Re: [TLS] TLS interception technologies that can be used with TLS 1.3
Richard Barnes <rlb@ipv.sx> Thu, 15 March 2018 22:45 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5188E1243F3 for <tls@ietfa.amsl.com>; Thu, 15 Mar 2018 15:45:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NttVY8PeQI3x for <tls@ietfa.amsl.com>; Thu, 15 Mar 2018 15:45:27 -0700 (PDT)
Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF1D41241FC for <tls@ietf.org>; Thu, 15 Mar 2018 15:45:26 -0700 (PDT)
Received: by mail-wm0-x236.google.com with SMTP id n3so548795wmd.1 for <tls@ietf.org>; Thu, 15 Mar 2018 15:45:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=A2Si0yReLwTgetXf/Aftfro61T3NmfLBjPm071UT06k=; b=XPQSudN20B6G3B0+PqPm8Mpsv4Aj0Hx54axg2clUmIQf4NKd/WUAcFbaEx59ANEp09 uUrCo0ynUVLrCphAiVdDVfVGLeA/kvPvIvXP2pb4epEHWjLeNMfwsFC9Zl6c08MVDASI IL9Ui2Xb2yPn1RPLt4TJKHeyp8NM5sTP+CSriHOJr2XnTSyF+t2M/lCR3Ky8MQG4RZYh cq7yux2Jw/sg5kM3b4Eh+gaXqXONsDE8+HZ5tYKlbZIqGcQSZmpKQbGfaTSV1bRGs/17 itnTDoL7HCvWUcQ6nwCCLBwdFbd7TVbCYnswcNobKT3vCK6/xJYwmNyj3ITy7OFw7jS+ L9/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=A2Si0yReLwTgetXf/Aftfro61T3NmfLBjPm071UT06k=; b=kU4Dg3uT7KYf2vGswpyZ7IqA0ehUCuwA0u81UdUbGoIS7d2WM5IfpgG+kaMkyvZNem RZ5O9Z2pcgl1op68vI/RBwXpuNdDU4s5mP9gue0VyV986pNjBQcRDml6zCAmFarwpu6y E6J7iG1NYmQz3eprr3putbWNaQFSnUuSIp/K+czmv1UEuAJVgAK/bIOzcFyNZwwVKGJb coYgaY5bU2rPOsBa1ZwKKHxuMSN1ARgfJ43gGeypWfVNDd0SAPUeSayUlzDhqIgPpJNG ZDsCOHLH5Nv8aVnP+n4AcowTbvcaQJ5Y8qIU5TbxBU1ejX4h6bxdQdUUNv48mi1+XmKW Fsew==
X-Gm-Message-State: AElRT7EOGqRRPyTixTB3VboUpUqhx/ELLTpwc5dS7DrieLSlu3dx5ndo XnGzcAR0/jetVxnFl+hg/MEYcEzkBLrCbf1LKHSdEg==
X-Google-Smtp-Source: AG47ELvs6bDlXcsQK9iWOOjC91ERdHXobrikDL/yE2flYqv7ZTNoNytX6pmp7GKsTHI2dmU3Lu9tsNmpybXvnF/Bp5U=
X-Received: by 10.28.66.65 with SMTP id p62mr29745wma.8.1521153925366; Thu, 15 Mar 2018 15:45:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.12.140 with HTTP; Thu, 15 Mar 2018 15:45:24 -0700 (PDT)
In-Reply-To: <619FD02D-8F30-4261-BFE9-22CCFD145BE7@akamai.com>
References: <CACsn0cmNuuG4dhkouNzb=RDfYwG25VaKN7cGhm21wfLk-NmS5A@mail.gmail.com> <9B30F837-8F6A-4AF0-A3BD-69F9AFED5D7B@gmail.com> <2832089.SA8sAEVfAM@pintsize.usersys.redhat.com> <6BC4335A-D2E9-41FC-9F72-04B06594883B@gmail.com> <5CFD360D-818E-41A0-A140-59C283DC6CB0@akamai.com> <CAL02cgQQ7vve5+ndj1tUNgO+eH8cro2Mhhwj-bfBK=BnxECfRw@mail.gmail.com> <A2B23437-63DE-42B0-A29E-3A0635BCA85E@gmail.com> <619FD02D-8F30-4261-BFE9-22CCFD145BE7@akamai.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Thu, 15 Mar 2018 18:45:24 -0400
Message-ID: <CAL02cgSBwsHoeWxpD7+FA+NH9tzYmK7wHrswae9CWpOTf7FZfw@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: Yoav Nir <ynir.ietf@gmail.com>, Hubert Kario <hkario@redhat.com>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c06d6565ee8fb05677b3f0a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/qng8owtibjz2KW4euqoOFJN-tJU>
Subject: Re: [TLS] TLS interception technologies that can be used with TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Mar 2018 22:45:29 -0000
Well, exactly. It seems like the following have equivalent security properties: - Shipping out each session's keys as lines in SSLKEYLOGFILE over an ECDHE TLS connection - Shipping out each session's keys as an ECIES-encrypted package carried in a TLS extension Either way, you're doing a DH with the key recipient's public key and using that to encrypt the keys. On Thu, Mar 15, 2018 at 6:42 PM, Salz, Rich <rsalz@akamai.com> wrote: > I think if we ship the keys over some kind of secure socket layer we > should be okay, right? > > > > > > *From: *Yoav Nir <ynir.ietf@gmail.com> > *Date: *Thursday, March 15, 2018 at 6:41 PM > *To: *Richard Barnes <rlb@ipv.sx> > *Cc: *Rich Salz <rsalz@akamai.com>, Hubert Kario <hkario@redhat.com>, " > tls@ietf.org" <tls@ietf.org> > *Subject: *Re: [TLS] TLS interception technologies that can be used with > TLS 1.3 > > > > IIUC not quite. There is an API, so the application that uses the library > can get the keys. The application can then save it to a file, send it to a > central repository, send it to the government, or whatever else it might > want to do. > > > > There is no built-in setting where OpenSSL writes the keys to a file, nor > do applications such as web servers do this AFAIK. > > > > It should not be difficult to write, but is not provided in off-the-shelf > software. > > > > Making the library send this in-band in some protocol extension is a far > bigger endeavor. It’s also a dangerous switch to leave lying around. > > > > On 16 Mar 2018, at 0:16, Richard Barnes <rlb@ipv.sx> wrote: > > > > Just to confirm that I understand the scope of the discussion here: > > > > - TLS libraries have facilities to export keys from the library > > - Obviously, it's possible to ship these exported keys elsewhere (`tail -f > $SSLKEYLOGFILE | nc $LOGBOX`) > > > > So all we're really talking about is whether to define a way to do the > shipment of the exported keys in-band to the TLS session. > > > > > > On Thu, Mar 15, 2018 at 3:05 PM, Salz, Rich <rsalz@akamai.com> wrote: > > This is what OpenSSL provides: > https://www.openssl.org/docs/manmaster/man3/SSL_CTX_get_ > keylog_callback.html > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > > > > >
- [TLS] TLS interception technologies that can be u… Watson Ladd
- Re: [TLS] TLS interception technologies that can … Yoav Nir
- Re: [TLS] TLS interception technologies that can … Hubert Kario
- Re: [TLS] TLS interception technologies that can … Yoav Nir
- Re: [TLS] TLS interception technologies that can … Salz, Rich
- Re: [TLS] TLS interception technologies that can … Richard Barnes
- Re: [TLS] TLS interception technologies that can … R du Toit
- Re: [TLS] TLS interception technologies that can … Yoav Nir
- Re: [TLS] TLS interception technologies that can … Salz, Rich
- Re: [TLS] TLS interception technologies that can … Richard Barnes
- Re: [TLS] TLS interception technologies that can … Yoav Nir
- Re: [TLS] TLS interception technologies that can … Ion Larranaga Azcue