Re: [TLS] ETSI releases standards for enterprise security and data centre management

Bret Jordan <jordan.ietf@gmail.com> Wed, 05 December 2018 08:09 UTC

Return-Path: <jordan.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16598129BBF for <tls@ietfa.amsl.com>; Wed, 5 Dec 2018 00:09:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2idAGsngk0aM for <tls@ietfa.amsl.com>; Wed, 5 Dec 2018 00:09:04 -0800 (PST)
Received: from mail-pg1-x532.google.com (mail-pg1-x532.google.com [IPv6:2607:f8b0:4864:20::532]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 842E2124D68 for <tls@ietf.org>; Wed, 5 Dec 2018 00:09:04 -0800 (PST)
Received: by mail-pg1-x532.google.com with SMTP id t13so8636801pgr.11 for <tls@ietf.org>; Wed, 05 Dec 2018 00:09:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=c6iGgFfeI2YBDvBE6WlocxQOrUw1Zsp17D/suZSui5Y=; b=tVrAiooRt8rvpuckP4W0pRcj488QNwAYxd9veC3rhU+keaocSdsl1y9iirF+ijeqqq pXWsohbfHbVuuhzkIMK37U7MdUziAihN9Hx23ag4K+7xffVlAleVb+Lqdhgtr4vyhP6U T+5NK/6ElfsIkrWRbi9DScTKO8o3WyzDnVS2f/Hl7Zs4YhlwKOZF02xy8kNLNMXPkJOT PyR7gDUOU2PdpARB8R2vMfpzTiYRY/lBlJjrl/LEJ3e4fc4F7DeXGwei2htHQ21JHwR/ Pn0M+Q0/pr/NWADiqoklfteuUJde72KP1KmcwmOxLQqq9+rKyla4EaOy3PJnNgVsBt7R 4KhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=c6iGgFfeI2YBDvBE6WlocxQOrUw1Zsp17D/suZSui5Y=; b=LU1nFDhSEb3fBtwh+QM6FqSBNvht1zt7yWhiG+Kx9yUadeVtiaxGdEgkm6vztCwkeQ TJPMSr7KDYj5Ulq8/9WFYx1EA1WHI5xxzb+uMoIygj/uYzWj0WcDoqwrmqlt3oYJuww3 XZnYoBWqC+yv9qRLS6V2FzL5pQ+PVWWPpE8GPQ2m/NaigfFMJ4WCcY4PfBTTKJDa6U/m BTYTOXYJz7N2EPk6jtHPvPisd5Za67D/IHDs3oYX6xu82t7UkyBE9e51AgThY7fznoPH AKrvCpEU2Gy9PlNcfjN++vwPtUK+tYHgkm+HEWVYanAgtY058255fSvEpwFPO3rGLgkZ ttMA==
X-Gm-Message-State: AA+aEWaKt2tT6c3rvgUEVLGS+c5QWyJbf8WcyfPL5VvX/Eftuxwo11Or xIvHGBIqAYdUHSjxT7MxBPEL1YBd
X-Google-Smtp-Source: AFSGD/VpstLA2XO4gNSGpATvY1UBRRO0kEVPnoyPnx2/uIOMf+Ehu5BgK1PlW4F2yR2CnUf7wDa0mg==
X-Received: by 2002:a63:a16:: with SMTP id 22mr19676022pgk.318.1543997344095; Wed, 05 Dec 2018 00:09:04 -0800 (PST)
Received: from [172.17.3.125] (124x35x23x146.ap124.ftth.ucom.ne.jp. [124.35.23.146]) by smtp.gmail.com with ESMTPSA id f64sm62939263pfh.0.2018.12.05.00.09.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 05 Dec 2018 00:09:03 -0800 (PST)
From: Bret Jordan <jordan.ietf@gmail.com>
Message-Id: <38D10A65-B4EE-4E81-8EA4-D69514F7F47B@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_31A5328B-10CE-45FC-9B80-87BA73E47A78"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Wed, 5 Dec 2018 17:08:44 +0900
In-Reply-To: <CAHOTMV+vPkM-=Qsto-8-ipFuGsNKkH_U=BEY_mB=7CM7tto3Mw@mail.gmail.com>
Cc: Nico Williams <nico@cryptonector.com>, Crypto <cryptography@metzdowd.com>, "<tls@ietf.org>" <tls@ietf.org>
To: Tony Arcieri <bascule@gmail.com>
References: <CADqLbzKd-AgDRv2suZ-0Nz4jNUqKg0RNT8sgQd-n793t+gEN3g@mail.gmail.com> <CAHOTMVKZT1ScvHeP3=Kv2zodVimHkaAtG-2DTq6ojnF+q-OMSQ@mail.gmail.com> <20181202233553.GD15561@localhost> <CAHOTMV+vPkM-=Qsto-8-ipFuGsNKkH_U=BEY_mB=7CM7tto3Mw@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/bEdNbhqjIhmmN4-1Z80o5kGdyec>
Subject: Re: [TLS] ETSI releases standards for enterprise security and data centre management
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Dec 2018 08:09:07 -0000

Now this WG is finally starting to talk about a solution to a real problem and need.  We can either address the use case and need here in the IETF, or we can let the solutions be done else where. I would personally prefer we take this work item back and solve it here in the IETF.

Finally, remember, you may not like the use case or need, but that does not mean the use case is not valid and needed. 

Thanks,
Bret
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."

> On Dec 5, 2018, at 1:18 AM, Tony Arcieri <bascule@gmail.com>; wrote:
> 
> On Sun, Dec 2, 2018 at 3:36 PM Nico Williams <nico@cryptonector.com <mailto:nico@cryptonector.com>> wrote:
>  > I'm not a fan of systems like this, but I believe for security reasons they
> > should be designed in such a way that only the confidentiality of traffic
> > is impacted, and a "visibility" system isn't able to leverage the decrypted
> > traffic to resume decrypted sessions and thereby impersonate clients.
> 
> Any key escrow system will have this property.  Given the session keys
> (or a way to recover them) you can resume decrypted sessions.
> 
> Wouldn't escrowing only the client/server application traffic secrets (instead of keys higher in the schedule) avoid this problem? These keys would permit the one capability "visibility" appliance vendors allege to care about: traffic decryption, without permitting others like session resumption.
> 
>  The most obvious escrow design requiring no changes to the clients is to
> use a static eDH key on the server-side.  The next most obvious such
> design is to have the server talk to the escrow agent.
> 
> It seems like with an out-of-band escrow agent, the traffic secrets could be escrowed with no changes to TLS.
> 
> --
> Tony Arcieri
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls