Re: [TLS] Malware (was Re: draft-green-tls-static-dh-in-tls13-01)

"Roland Dobbins" <rdobbins@arbor.net> Mon, 17 July 2017 15:11 UTC

From: Roland Dobbins <rdobbins@arbor.net>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
Cc: IETF TLS <tls@ietf.org>
Date: Mon, 17 Jul 2017 17:11:41 +0200
Message-ID: <69018030-3157-42D4-A573-0E39E46EFAA9@arbor.net>
In-Reply-To: <66C1C32C-53C2-43A4-BCB0-96DDC26A1F58@ll.mit.edu>
References: <CABkgnnU8ho7OZpeF=BfEZWYkt1=3ULjny8hcwvp3nnaCBtbbhQ@mail.gmail.com> <2A9492F7-B5C5-49E5-A663-8255C968978D@arbor.net> <CABkgnnX7w0+iH=uV7LRKnsVokVWpCrF1ZpTNhSXsnZaStJw2cQ@mail.gmail.com> <FDDB46BC-876C-49FC-9DAE-05C61BB5EFC9@vigilsec.com> <9C81BE7B-7C21-4504-B60D-96BA95C3D2FD@arbor.net> <CAEa9xj55jzch-v0mysbRSryNM0Y7Bdtevmrc3+FVxMO8EP5zWA@mail.gmail.com> <CC3CE5F8-C8C2-4A70-829D-483E26D20733@arbor.net> <CAEa9xj5eR6b_+CsSDArMWWr-u8hx5B81kDVEMEX8sgfUeMUS8g@mail.gmail.com> <C3B01C35-E3A2-4A8B-9DD7-D6E4153ED39F@arbor.net> <CAEa9xj6p0y9ZzxLJvtv9GDzzfs5s13nnLqm=4_fNDPGV+=Od8Q@mail.gmail.com> <BE4E8E4A-51FC-4211-A16F-EBA8B3F01757@arbor.net> <66C1C32C-53C2-43A4-BCB0-96DDC26A1F58@ll.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Jul 2017 15:11:49.9872 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0101MB1039
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/hjagz8AJJI-2-rvXGH5mWKUnwUs>
Subject: Re: [TLS] Malware (was Re: draft-green-tls-static-dh-in-tls13-01)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jul 2017 15:11:59 -0000

On 17 Jul 2017, at 16:23, Blumenthal, Uri - 0553 - MITLL wrote:

> It may, or it may not – depending on the sophistication of your 
> adversary. It is not given that you’d be able to “simply detect 
> the presence of an additional crypto layer”, particularly if 
> measures are taken to hide it.

Sure.  I'm familiar with those counter-detection techniques, as I'm sure 
many (most?) of those involved in this discussion are.  And of course 
there are counters to those counters . . . it's counters all the way 
down!

;>

> The standard definition of “traffic analysis” is deducing 
> information from the metadata and the patterns of communications. It 
> explicitly does NOT rely on knowing the content of the traffic (which 
> is assumed to be opaque).

That's what I was trying to get across - that uncovering an unexpected 
layer of encryption, even without the ability to decrypt it, is very 
useful in a security context.

Sorry for being unclear!

-----------------------------------
Roland Dobbins <rdobbins@arbor.net>

[TLS] Malware (was Re: draft-green-tls-static-dh-… Martin Thomson
Re: [TLS] Malware (was Re: draft-green-tls-static… Blumenthal, Uri - 0553 - MITLL
Re: [TLS] Malware (was Re: draft-green-tls-static… Kathleen Moriarty
Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
Re: [TLS] Malware (was Re: draft-green-tls-static… Martin Thomson
Re: [TLS] Malware (was Re: draft-green-tls-static… Dobbins, Roland
Re: [TLS] Malware (was Re: draft-green-tls-static… Russ Housley
Re: [TLS] Malware (was Re: draft-green-tls-static… Dobbins, Roland
Re: [TLS] Malware (was Re: draft-green-tls-static… Carl Mehner
Re: [TLS] Malware (was Re: draft-green-tls-static… Dobbins, Roland
Re: [TLS] Malware (was Re: draft-green-tls-static… Carl Mehner
Re: [TLS] Malware (was Re: draft-green-tls-static… Dobbins, Roland
Re: [TLS] Malware (was Re: draft-green-tls-static… Carl Mehner
Re: [TLS] Malware (was Re: draft-green-tls-static… Dobbins, Roland
Re: [TLS] Malware (was Re: draft-green-tls-static… Blumenthal, Uri - 0553 - MITLL
Re: [TLS] Malware (was Re: draft-green-tls-static… Jeffrey Walton
Re: [TLS] Malware (was Re: draft-green-tls-static… Carl Mehner
Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
Re: [TLS] Malware (was Re: draft-green-tls-static… Carl Mehner
Re: [TLS] Malware (was Re: draft-green-tls-static… Simon Friedberger
Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
Re: [TLS] Malware (was Re: draft-green-tls-static… Watson Ladd
Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
Re: [TLS] Malware (was Re: draft-green-tls-static… Blumenthal, Uri - 0553 - MITLL
Re: [TLS] Malware (was Re: draft-green-tls-static… Dobbins, Roland
Re: [TLS] Malware (was Re: draft-green-tls-static… Blumenthal, Uri - 0553 - MITLL
Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins
Re: [TLS] Malware (was Re: draft-green-tls-static… Roland Dobbins