IETF Logo Mail Archive

Re: [TLS] Malware (was Re: draft-green-tls-static-dh-in-tls13-01)

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Fri, 14 July 2017 06:24 UTC

Return-Path: <prvs=83687b9b62=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA17C12EC02 for <tls@ietfa.amsl.com>; Thu, 13 Jul 2017 23:24:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vB0T99QJkP5H for <tls@ietfa.amsl.com>; Thu, 13 Jul 2017 23:24:53 -0700 (PDT)
Received: from llmx2.ll.mit.edu (LLMX2.LL.MIT.EDU [129.55.12.48]) by ietfa.amsl.com (Postfix) with ESMTP id 9AF73128B93 for <tls@ietf.org>; Thu, 13 Jul 2017 23:24:53 -0700 (PDT)
Received: from LLE2K10-HUB01.mitll.ad.local (LLE2K10-HUB01.mitll.ad.local) by llmx2.ll.mit.edu (unknown) with ESMTP id v6E6OpNP039672; Fri, 14 Jul 2017 02:24:51 -0400
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
Message-ID: <C3DABCD0-D2D8-449D-A211-DDA526BA3F8F@ll.mit.edu>
Content-Type: multipart/alternative; boundary="Apple-Mail=_DFBDFE62-6BAC-4867-9154-3EDEE481B713"
MIME-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Fri, 14 Jul 2017 02:24:51 -0400
In-Reply-To: <CABkgnnU8ho7OZpeF=BfEZWYkt1=3ULjny8hcwvp3nnaCBtbbhQ@mail.gmail.com>
CC: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, "tls@ietf.org" <tls@ietf.org>
To: Martin Thomson <martin.thomson@gmail.com>
References: <CABkgnnU8ho7OZpeF=BfEZWYkt1=3ULjny8hcwvp3nnaCBtbbhQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3273)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-07-13_13:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1706020000 definitions=main-1707140104
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/UnuVLhUA3VknFMJLEmf1TfRHfSQ>
Subject: Re: [TLS] Malware (was Re: draft-green-tls-static-dh-in-tls13-01)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jul 2017 06:24:56 -0000

TLS is a tool. Good guys want to use it to defend against the bad guys. Bad guys may want to use it against the good guys. (No surprise here, right?)

You cannot “sabotage” the second use case without sabotaging the first one at the same time. 

Two decades ago Jeff Schiller said something that remains perfectly valid today: (paraphrasing) “The price of having a secure infrastructure is our adversaries having a secure infrastructure”.

Understandably, you don’t want bad guys to use TLS “shield" against your “weapons”. Breaking this “shield” would accomplish this goal - but at a cost I (for one) don’t want to pay.
—
Regards,
Uri

> On Jul 14, 2017, at 02:02, Martin Thomson <martin.thomson@gmail.com> wrote:
> 
> On 14 July 2017 at 01:08, Kathleen Moriarty
> <kathleen.moriarty.ietf@gmail.com> wrote:
>> It sounds like for malware, we could do something to better document
>> your security options as well as monitoring.  While the documentation
>> is there for key pinning and trust anchors, this might not be obvious
>> to network managers - what RFC to look at and how they fit together.
> 
> Just an aside, though I think Kathleen already made this point:  If I
> were writing malware, I would use TLS.  It's pretty good at what it
> does and it's hard to distinguish from legitimate uses (there are some
> trick's suggested by McGrew's research on this point).
> 
> At the point that I have sufficient control over a host that I can run
> my software, then I would pin certificates and the best you could do
> is block me.  None of the advice about configuration of trust anchors
> (pinning, overrides, etc...) helps at that point.
> 
> Most discussions regarding breaking TLS focus on the breaking of TLS
> to *prevent* malware from infesting machines.  There at least the
> defender has a reason to attack end-to-end security.  But then we're
> talking about a very different deployment model than the gazillion
> emails recently have contemplated.
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email