Re: [TLS] chairs - please shutdown wiretapping discussion...
Kyle Rose <krose@krose.org> Wed, 12 July 2017 12:24 UTC
Return-Path: <krose@krose.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A82A4131690 for <tls@ietfa.amsl.com>; Wed, 12 Jul 2017 05:24:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=krose.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mBn7JlaHWceB for <tls@ietfa.amsl.com>; Wed, 12 Jul 2017 05:24:26 -0700 (PDT)
Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27DFA12EC30 for <tls@ietf.org>; Wed, 12 Jul 2017 05:24:26 -0700 (PDT)
Received: by mail-qk0-x230.google.com with SMTP id 16so20218095qkg.2 for <tls@ietf.org>; Wed, 12 Jul 2017 05:24:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=pg6Puo3fjGe/fYzESalEACdZ0KaVRNYLVb1+sUaueXQ=; b=oIWBzzywum0NiSjdLAl07hwZuvjr+GtZ9aAKNIvqjZamcxr7t3TtV0TQTN1Kxf2hty ZPmiq8qCFz9Xw8AlKTHDIrWyRWyRxla5Fowt6SXu8wxVOilLjqmqkIYbeyvkm9z4e1Lf ve409bpdArM/cYF9eA0Jvf8xmfPBjt2tctM2I=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=pg6Puo3fjGe/fYzESalEACdZ0KaVRNYLVb1+sUaueXQ=; b=o+OAEXIbb6tLfa9hAV0j/nLE6AH/vZB6cEu959D6CNlmxDy2z6QpQNAspfl8brMqal x6RzO61id233iNuFtVAxcYO1HmzDGHmbD/aqy/QkJHgCkzazRz8ebFacvK393+aa9Ykj OEJiduz9W3PbXqANN6spGf6v1yQPs15izwYopo7XnXeE8E89hfOnRWHU1NAC+uiHTkKw cWm26gkb4msVAN9nqsJ1yIcF6L6/XLsSzTms5S9qtxsGn4Hk17jIZJd+g/gdFUmzmk1R pVnTEVWe9N19CFcCc9g6z4HVU47wAA9tXVIxTqcy0DelCvfk+AmKdYBHo3WA+2H9Ksua jHsg==
X-Gm-Message-State: AIVw112UM4APHJrOEUj2iWdCa0YGMq4XadWajJ2d9GSEg6ln5r9tDMr5 AaK2UiULBtcjwiSARUUYgzwp7qB5NWtf
X-Received: by 10.55.97.13 with SMTP id v13mr5464104qkb.107.1499862265143; Wed, 12 Jul 2017 05:24:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.55.128.194 with HTTP; Wed, 12 Jul 2017 05:24:24 -0700 (PDT)
X-Originating-IP: [2001:470:1f07:121:5cb5:ecff:fe89:28ca]
In-Reply-To: <6DA3E09E-5523-4EB2-88F0-2C4429114805@fugue.com>
References: <E9640B43-B3AD-48D7-910D-F284030B5466@nist.gov> <CY4PR14MB13688370E0544C9B84BB52A3D7A90@CY4PR14MB1368.namprd14.prod.outlook.com> <9693fc25-6444-e066-94aa-47094700f188@cs.tcd.ie> <CY4PR14MB1368BA01881DD9495FE86DF0D7A90@CY4PR14MB1368.namprd14.prod.outlook.com> <d806a69c-af30-c963-a361-91075332a61b@cs.tcd.ie> <F87D7646-DC53-4EF8-A2D8-D0939A0FB351@vigilsec.com> <b9001044-83d7-805c-2a49-c2780401bbf8@cs.tcd.ie> <C4125902-CA3A-4EA8-989B-8B1CE41598FB@fugue.com> <0c87999c-9d84-9eac-c2c4-0f1fc8a70bdb@cs.tcd.ie> <6DA3E09E-5523-4EB2-88F0-2C4429114805@fugue.com>
From: Kyle Rose <krose@krose.org>
Date: Wed, 12 Jul 2017 08:24:24 -0400
Message-ID: <CAJU8_nWpzZY5-0B1d8D6ced1Us3N63DC92FMLbn+t4RyE=fLcw@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "Polk, Tim (Fed)" <william.polk@nist.gov>, IETF TLS <tls@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c05760686b79905541de5e5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/eEdaaeHT6H-ntUsY8ThKaciSz78>
Subject: Re: [TLS] chairs - please shutdown wiretapping discussion...
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jul 2017 12:24:29 -0000
On Tue, Jul 11, 2017 at 9:11 AM, Ted Lemon <mellon@fugue.com> wrote: > It’s also true that you can just exfiltrate every key as it’s generated, > but that’s not what’s being proposed and would not, I think, suit the needs > of the operators who are making this proposal. > > I don’t see how you could mitigate against deliberate key exfiltration. > At some point you really are relying on the security of the endpoint. > But being able to detect repeated keys is useful for preventing pervasive > monitoring: it requires the monitored either to have access to the key > generation stream in realtime, or to request the key for a particular > conversation. > Much of this conversation seems to conflate wiretapping with collaboration. 2804 has a clear definition of wiretapping: q( Wiretapping is what occurs when information passed across the Internet from one party to one or more other parties is delivered to a third party: 1. Without the sending party knowing about the third party 2. Without any of the recipient parties knowing about the delivery to the third party 3. When the normal expectation of the sender is that the transmitted information will only be seen by the recipient parties or parties obliged to keep the information in confidence 4. When the third party acts deliberately to target the transmission of the first party, either because he is of interest, or because the second party's reception is of interest. ) This proposal (and related proposals involving encrypting session keys to inspection boxes, either in-band or OOB) violates condition 2 because one endpoint would have to intentionally take action to deliver the session key or private DH share to the third party. If one endpoint is feeding cryptographic material to a third party (the only way that information gets out to the third party, vulnerabilities notwithstanding), they are collaborating, not enabling wiretapping. (I'd argue the inspection box also fails to be a third party, as it is part of the infrastructure of one endpoint, but that's largely irrelevant to the question of whether this is wiretapping once we've determined the delivery of keys is not a secret.) I think this issue of static DH being an attack (maybe; not taking a position) is something of a red herring, because shipping individual session keys to a third party like a government doesn't add any substantive hurdle beyond shipping them a single static DH share. That said, I agree that an infrastructure for detecting the loss of forward secrecy, perhaps in a CT-like manner, may make sense to protect against unintentional key compromise or compromise of one endpoint: the problems that forward secrecy is intended to address, which specifically do *not* include collaboration. Kyle
- [TLS] chairs - please shutdown wiretapping discus… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Yaron Sheffer
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Paul Turner
- Re: [TLS] chairs - please shutdown wiretapping di… Tony Arcieri
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Tony Arcieri
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Yoav Nir
- Re: [TLS] chairs - please shutdown wiretapping di… Russ Housley
- Re: [TLS] chairs - please shutdown wiretapping di… Tony Arcieri
- Re: [TLS] chairs - please shutdown wiretapping di… Eric Mill
- Re: [TLS] chairs - please shutdown wiretapping di… Colm MacCárthaigh
- Re: [TLS] chairs - please shutdown wiretapping di… Dan Brown
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Sean Turner
- Re: [TLS] chairs - please shutdown wiretapping di… Polk, Tim (Fed)
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Nikos Mavrogiannopoulos
- Re: [TLS] chairs - please shutdown wiretapping di… Ackermann, Michael
- Re: [TLS] chairs - please shutdown wiretapping di… Colm MacCárthaigh
- Re: [TLS] chairs - please shutdown wiretapping di… Sean Turner
- Re: [TLS] chairs - please shutdown wiretapping di… Yoav Nir
- Re: [TLS] chairs - please shutdown wiretapping di… Nico Williams
- Re: [TLS] chairs - please shutdown wiretapping di… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Nico Williams
- Re: [TLS] chairs - please shutdown wiretapping di… Watson Ladd
- Re: [TLS] chairs - please shutdown wiretapping di… Ackermann, Michael
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Ackermann, Michael
- Re: [TLS] chairs - please shutdown wiretapping di… Sean Turner
- Re: [TLS] chairs - please shutdown wiretapping di… Russ Housley
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Russ Housley
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Russ Housley
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Eric Mill
- Re: [TLS] chairs - please shutdown wiretapping di… Jeffrey Walton
- Re: [TLS] chairs - please shutdown wiretapping di… Watson Ladd
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Ackermann, Michael
- Re: [TLS] chairs - please shutdown wiretapping di… Michael StJohns
- Re: [TLS] chairs - please shutdown wiretapping di… Christian Huitema
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Christian Huitema
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] chairs - please shutdown wiretapping di… Yoav Nir
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Yoav Nir
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Nico Williams
- Re: [TLS] chairs - please shutdown wiretapping di… Bill Frantz
- Re: [TLS] chairs - please shutdown wiretapping di… Timothy Jackson
- Re: [TLS] chairs - please shutdown wiretapping di… Kyle Rose
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Kyle Rose
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Richard Barnes
- Re: [TLS] chairs - please shutdown wiretapping di… Kyle Rose
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Kyle Rose
- Re: [TLS] chairs - please shutdown wiretapping di… Ilari Liusvaara
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Kyle Rose
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Kyle Rose
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Kathleen Moriarty
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell