IETF Logo Mail Archive

[TLS]Re: Trust Anchor Negotiation Surveillance Concerns and Risks

Mike Shaver <mike.shaver@gmail.com> Mon, 22 July 2024 15:58 UTC

Return-Path: <mike.shaver@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57226C15106A for <tls@ietfa.amsl.com>; Mon, 22 Jul 2024 08:58:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WZPfYdqUQpfC for <tls@ietfa.amsl.com>; Mon, 22 Jul 2024 08:58:42 -0700 (PDT)
Received: from mail-ot1-x32f.google.com (mail-ot1-x32f.google.com [IPv6:2607:f8b0:4864:20::32f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1625C14F75F for <tls@ietf.org>; Mon, 22 Jul 2024 08:58:37 -0700 (PDT)
Received: by mail-ot1-x32f.google.com with SMTP id 46e09a7af769-7035b717880so2439395a34.1 for <tls@ietf.org>; Mon, 22 Jul 2024 08:58:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721663916; x=1722268716; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=FcSJomz0Rn0kSkF3RwwDpgs0IVmqQgT1u8Ua2FJu18U=; b=BJD1NvfrvL+yJ7Kq3YHcPn8bbAf0KDA4jwieav+P3z6Mig52xye6JT16FfuJpcYEep 00w87TMvzf0jzC3lFU+ixH8AnjV0clvcCcU7lE124/GqJfiL/8ToP/1UJ3aEyd/g/mWx 0eu82Ib9jLn4KmxKnAMG6qAAPrhT084oGEzdMlLMVr6ndD/hBd8F9ZIMHIqQRslDkatp SSXh0RjMkb4aP83UOTpUlQ8C7pDRxY6xOXVzDLLK5eP1kbGLeDn27TP5UpS4WOqvFFO/ eyWPoGeNizR5xzYt9ikghAfe21+1BqM5Eu7bXdi8FEDALuBZqZRi28F0062qcRDDI0jz xCJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721663916; x=1722268716; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=FcSJomz0Rn0kSkF3RwwDpgs0IVmqQgT1u8Ua2FJu18U=; b=mQzUK6rHDC+Lw8NeuiQb6AD44YFY4cX0/GgVfnVVrFIHlLW4c3tndu4lrdJ4Yss306 rg0EvRrVRxTsqTKAMkd8MXf8twtSZ0+FkHXjmgTx1anK32Aezu38+JEStsrZadr0ThYd jLz7Zz7YspFlI0mx/SSJKSxGDRltaXuoAGLgwnnObqmZ14ufhSIbsV7qHFa9PwMO4eEP Th8FKQNs71QVCtu/fSNyMrjlkk5VUfbGzQ0gF0OLNvKK6wLwgYZ3NX9sS4pOMDQozxNL Nf03rxJtAsTK9t9N6xiMAmZ2IvQrVRuezv2frvOu6YVB3vqtLrZ6GzSsSkZkjyq89131 W8Gg==
X-Forwarded-Encrypted: i=1; AJvYcCVLk/g0tvvWNr43asSLJKK0DQpvOaXrndstYQZbZyhe/CJ3m9NiOQ3cZTmg3ZofuHkO/PZkOJm66Rzyavc=
X-Gm-Message-State: AOJu0YwRZ7oIguZMvPv5hrZ3WW+1oZ/dPlsQV8+JqMSa2gnXi2EE7hwv RR4K4gHRJWCvQgOrjD+sKV0Q+Q4UbkHwGywJRBivUWl4EeOjzVDGTHeIgf37cOzkWIMpiuIpyKt nBXwmdQ2kaRgpx6lhme8PbKllQmk=
X-Google-Smtp-Source: AGHT+IEAMdqI4icFVF/OsRFWxTOzzm2JAOTPGIHqTz8h7LBBaKc22qiDIrtcl7nj83EJ0gZlvpzs6mN3oDoyT9stnu0=
X-Received: by 2002:a05:6808:1a0c:b0:3d2:21a5:d3bb with SMTP id 5614622812f47-3dae657b399mr3552235b6e.22.1721663916224; Mon, 22 Jul 2024 08:58:36 -0700 (PDT)
MIME-Version: 1.0
References: <CAD2nvsT4qWqudiv1C1wZn6rB4_s-9EDENq5TXEbxr_ygcMFjDQ@mail.gmail.com> <CAChr6Sw+gxK3dO29F9bsLTQReJz6LzT2hZb5O7LAXmKzQbKTSw@mail.gmail.com> <CACf5n7_29CNXLf+SmpKKOWkc_3Oi2BZqZ8irU+z=3btJns_1-Q@mail.gmail.com> <CAChr6SxJ3r88a4Aehv_5fsSWb1JApV6Lg4hfwdm0Oh5x04_shQ@mail.gmail.com> <479BA457-9001-4EBC-A84F-9E3EB71E809F@akamai.com> <CACsn0cmhsh-zeJOaa7xy_2crxgvhAF=nK9FqWxxf1dB2SMhMyQ@mail.gmail.com> <Zpu0reBpH3dtFYdf@LK-Perkele-VII2.locald> <CADQzZqtsj272Gt771Ef=VhS2+WvWKkct0Jx1=wmyS7kTu0ds1w@mail.gmail.com> <CAF8qwaB3VuWSYTi-gH99+N_cgi1ZAdMpzhrSE4=KTD5xbQMwXA@mail.gmail.com>
In-Reply-To: <CAF8qwaB3VuWSYTi-gH99+N_cgi1ZAdMpzhrSE4=KTD5xbQMwXA@mail.gmail.com>
From: Mike Shaver <mike.shaver@gmail.com>
Date: Mon, 22 Jul 2024 11:58:25 -0400
Message-ID: <CADQzZqtyCQwQR2WPrBdqGGUm_tvZ7Akra5z9vqJ30x9vWBtxew@mail.gmail.com>
To: David Benjamin <davidben@chromium.org>
Content-Type: multipart/alternative; boundary="00000000000026396d061dd81e1f"
Message-ID-Hash: EM6KSRXIYCX7SKL32GDXVO5ZKOWGUBOA
X-Message-ID-Hash: EM6KSRXIYCX7SKL32GDXVO5ZKOWGUBOA
X-MailFrom: mike.shaver@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: Trust Anchor Negotiation Surveillance Concerns and Risks
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/rkjJsKWX-irgDCN2uqxAu63gIYc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

On Sat, Jul 20, 2024 at 2:23 PM David Benjamin <davidben@chromium.org>
wrote:

> On Sat, Jul 20, 2024, 06:13 Mike Shaver <mike.shaver@gmail.com> wrote:
>
>>  In what way are these non-web systems not allowed to use other PKI
>> models today? How would trust anchors provide that permission?
>>
>
> If the same server serves both embedded/IoT traffic and web browser
> traffic, but we aim for the two to use different PKIs, the server needs to
> arrange to serve different certificates to each. To do that, we need trust
> anchor negotiation story.
>

If there is no extra-TLS means of distinguishing those cases, such as port
or IP addresses for endpoints, then today such a system can use SNI, which
is basically a very simple trust selection story. It is less flexible, but
for selecting between disjoint PKIs in which to orient a given connection,
it seems that it would suffice.

PayPal and Netflix semi-famously rolled out SNI at moderate pain to
accommodate a pretty similar situation when browsers and their IOT/etc
devices no longer had trusted roots in common. I am not against TAs as a
more flexible way to negotiate the PKI properties that the participants
want to use for their connection, but I think it's counterproductive to the
health of the web PKI to spread the idea that TA is *required* for systems
to migrate to non-web PKI, even if they indeed need to keep using the same
endpoints for some reason. Having those systems that are inappropriately
using web PKI today justify further such misuse by saying that they are
waiting for all their systems to support TA would be pretty unfortunate. I
think that practically the process of managing and deploying new roots and
certificates for a private PKI will make "change the hostname or port used"
a small additional matter.

To be clear, I think that TA will make it easier to resolve such misuses,
and that this is a virtue of the proposal. I just really don't like the
idea that it's not possible today.

On Sun, Jul 21, 2024 at 7:05 PM Dennis Jackson <ietf=
40dennis-jackson.uk@dmarc.ietf.org> wrote:

> We've seen a number of recent incidents where CAs have delayed revocation
> of mis-issued certificates for 'critical' services that are not accessible
> on the public web [1]. The vast majority of these services could already
> migrate to a private PKI today but they simply don't have adequate
> incentives to make the small investment necessary. How would Trust
> Expressions or Trust Anchors change that?
>
TA, once deployed, could well possibly make it easier to migrate or manage
such systems, but I don't think it's reasonable to expect that any protocol
change will provide sufficient "incentive" for the operator of such a
system to bear the costs of operating a PKI when they could instead push
those costs to the stewards of the web PKI instead. It's not a reasonable
standard against which to evaluate a protocol element, IMO.

Mike


On Sat, Jul 20, 2024 at 2:23 PM David Benjamin <davidben@chromium.org>
wrote:

> On Sat, Jul 20, 2024, 06:13 Mike Shaver <mike.shaver@gmail.com> wrote:
>
>>
>>
>> On Sat, Jul 20, 2024 at 8:59 AM Ilari Liusvaara <ilariliusvaara@welho.com>
>> wrote:
>>
>>> Allowing various embedded and IoT stuff to migrate off of WebPKI would
>>> be of immense value. Such stuff using WebPKI has been source of gigantic
>>> amount of pain.
>>
>>
>> I agree with your second sentence very much, but I don’t understand your
>> first one. In what way are these non-web systems not allowed to use other
>> PKI models today? How would trust anchors provide that permission?
>>
>> Mike
>>
>
> If the same server serves both embedded/IoT traffic and web browser
> traffic, but we aim for the two to use different PKIs, the server needs to
> arrange to serve different certificates to each. To do that, we need trust
> anchor negotiation story.
>
> David
>
>
>
> _______________________________________________
>> TLS mailing list -- tls@ietf.org
>> To unsubscribe send an email to tls-leave@ietf.org
>>
>

v2.36.0 | Report a Bug | By Email | System Status