Re: [TLS] chairs - please shutdown wiretapping discussion...

Ted Lemon <mellon@fugue.com> Tue, 11 July 2017 20:58 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16B90127868 for <tls@ietfa.amsl.com>; Tue, 11 Jul 2017 13:58:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pN6jE19rfjtT for <tls@ietfa.amsl.com>; Tue, 11 Jul 2017 13:58:21 -0700 (PDT)
Received: from mail-qt0-x232.google.com (mail-qt0-x232.google.com [IPv6:2607:f8b0:400d:c0d::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A313D126E3A for <tls@ietf.org>; Tue, 11 Jul 2017 13:58:21 -0700 (PDT)
Received: by mail-qt0-x232.google.com with SMTP id 32so3724509qtv.1 for <tls@ietf.org>; Tue, 11 Jul 2017 13:58:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=Mvr9B0IiUDupmdkFiYxgw/OaTQjJKhZdo5kr789RSes=; b=bB6dbdACIMzGjNgPhQSXCfPo05vz5KvEFnq/zJBlHaypIUYdA1xtgypr81RM8bea6Z Dg+HNfrLwJH6yOAdHjPf86yJZRILEpUeTgu48l2gnrVFjV1i4+BLSOZ/kwQsdcFDjPxR H68YSUQXfp02vP5kAbR2lKcTjdmERKbY+Sh4DBXGkFdqt+xdp3YuFC5Z59AXdivnUUwP cV6VtJJeLB0WC9cqTx9Ge1eSUOXAhJ1Ph9/nJ0yobSqOVtDBhsZ71OOKo9zZdl7iJhoJ tsDjWbl0YBTPRw6/cEuaAErSvHmn7ht7W8n8tgJUVSGntWGESqgGwVkVUhbLRWsONGEE 9Mig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=Mvr9B0IiUDupmdkFiYxgw/OaTQjJKhZdo5kr789RSes=; b=k+u9ruiAYi41TuwXFsMO1eD9BKXzUpRnWwf3oKBebHtjx8TB0PpVgNXDIPl5Vrp8bF UUJNEugrXc5qwfUFdKTRbYcI41MVo1oDP51GLw2Rg6c5zXeNXOhyVBoMbWvzVZ7WoriX gSfKVeIEowiKjT2jicj8KKIj9VI3SgavDtXWXaOAgoXGe+1WgbVi7lZi1LQDL0L5Pd3V m/iJCP6s/ooWTiWq7LWdpy9WPijmf4SCeWM6eW03PyRICSwG8+Qzp/EzbNOO0khvtRpo gg+YmTW9jewwnPqNazjBY70OuibRfMdPQZIzfFXD2OlDVJ8UiY6wDkC/Ae8VJAaqai2F 0B8A==
X-Gm-Message-State: AIVw1136MN+w/aq7etTME99o8oXKZv6bHCpHtLsRN6FxXocpY8G2eH1l nun/5RmJxQ/Grs2bIHVMyw==
X-Received: by 10.237.41.132 with SMTP id o4mr2417900qtd.242.1499806700641; Tue, 11 Jul 2017 13:58:20 -0700 (PDT)
Received: from macbook-pro-6.ether.lede.home (c-73-167-64-188.hsd1.ma.comcast.net. [73.167.64.188]) by smtp.gmail.com with ESMTPSA id j65sm274936qkf.38.2017.07.11.13.58.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 11 Jul 2017 13:58:19 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <74719010-DD1D-44F5-A65C-2FF5DD539066@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_07FEAB80-00CB-4097-B1BC-8BF2C68D1BF9"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Tue, 11 Jul 2017 16:58:18 -0400
In-Reply-To: <d9870cd0-476c-b255-16bd-594e24cd91f0@cs.tcd.ie>
Cc: Christian Huitema <huitema@huitema.net>, tls@ietf.org
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <E9640B43-B3AD-48D7-910D-F284030B5466@nist.gov> <CY4PR14MB13688370E0544C9B84BB52A3D7A90@CY4PR14MB1368.namprd14.prod.outlook.com> <9693fc25-6444-e066-94aa-47094700f188@cs.tcd.ie> <CY4PR14MB1368BA01881DD9495FE86DF0D7A90@CY4PR14MB1368.namprd14.prod.outlook.com> <d806a69c-af30-c963-a361-91075332a61b@cs.tcd.ie> <F87D7646-DC53-4EF8-A2D8-D0939A0FB351@vigilsec.com> <b9001044-83d7-805c-2a49-c2780401bbf8@cs.tcd.ie> <C4125902-CA3A-4EA8-989B-8B1CE41598FB@fugue.com> <0c87999c-9d84-9eac-c2c4-0f1fc8a70bdb@cs.tcd.ie> <6DA3E09E-5523-4EB2-88F0-2C4429114805@fugue.com> <fa6e64a2-b1c8-9c55-799b-b687b830a246@huitema.net> <26848de4-ce08-8ebd-bd67-ed3af3417166@cs.tcd.ie> <CD0E0745-EA72-41D9-87F6-B40369ED6A70@fugue.com> <bcda4dab-3590-9162-5f5c-c453f7a610ac@cs.tcd.ie> <2500C1F7-480E-44C9-BDB0-7307EB3AF6C2@fugue.com> <d9870cd0-476c-b255-16bd-594e24cd91f0@cs.tcd.ie>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ZGi-B3vx0kwBAMBQR6Iy8UNxCks>
Subject: Re: [TLS] chairs - please shutdown wiretapping discussion...
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jul 2017 20:58:23 -0000

On Jul 11, 2017, at 4:31 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie>; wrote:
> I'd bet folks would invent proprietary
> ways of avoiding detection, that deviate from the "standard"
> and that perhaps make crypto worse all around. Say by deriving
> secrets from some function f(exfiltrated-secret, time, count)
> for a small counter or some such and having the decryptor of
> the wiretapped packets hunt a bit for the right key.

Hm, well, but that would be catnip for security researchers, particularly if it weakened the key.   But yeah, you're right, that does make detecting the attack possibly impractical aside from as a large research project.