[TLS]Re: Trust Anchor Negotiation Surveillance Concerns and Risks

Dennis Jackson <ietf@dennis-jackson.uk> Tue, 23 July 2024 15:01 UTC

Return-Path: <ietf@dennis-jackson.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDE6EC16943C for <tls@ietfa.amsl.com>; Tue, 23 Jul 2024 08:01:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dennis-jackson.uk
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HuiWh0RLx08F for <tls@ietfa.amsl.com>; Tue, 23 Jul 2024 08:01:32 -0700 (PDT)
Received: from mout-p-101.mailbox.org (mout-p-101.mailbox.org [80.241.56.151]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57B93C15793B for <tls@ietf.org>; Tue, 23 Jul 2024 08:01:29 -0700 (PDT)
Received: from smtp2.mailbox.org (smtp2.mailbox.org [10.196.197.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4WT0j10DHmz9snV for <tls@ietf.org>; Tue, 23 Jul 2024 17:01:25 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dennis-jackson.uk; s=MBO0001; t=1721746885; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=pucl3MvFaFC0/Xxv5A+/QlHZ2coj8FjgXHZso/i2a4s=; b=biBMQfmUFTNSWthr70OUbGvmFYPX0iHqDp46L2qOmsw1fApjbBV7X2eUGiMRZb9vBOo6lG 9NVVEE3ZCOI3CqtQ2wsJOziQuitPiYkLhJRo7m0nIEuvUJUaR2yh7GCWu4fjKDUEn5AfjW 4cH5wA/l+vt4g8JVAtgw9QzIc10snJed8OwTN12KFiBQcfiAygtgWUdjXr/7rEZOoYvGoA 2GSLQyUkrvD6EqT68+VxRUZgoJCHtcdeGAGxZm2avuR+7PdL0k6IIlSb0Z/Aahvfgr+LAY lxZ7t/qBkcWMiMoBj0aaVrqAc6SNINEWXpTms8XpF6PkPgTkjw4wUNn9QW7FQg==
Content-Type: multipart/alternative; boundary="------------07mtfoqjt2eNeVfylvE6E2Pk"
Message-ID: <d751b4c1-fef2-4bf8-a6a6-46d4801c8aef@dennis-jackson.uk>
Date: Tue, 23 Jul 2024 08:01:21 -0700
MIME-Version: 1.0
To: tls@ietf.org
References: <CACsn0cmhsh-zeJOaa7xy_2crxgvhAF=nK9FqWxxf1dB2SMhMyQ@mail.gmail.com> <Zpu0reBpH3dtFYdf@LK-Perkele-VII2.locald> <CADQzZqtsj272Gt771Ef=VhS2+WvWKkct0Jx1=wmyS7kTu0ds1w@mail.gmail.com> <CAF8qwaB3VuWSYTi-gH99+N_cgi1ZAdMpzhrSE4=KTD5xbQMwXA@mail.gmail.com> <CADQzZqtyCQwQR2WPrBdqGGUm_tvZ7Akra5z9vqJ30x9vWBtxew@mail.gmail.com> <CAF8qwaDt-vhUb-E48874QLKe-YOc3xzC4VsArzYf_BGREz0+QQ@mail.gmail.com> <CADQzZqvw0Phv1oa--C6HSZJpKkG899v36g-xXrwyiKpM8cyYJw@mail.gmail.com> <254e0d54-7438-4666-8a0b-1ddf431e65d4@dennis-jackson.uk> <CADQzZqupwoqLbJNEU4RgA+G983_a34g-MmHsJN=XZygjLtDUkw@mail.gmail.com> <5f23bc91-b0a4-4ba4-add8-e920ca9c7784@dennis-jackson.uk> <Zp6y2ImjHI1R0oy6@LK-Perkele-VII2.locald> <5a942952-09e1-4aab-b321-cb05ea9c9528@dennis-jackson.uk> <A4DA0C3B-5ED3-4A2B-8CAE-B0B1ED862F29@akamai.com>
Content-Language: en-US
From: Dennis Jackson <ietf@dennis-jackson.uk>
In-Reply-To: <A4DA0C3B-5ED3-4A2B-8CAE-B0B1ED862F29@akamai.com>
Message-ID-Hash: XCGUDR4YRVLSHKVBIR5ZHS6R2JROXTXG
X-Message-ID-Hash: XCGUDR4YRVLSHKVBIR5ZHS6R2JROXTXG
X-MailFrom: ietf@dennis-jackson.uk
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: Trust Anchor Negotiation Surveillance Concerns and Risks
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/oTS_5x0ZrSQPhLD0espK67HtBos>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

On 22/07/2024 16:06, Salz, Rich wrote:

> I agree adding a new API for T.E. which applications could opt in to 
> would be fine. But could T.E. ever be enabled by default without 
> breaking the existing API and requiring application changes?
>
> Yes it could. For example, you’d have to add meta-data identifying the 
> ‘directory of certs’ that are typically used so that it could become a 
> named trust store. Assume that’s a fixed filename, like 
> “trust-store-id.txt” or something. Then when you specify that 
> directory (e.g., via [1]) it could look for the fixed filename and 
> send that identifying information.
>
I agree that having a library like OpenSSL auto-discover the necessary 
metadata in the system root store is definitely possible. My concern is 
about breakage with the other parts of the API exposed to applications 
which will prevent T.E. from being able to be offered by default - 
meaning applications will have to opt-in via a new API.

The Trust Expression's extension is trying to convey accurate 
information about which certificates are acceptable (which is controlled 
by the application) and may change the certificate which is received 
(which is visible to the application). So I don't see how Trust 
Expression's could be enabled by default without breaking applications 
or the semantics of the Trust Expression's extension. Some examples:

  * Some applications will set their own certificate verification
    callback (SSL_CTX_set_cert_verify_callback). A Trust Expression's
    label cannot be sent with these connections because OpenSSL doesn't
    know what the policy is going to be that the application applies.
    Sending the T.E. label is informing the serve 'I will accept any
    certificate suitable for this root store'.
  * Some applications will use the default certificate verifier in
    OpenSSL, but then access the certificate chain via
    SSL_get_peer_cert_chain or similar functions for getting specific
    metadata. The application might then do further checks which OpenSSL
    is unaware of. If so, the Trust Expression's label from the system
    store cannot be used without making the label inaccurate.
  * Some applications will do use the default checks on the certificate,
    but access the certificate chain to consume / log / display the
    information elsewhere. It's likely these functions are going to
    expect a 'normal' X.509 cert chain but one of the use cases of Trust
    Expressions is to enable non-X509 certificate payloads or shorter
    chains.

I think the second and third cases are particularly critical. OpenSSL 
cannot know during the handshake whether the application is going to 
later call SSL_get_peer_cert_chain / SSL_get_peer_certificate and then 
make a decision about whether to tear down the connection. For example, 
the application may do its own pinning and check whether the issuer is 
acceptable.

In this case, if OpenSSL sent the Trust Expression extension with the 
label by default, it would be actively harmful, since the Trust 
Expression extension is telling the server "I will accept any cert valid 
in this root store" but in actuality the application is performing 
pinning. This would make the extension useless for the proposed use 
cases around handling pinning gracefully and giving server's confidence 
to migrate CAs.

So my conclusion is that TLS libraries are never going to be able to 
offer T.E. by default. Instead applications would have to opt in, which 
seems like a major barrier to adoption outside of browsers.

Happy to be corrected if there are some wrinkles here, but Hyrum's law 
seems pretty harsh for the existing TLS library APIs.

Best,
Dennis