Re: [TLS] datacenter TLS decryption as a three-party protocol
Kyle Rose <krose@krose.org> Wed, 19 July 2017 13:51 UTC
Return-Path: <krose@krose.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70159131B44 for <tls@ietfa.amsl.com>; Wed, 19 Jul 2017 06:51:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=krose.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EM9kKqhuskwX for <tls@ietfa.amsl.com>; Wed, 19 Jul 2017 06:51:10 -0700 (PDT)
Received: from mail-qt0-x22b.google.com (mail-qt0-x22b.google.com [IPv6:2607:f8b0:400d:c0d::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C96D512F268 for <tls@ietf.org>; Wed, 19 Jul 2017 06:51:09 -0700 (PDT)
Received: by mail-qt0-x22b.google.com with SMTP id 32so1781293qtv.1 for <tls@ietf.org>; Wed, 19 Jul 2017 06:51:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=M1Ca05ga+3cWJYU00mE2ZiF8n7Dfv+Z1Auj4Zr88Pxk=; b=nhRcxSRJwdvyQc+hPc5UnULNIPsaVRgQcVe9VVnKwTdLPN79Kmz+h355FcrthdYSRi 0/Bc1Qks7Oy+/GxK0Jp++Q1l3Y6BG+luSN+gPtRiqG//bALGwxh5N04DQFYlGYEGtvBI kXN734/Fo4Fy6c7aik2XEjUgotvYErEfQtJjo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=M1Ca05ga+3cWJYU00mE2ZiF8n7Dfv+Z1Auj4Zr88Pxk=; b=TuIfdhAN2w9cL/pSqQLWpV00Q9m02kr9avyGSigndz7gxTwQWmL/LwYrJt7BhBRiqi HndEEB//bo0zrfpTBtX7xivsJDubjbZl/+KHzBdYp0LwwbeVSLVKMqm2HuGuxEmGhlpT HXOLXibDnoOYGZ2/3BEr7G8pM9LB5IG9PsX184A0GHCNz9ODG0ICUU1RXe87q9MFW/NI BGsuCgw7rswx4aS0t4ghQ3QVE3mc+R6Nb5chaoPJqy5WeYlY3oLBVEyXdmOkA2vsXVom AIYYt7RJZm6akskiAeVRsvysIQVApEbOeVOa3qS5W2AVt/tU3vDDEoF+rNPca+fdb4DS 6Iuw==
X-Gm-Message-State: AIVw113cogrMKQqtG3Z1rdrwpdw8CCeAzLjO4EeItLcdCuIM8gg0Nm/E r15wa+pvPe8LNw0AEjLr45D5y8k0kU6z
X-Received: by 10.233.216.1 with SMTP id u1mr239186qkf.10.1500472268738; Wed, 19 Jul 2017 06:51:08 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.55.128.194 with HTTP; Wed, 19 Jul 2017 06:51:08 -0700 (PDT)
X-Originating-IP: [2001:67c:1232:144:dcb8:7855:d332:9475]
In-Reply-To: <CAPt1N1mwYyTJVP1AyW0Zu3WBS6SCePAuR97-NQByTQh5Sg6eTA@mail.gmail.com>
References: <81de2a21-610e-c2b3-d3ff-2fc598170369@akamai.com> <CAPt1N1mwYyTJVP1AyW0Zu3WBS6SCePAuR97-NQByTQh5Sg6eTA@mail.gmail.com>
From: Kyle Rose <krose@krose.org>
Date: Wed, 19 Jul 2017 15:51:08 +0200
Message-ID: <CAJU8_nVfKi7iAFxTvVgYVd8G3V-mqMxMXE-03QoXxLSzMcmoHg@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Cc: Benjamin Kaduk <bkaduk@akamai.com>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c043d4e9304160554abeca4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/lq6qxc1FDsQ_CX-u1CEROC7HIYc>
Subject: Re: [TLS] datacenter TLS decryption as a three-party protocol
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jul 2017 13:51:12 -0000
On Wed, Jul 19, 2017 at 3:43 PM, Ted Lemon <mellon@fugue.com> wrote: > This is exactly right. We have a *real* problem here. We should > *really* solve it. We should do the math. :) > Is there appetite to do this work? If we restrict this to two paths, one of which is spending years designing and implementing a new multi-party security protocol, the other of which is silently and undetectably (at least on private networks) modifying the standardized protocol for which lots of well-tested code already exists... my money is on the latter happening. In every decision we make with respect to the static DH approach, we have to keep in mind that this change can be implemented unilaterally, i.e., without any modifications for interop. Consequently, I think the work we really need to do is to design and implement a FS-breakage detector so we can at least tell when this is happening on the public internet. Beyond that, the best we can really do is ask implementors to be polite and intentionally make their implementations not interoperate silently with TLS 1.3. Kyle
- [TLS] datacenter TLS decryption as a three-party … Benjamin Kaduk
- Re: [TLS] datacenter TLS decryption as a three-pa… Ted Lemon
- Re: [TLS] datacenter TLS decryption as a three-pa… Kyle Rose
- Re: [TLS] datacenter TLS decryption as a three-pa… Ted Lemon
- Re: [TLS] datacenter TLS decryption as a three-pa… Kyle Rose
- Re: [TLS] datacenter TLS decryption as a three-pa… Roland Zink
- Re: [TLS] datacenter TLS decryption as a three-pa… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] datacenter TLS decryption as a three-pa… Yoav Nir
- Re: [TLS] datacenter TLS decryption as a three-pa… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] datacenter TLS decryption as a three-pa… Derrell Piper
- Re: [TLS] datacenter TLS decryption as a three-pa… Stephen Farrell
- Re: [TLS] datacenter TLS decryption as a three-pa… Benjamin Kaduk
- Re: [TLS] datacenter TLS decryption as a three-pa… Stephen Farrell
- Re: [TLS] datacenter TLS decryption as a three-pa… Ted Lemon
- Re: [TLS] datacenter TLS decryption as a three-pa… Colm MacCárthaigh
- Re: [TLS] datacenter TLS decryption as a three-pa… Ted Lemon
- Re: [TLS] datacenter TLS decryption as a three-pa… Colm MacCárthaigh
- Re: [TLS] datacenter TLS decryption as a three-pa… BITS Security
- Re: [TLS] datacenter TLS decryption as a three-pa… Martin Rex
- Re: [TLS] datacenter TLS decryption as a three-pa… Martin Rex
- Re: [TLS] datacenter TLS decryption as a three-pa… Salz, Rich
- Re: [TLS] datacenter TLS decryption as a three-pa… Roland Zink
- Re: [TLS] datacenter TLS decryption as a three-pa… Stephen Farrell
- Re: [TLS] datacenter TLS decryption as a three-pa… Stephen Farrell
- Re: [TLS] datacenter TLS decryption as a three-pa… Colm MacCárthaigh
- Re: [TLS] datacenter TLS decryption as a three-pa… Tony Arcieri
- Re: [TLS] datacenter TLS decryption as a three-pa… Andrei Popov
- Re: [TLS] datacenter TLS decryption as a three-pa… Colm MacCárthaigh
- Re: [TLS] datacenter TLS decryption as a three-pa… Andrei Popov
- Re: [TLS] datacenter TLS decryption as a three-pa… Salz, Rich
- Re: [TLS] datacenter TLS decryption as a three-pa… Colm MacCárthaigh
- Re: [TLS] datacenter TLS decryption as a three-pa… Stephen Farrell
- Re: [TLS] datacenter TLS decryption as a three-pa… Colm MacCárthaigh
- Re: [TLS] datacenter TLS decryption as a three-pa… Stephen Farrell
- Re: [TLS] datacenter TLS decryption as a three-pa… Colm MacCárthaigh
- Re: [TLS] datacenter TLS decryption as a three-pa… Martin Rex
- Re: [TLS] datacenter TLS decryption as a three-pa… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] datacenter TLS decryption as a three-pa… Ilari Liusvaara
- Re: [TLS] datacenter TLS decryption as a three-pa… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] datacenter TLS decryption as a three-pa… Ilari Liusvaara
- Re: [TLS] datacenter TLS decryption as a three-pa… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] datacenter TLS decryption as a three-pa… Ted Lemon
- Re: [TLS] datacenter TLS decryption as a three-pa… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] datacenter TLS decryption as a three-pa… Stephen Farrell
- Re: [TLS] datacenter TLS decryption as a three-pa… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] datacenter TLS decryption as a three-pa… Ted Lemon
- Re: [TLS] datacenter TLS decryption as a three-pa… Christian Huitema
- Re: [TLS] datacenter TLS decryption as a three-pa… Ted Lemon
- Re: [TLS] datacenter TLS decryption as a three-pa… Jeffrey Walton
- Re: [TLS] datacenter TLS decryption as a three-pa… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] datacenter TLS decryption as a three-pa… Felix Wyss
- Re: [TLS] datacenter TLS decryption as a three-pa… Ted Lemon
- Re: [TLS] datacenter TLS decryption as a three-pa… Stephen Farrell
- Re: [TLS] datacenter TLS decryption as a three-pa… Brian Sniffen
- Re: [TLS] datacenter TLS decryption as a three-pa… Kyle Rose
- Re: [TLS] datacenter TLS decryption as a three-pa… Paul Turner
- Re: [TLS] datacenter TLS decryption as a three-pa… Brian Sniffen
- Re: [TLS] datacenter TLS decryption as a three-pa… Paul Turner
- Re: [TLS] datacenter TLS decryption as a three-pa… Kyle Rose
- Re: [TLS] datacenter TLS decryption as a three-pa… Sean Turner
- Re: [TLS] datacenter TLS decryption as a three-pa… Ilari Liusvaara