Re: [TLS] TLS Proxy Server Extension

Yoav Nir <ynir@checkpoint.com> Tue, 26 July 2011 21:17 UTC

Return-Path: <ynir@checkpoint.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48B3B21F86AE for <tls@ietfa.amsl.com>; Tue, 26 Jul 2011 14:17:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.487
X-Spam-Level:
X-Spam-Status: No, score=-10.487 tagged_above=-999 required=5 tests=[AWL=0.112, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9VbXZvWkggUS for <tls@ietfa.amsl.com>; Tue, 26 Jul 2011 14:17:18 -0700 (PDT)
Received: from michael.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 8C7AE21F86AD for <tls@ietf.org>; Tue, 26 Jul 2011 14:17:17 -0700 (PDT)
X-CheckPoint: {4E2F3C70-13-1B221DC2-FFFF}
Received: from il-ex01.ad.checkpoint.com (il-ex01.ad.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.13.8/8.13.8) with ESMTP id p6QLHCqW000814; Wed, 27 Jul 2011 00:17:12 +0300
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Wed, 27 Jul 2011 00:17:12 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: David McGrew <mcgrew@cisco.com>
Date: Wed, 27 Jul 2011 00:17:09 +0300
Thread-Topic: [TLS] TLS Proxy Server Extension
Thread-Index: AcxL2WKNf4brhlL3QUOImYCn/izXYA==
Message-ID: <8FEC3C4B-32F9-46AF-A049-BE6FD3C2FE1A@checkpoint.com>
References: <E210EEE3-1855-4513-87E3-C315E611AB5E@cisco.com>
In-Reply-To: <E210EEE3-1855-4513-87E3-C315E611AB5E@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/signed; boundary="Apple-Mail-1-547864708"; protocol="application/pkcs7-signature"; micalg=sha1
MIME-Version: 1.0
Cc: Philip Gladstone <pgladstone@cisco.com>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS Proxy Server Extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2011 21:17:19 -0000

On Jul 26, 2011, at 11:01 AM, David McGrew wrote:

> Hi,
> 
> I would like to request feedback on a new draft that Philip Gladstone  
> and I put together, which aims to solve some of the security problems  
> that happen when there is a (HTTP) proxy present and TLS is in use.    
> The approach is to require the proxy to provide the client with  
> additional information that the client can use to make a well-informed  
> decision about the security of the session.  This draft was put  
> together too late to request a slot at the WG meeting this week, but  
> if you have thoughts on either the goals or the mechanism, we can  
> discuss either in person or on the list.
> 
> David
> 
> http://tools.ietf.org/html/draft-mcgrew-tls-proxy-server-00

Hi Dave.

I like this draft. TLS proxies are becoming a fact of life. They still have significant drawbacks in that the "fake" certificates that they generate are not identical to the original certificates. For example, the fake certificates cannot be EV certificates, and therefore the users lose the "green-bar" indication.

I don't know if you're following the LockFoo discussion on WebSec, but all of those locks would cause a hard-fail for clients connecting to sites that have specified them. As security people we might think "good!", but that would actually be a bar to implementations of LockFoo more than it would be a bar to deployment of TLS proxies. Giving the client access to the original certificates would allow the browser to overcome this limitation.

A similar argument also applies to DANE. If the DNS entry identifies the key, the certificate or the CA, then the "fake" certificate would cause an error. Access to the original certificate chain allows the client to eliminate the error message, although I am not sure how the browser UI would indicate an EV certificate proxied through a non-EV proxy.

I am wondering why you would need the ConnectionSecurityParameters structure. Wouldn't the 2-byte ciphersuite be a more compact way to represent this information?

Also I would add text about EV certificates (and maybe also the LockFoo cases of DANE and WebSec) to the motivation section.

Yoav