IETF Logo Mail Archive

Re: [TLS] TLS and middleboxes again

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 26 August 2011 20:44 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A79321F8C9F for <tls@ietfa.amsl.com>; Fri, 26 Aug 2011 13:44:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id scvPY866g7IZ for <tls@ietfa.amsl.com>; Fri, 26 Aug 2011 13:44:21 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 7B62121F8C93 for <tls@ietf.org>; Fri, 26 Aug 2011 13:44:21 -0700 (PDT)
Received: from [192.168.23.207] (dsl254-070-154.nyc1.dsl.speakeasy.net [216.254.70.154]) by che.mayfirst.org (Postfix) with ESMTPSA id 4F90CF970 for <tls@ietf.org>; Fri, 26 Aug 2011 16:45:35 -0400 (EDT)
Message-ID: <4E5805EC.6000904@fifthhorseman.net>
Date: Fri, 26 Aug 2011 16:45:32 -0400
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:5.0) Gecko/20110807 Icedove/5.0
MIME-Version: 1.0
To: tls@ietf.org
References: <mailman.69.1314385218.21832.tls@ietf.org> <4E57FC4B.3080809@gmail.com>
In-Reply-To: <4E57FC4B.3080809@gmail.com>
X-Enigmail-Version: 1.2.1
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="------------enig6A08B68326482A42F451AF92"
Subject: Re: [TLS] TLS and middleboxes again
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Aug 2011 20:44:22 -0000

On 08/26/2011 04:04 PM, Yaron Sheffer wrote:
> two reasons for the middlebox to use the MAC (which may or may not be
> "justifiable" to you) are:
> 
> - Many security applications add a textual signature similar to "This
> mail was scanned by The Best Antivirus".

Just to be clear, this approach has no security value unless they also
actively filter *out* any and all content which might be rendered as
"This mail was scanned by The Best Antivirus".  Otherwise, it's trivial
for an attacker to include the string in their initial mail.

And frankly, with HTML e-mail these days, i suspect it would be rather
difficult to match all strings that might render to something visually
indistinguishable from this.  and difficult to excise them cleanly
without damaging other content.  Once an antivirus starts actively
tampering with content, i think it's beyond its useful scope, regardless
of the TLS implementations.  Keep the communication channels separate,
thanks.

> - If something bad is detected in the traffic, the middlebox might want 
> to issue an HTTP redirect, e.g. to display a copy of the company's 
> security policy.

Since HTTP redirects can only be done in an HTTP header, the middlebox
would need to buffer all HTTP content before relaying it to the User
Agent, in case "bad" material was found at the end.

I don't think either of these use cases are valuable, certainly not
valuable enough to warrant allowing middleboxes to violate the integrity
guarantees of TLS.

	--dkg

v2.23.0 | Report a Bug | By Email