IETF Logo Mail Archive

Re: [TLS] security considerations for draft-rescorla-tls-subcerts

Watson Ladd <watsonbladd@gmail.com> Thu, 06 April 2017 16:33 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7B18129568 for <tls@ietfa.amsl.com>; Thu, 6 Apr 2017 09:33:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zh0UXVOZrihn for <tls@ietfa.amsl.com>; Thu, 6 Apr 2017 09:33:46 -0700 (PDT)
Received: from mail-pg0-x231.google.com (mail-pg0-x231.google.com [IPv6:2607:f8b0:400e:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2D01128854 for <tls@ietf.org>; Thu, 6 Apr 2017 09:33:44 -0700 (PDT)
Received: by mail-pg0-x231.google.com with SMTP id 81so41237570pgh.2 for <tls@ietf.org>; Thu, 06 Apr 2017 09:33:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=L7T52+YXrfHwsExhy4eweAvYD1kqnK5Zk1MPs6ApZlU=; b=hxHVyrFREGuuZVj2hhyqEVkzHWwxe6LNmOlluir7lO81Dtl3J/6d/pYzu4rujq5oeM +ZFEBDvmoiJtyojii+RFHlndrWoCIMM57MXSfluKb1Sr6zBedve2/Co9S0CyFnZceCH/ U+aCzQMfWC+PC6fL4x4/MkTInNtPTCIfkhs5DtVH2aBfvBSh1MCbI2881NXBl10kkMmT WWjeJdiljhn6A5F5oHIcPwf9wiYiAxHCwIwq2wPWd2Xw61aQ2DFWiBnf8sm08frXI7w+ R3u3MRoZQF4FfgDnQIizwibdYxV+bwtbda4jxaMLsp+xrCTA2ZC1TzyXsdIe7Bsj+IGv w5GA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=L7T52+YXrfHwsExhy4eweAvYD1kqnK5Zk1MPs6ApZlU=; b=I+CbBhsgshqvgg7YkXfiyv/mLEs6PujLagxDUmOEYp6O3NwPtucfS8uDd1xyur5ecw nQ2mnXvNzjex1VSvvzs01tS/DnvpMUSBjJA38j9ClQwqFxmLvkf0Y0cL39AF+f+ptS04 1T2lhlKqOTo9gVng49EX0AHkUPIvX/5Xke2pNikhBzNzmYC1olfVaAGMy/sYYahilL9x wphB7QnHlx4WYohtXqfc7muot0s1qR3ImYFTCK0VNAleg93TUvDXmQRGie50UcvZ64Or kf+/YuL1NbtkjpgVC5OxSnJbvku1MwUMNWFViIdMLGlJENpGHR30fuEwYW7touDcARFK 2YWg==
X-Gm-Message-State: AFeK/H1cGJr3yrsXbOU8Sh4iNg/8mjaa3Q0KrY11NTRyB1qWPpMMH/C8MGxW3ex7XKB6LfMieJM7tKWVRYCQow==
X-Received: by 10.99.232.21 with SMTP id s21mr37788853pgh.67.1491496424179; Thu, 06 Apr 2017 09:33:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.160.194 with HTTP; Thu, 6 Apr 2017 09:33:43 -0700 (PDT)
In-Reply-To: <0393df43-918c-934d-92f5-9bc06a708217@cs.tcd.ie>
References: <m27f362zxm.fsf@dhcp-89ad.meeting.ietf.org> <MWHPR15MB1455F0758BE196CAB4BDF8BDB6360@MWHPR15MB1455.namprd15.prod.outlook.com> <c5799647-4568-4cbf-1708-52934a961f67@akamai.com> <d93fe5c1-5236-f86c-34d0-2606204d672d@a-oben.org> <f4aeff835aa4437f8d2996cba926bc11@usma1ex-dag1mb1.msg.corp.akamai.com> <df23dab4-d8cd-7d7e-3372-1dfed4457d45@a-oben.org> <MWHPR15MB145571244E36DA811C5F6CDCB60A0@MWHPR15MB1455.namprd15.prod.outlook.com> <b5f89159-57da-a443-e675-5e2ccf5ecae5@cs.tcd.ie> <MWHPR15MB1455C7BE1C32A3FADD8759FAB60A0@MWHPR15MB1455.namprd15.prod.outlook.com> <0393df43-918c-934d-92f5-9bc06a708217@cs.tcd.ie>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Thu, 06 Apr 2017 09:33:43 -0700
Message-ID: <CACsn0cnS7_+AO3QWn4f7XjYU1RAez2RxJD3z76iWysDBbkiWyg@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Subodh Iyengar <subodh@fb.com>, Simon Friedberger <simon.tls@a-oben.org>, "tls@ietf.org" <tls@ietf.org>, Richard Salz <rich.salz@gmail.com>, "Kaduk, Ben" <bkaduk@akamai.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/fVqiIVg5_ruCY8IxHQ0fRaimzwE>
Subject: Re: [TLS] security considerations for draft-rescorla-tls-subcerts
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Apr 2017 16:33:49 -0000

On Thu, Apr 6, 2017 at 1:34 AM, Stephen Farrell
<stephen.farrell@cs.tcd.ie> wrote:
>
>
> On 05/04/17 21:20, Subodh Iyengar wrote:
>>> With that goal in mind, wouldn't it help mitigate the threat if
>> the holder of the longer term credential (the cert subject) were to
>> include within the signature e.g. an IP address range within which
>> the delegated credential is allowed to be used?
>>
>> We thought about this originally, but we discounted this because it
>> breaks when http and socks proxies are used. Looking at some data I
>> had a non trivial number of requests access our site using proxies.
>> I'm not sure whether there's a good method for a client to enforce ip
>> address ranges when a proxy does the dns resolution.
>
> So if you spec'd this so clients using proxies didn't attempt
> to enforce IP checks, but those going direct did, then you'd I
> guess better mitigate the stated threat, so long as the set of
> clients not using a proxy is non-negligible, which I assume is
> the case. Was that considered?

Too much room for error. Consider all the varieties of network devices
that could cause an IP-address mismatch, many of which the client
wouldn't see.

>
> Cheers,
> S.
>
>
>>
>>
>> Subodh
>>
>> ________________________________ From: Stephen Farrell
>> <stephen.farrell@cs.tcd.ie> Sent: Wednesday, April 5, 2017 12:30:31
>> PM To: Subodh Iyengar; Simon Friedberger; tls@ietf.org; Richard Salz;
>> Kaduk, Ben Subject: Re: [TLS] security considerations for
>> draft-rescorla-tls-subcerts
>>
>>
>> I've no strong opinion for or against this. One question below
>> though.
>>
>> On 05/04/17 17:07, Subodh Iyengar wrote:
>>> The threat model here is that since if a less-trusted host having
>>> a key is compromised for a certain period of time without
>>> detection, and an attacker can steal private keys during that
>>> period. In many situations we are fine with giving the TLS
>>> terminator a certificate / key, i.e. they actually have a trust
>>> relationship, however we want a compromise to only give the
>>> attacker a limited power to use the credential. Revocation is
>>> arguably effective, so we would not be okay with giving a less
>>> trusted host a long term private key. However we'd be okay with
>>> giving a less-trusted host a short term key.
>>
>> With that goal in mind, wouldn't it help mitigate the threat if the
>> holder of the longer term credential (the cert subject) were to
>> include within the signature e.g. an IP address range within which
>> the delegated credential is allowed to be used?
>>
>> Cheers, S.
>>
>>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>



-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.

v2.23.0 | Report a Bug | By Email