IETF Logo Mail Archive

Re: [TLS] Encrypting record headers: practical for TLS 1.3 after all?

Hubert Kario <hkario@redhat.com> Wed, 02 December 2015 13:33 UTC

Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87A281A8AE3 for <tls@ietfa.amsl.com>; Wed, 2 Dec 2015 05:33:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W_yHqsE7kMae for <tls@ietfa.amsl.com>; Wed, 2 Dec 2015 05:33:32 -0800 (PST)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3DAF1A8ADC for <tls@ietf.org>; Wed, 2 Dec 2015 05:33:21 -0800 (PST)
Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) by mx1.redhat.com (Postfix) with ESMTPS id 89A0AC0CC63A; Wed, 2 Dec 2015 13:33:21 +0000 (UTC)
Received: from pintsize.usersys.redhat.com (dhcp-0-114.brq.redhat.com [10.34.0.114]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id tB2DXJaK012884 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 2 Dec 2015 08:33:20 -0500
From: Hubert Kario <hkario@redhat.com>
To: tls@ietf.org
Date: Wed, 02 Dec 2015 14:33:13 +0100
Message-ID: <2651779.FONMJx2ulk@pintsize.usersys.redhat.com>
User-Agent: KMail/4.14.10 (Linux/4.2.6-201.fc22.x86_64; KDE/4.14.14; x86_64; ; )
In-Reply-To: <CAFggDF2Mvmqc7RifSYf7Q=tJdK7oWipUQjwK=GmhgB-rvZCqdA@mail.gmail.com>
References: <56586A2F.1070703@gmail.com> <A4341585-0020-4F8B-84CC-BBC0EE7F57CB@gmail.com> <CAFggDF2Mvmqc7RifSYf7Q=tJdK7oWipUQjwK=GmhgB-rvZCqdA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart6344905.mW9gWTePsI"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/c3AJyFsGzKGaxK6cyz3r53j4WiQ>
Subject: Re: [TLS] Encrypting record headers: practical for TLS 1.3 after all?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2015 13:33:34 -0000

On Wednesday 02 December 2015 12:59:12 Jacob Appelbaum wrote:
> On 12/2/15, Yoav Nir <ynir.ietf@gmail.com> wrote:
> >> On 2 Dec 2015, at 1:38 PM, Jacob Appelbaum <jacob@appelbaum.net>
> >> wrote:>> 
> >> On 12/1/15, Yoav Nir <ynir.ietf@gmail.com> wrote:
> >>>> Which would those be? And what is the definition of
> >>>> capital-intensive
> >>>> for those watching on the sidelines?
> >>> 
> >>> Firewall, IPS/IDS devices. Boxes that attempt to perform
> >>> sanity-check on protocols to make sure that the stuff going over
> >>> TCP port 443 is really HTTPS rather than an attempt at tunneling.
> >>>  There are some attacks such the
> >>> the code that protects against them needs to follow TLS record
> >>> sizes.
> >>> For
> >>> the most part these are not-so-interesting attacks, causing
> >>> certain
> >>> versions
> >>> of certain browsers to hang, and they are expensive for the
> >>> firewall to protect against, so for the most part these
> >>> protections are turned off. But
> >>> it’s not everywhere.
> >> 
> >> Could you be more specific? Which devices are we saying will break?
> >> Do you have model numbers? Are those vendors on this list? Do they
> >> agree that this will break and do we agree that they are a
> >> relevant stakeholder who has a user's security in mind?
> > 
> > I am no expert on middleboxes. I know a little about those that my
> > employer (Check Point) makes. I only know a little, because I’m on
> > the VPN side of things, not the IDS/IPS/next generation firewall
> > side.
> 
> I don't think we should worry about breaking poor little Check Point's
> traffic analysis devices. Allow me to shift the overton window: their
> device is a problem and we should treat it as a problem on the
> network. TLS should mitigate as many of the advantages that they use
> to harm end users. We should make those devices use as much RAM and
> as much disk space and as much CPU time as possible. In the words of
> a Google engineer who discovered the NSA had been doing traffic
> analysis on his backbone...

Problem is that users care for the cat macros and wedding pictures on 
their social network of choice. If the old version of browser works or 
an other browser works then it /obviously/ is the new browsers fault 
that the connection fails so it's the /new/ browser that is broken.

So the browser vendor implements out-of-protocol fallback to old 
protocol version so that it continues to work. That's a Bad Thing.
-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic

v2.23.0 | Report a Bug | By Email