -0000

On Sat, Feb 19, 2022 at 03:59:23AM +0000, Kampanakis, Panos wrote:

> - If we can assume an OOB mechanism to load the ICAs then we can
> simplify things. Practically we can assume there is no failure.
> Agreed, but I am not sure that we should not include any
> non-normative language for the inadvertent corner case though.
> There should be a fallback, one that we are assuming will never
> happen, but an implementer should account for it.

It seems to me that the dominant failure modes are:

- Using old ICA list that is missing some newly minted ICA.
- Using custom TA that is missing ICA data.


> - Connection re-establishment affects the security and privacy
> assumptions and should be captured. I am not sure the concern is
> worse than the regular fingerprinting text already in the draft,
> but point taken. We can improve the text and I created an issue
> for it. https://github.com/csosto-pk/tls-suppress-intermediates/issues/12

Regarding security and privacy, the most severe impact of any attack
I can come up with is determining if some arbitrary ICA is on the
ICA list or not (for passive attacks, that is restricted to the issuing
ICA used by the server). Practical impact of attacker being able to do
that depends on how many endpoints share that same ICA list.

Rough outline of the attack (active variant): Fabricate a certificate
purporting to be from some ICA, send it to client and observe if the
client retries (ICA not on the list) or just fails (ICA is on the list).


> I would be interested to track how that ICA list has been changing
> over time. Let’s see if we can get data on that for FFs preload
> list, Filippo’s or others.

I only have some isolated random datapoints on number of disclosed
WebPKI ICAs since 2021-02-08 (a bit over year ago), but during that
time, that number has grown from 1669 to 1820.



-Ilari

v2.23.0 | Report a Bug | By Email