Re: [TLS] Call For Adoption: draft-wang-opsec-tls-proxy-bp

Eric Rescorla <ekr@rtfm.com> Tue, 28 July 2020 11:13 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 818B03A0AFA for <tls@ietfa.amsl.com>; Tue, 28 Jul 2020 04:13:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Att6cwNDqza for <tls@ietfa.amsl.com>; Tue, 28 Jul 2020 04:13:34 -0700 (PDT)
Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9440B3A0AF5 for <tls@ietf.org>; Tue, 28 Jul 2020 04:13:34 -0700 (PDT)
Received: by mail-lf1-x133.google.com with SMTP id j22so4883486lfm.2 for <tls@ietf.org>; Tue, 28 Jul 2020 04:13:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=t1fw6wTCMCPAeSyhrR2B8tXbk//XHBh3pEDCAjKqso8=; b=rYptd69LRvo7bpPWpGNeNNl9edzmOoonxC5drZPRQh+EO1c2uQKHghx5SbKqRwXZ5t yI0a5JPZpfEjYuTPL+28ut8VN9FDcjaUEKJbhFcPDwSa2mY8QMfNmdylIX8k7NMcixZ2 9bJHigP4CC9q7k+9sYlDlLqBR0/0gCp8n3Q7tEDOMBT2H8JoCcxStLL6g9RNYII3DR4g wvRZkzFRHmTmnUIZbc0/lNUobI/XJX/E9nVHr39EFn2+EtPNSev25JbHuneNk0BMifZM /OCZbiCx7oH2je4u2g2VXThN5fKUk4eezE4qsui+tDl0UEy9nguxmkPC1gZNMTqF8FZr BLcA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=t1fw6wTCMCPAeSyhrR2B8tXbk//XHBh3pEDCAjKqso8=; b=mWW7K6JwCN2BfKJ3axq/9aPsYu1fXdswZGdRqp35gGzxWshwprgXf6ZDcNoDgJ1HYt Sc9rU1gpEjV3mdF+T0aArUoyyQqCuyWmxl3jkU7FwYDv7Gq2th3Tyn0fPM95nOvslOep iQBvJKElciulTvaFlCK6ZeJK4N8Si3yaVeItvJPlFGtGXjgknFKKl94hwcJRGRRZuzw/ HJ0am196xkoP0sEpLLk9cUq5TcYtrrqahKi61la1VyCgUTWkRqCLLDNxyvc/Y4t2hTI7 lZeoIOjwnTCIZIYsAf67mDy9VpEfGw9JHjTxoGEA7eJuTgTagk1cM32mkkJ6N+fwSaxo V1fw==
X-Gm-Message-State: AOAM533xiQwWNNSD8ylqbMH5ZbMzd8dPXAApJxNaKHpscauUHLhfthif /hZm8fvmUQCQurqFjY4Fbj0oujwKCYv2zyBeM5hYAg==
X-Google-Smtp-Source: ABdhPJyCzd2pYHLa8Y7CjhmfHu+JA9vWIvE1KN+ZW0Gw+V5YjEzLR2TIriNKRvjepzTrKaq9AiQFTOjLWuK4S4Trqpk=
X-Received: by 2002:a19:6715:: with SMTP id b21mr14178714lfc.55.1595934812279; Tue, 28 Jul 2020 04:13:32 -0700 (PDT)
MIME-Version: 1.0
References: <DM6PR05MB634890A51C4AF3CB1A03DA0BAE7A0@DM6PR05MB6348.namprd05.prod.outlook.com> <d9a9ea94-4c4a-40eb-8841-7a92fa31103e@www.fastmail.com>
In-Reply-To: <d9a9ea94-4c4a-40eb-8841-7a92fa31103e@www.fastmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 28 Jul 2020 04:12:55 -0700
Message-ID: <CABcZeBO5yb90=GQvXP+1SWGzyYRvnMs8FZNymL-CgDfkW1=_Mg@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, OPSEC <opsec@ietf.org>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009232e805ab7e87a9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/pYU0P8mGsatgnxNnw3BWmaROaWE>
Subject: Re: [TLS] Call For Adoption: draft-wang-opsec-tls-proxy-bp
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2020 11:13:37 -0000

On Tue, Jul 28, 2020 at 12:26 AM Martin Thomson <mt@lowentropy.net> wrote:

> The following text from Section 5.3 is deeply problematic:
>
>    A decryption policy decision MAY be made based on the server
>    certificate or other trustworthy parameters.  To verify possession of
>    private keys that are associated with a particular server
>    certificate, the proxy SHOULD complete an out-of-band TLS handshake
>    with the same TLS server IP address and TCP port as targeted by the
>    TLS client.
>
> It is possible that the authors misunderstand how TLS works, but this
> check won't work.  Not only because TLS 1.3 encrypts information, but
> because this is only necessary if the proxy forwards a ClientHello from the
> client to the server.


In addition, this check is susceptible to trivial forwarding attack in
which the server in question forwards the data to the true server.

-Ekr