IETF Logo Mail Archive

Re: [TLS] security considerations for draft-rescorla-tls-subcerts

Subodh Iyengar <subodh@fb.com> Wed, 05 April 2017 20:20 UTC

Return-Path: <prvs=5268bd8a47=subodh@fb.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBA17129484 for <tls@ietfa.amsl.com>; Wed, 5 Apr 2017 13:20:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fb.com header.b=rOYaqni4; dkim=pass (1024-bit key) header.d=fb.onmicrosoft.com header.b=ZPj3Z/TB
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c-J00_RmfCyq for <tls@ietfa.amsl.com>; Wed, 5 Apr 2017 13:20:34 -0700 (PDT)
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1F5A12948B for <tls@ietf.org>; Wed, 5 Apr 2017 13:20:33 -0700 (PDT)
Received: from pps.filterd (m0109334.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v35KIEXe009891; Wed, 5 Apr 2017 13:20:07 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=facebook; bh=8vFB6mXwdJxnFZ5Hi5uvre5fg7v1N9SaQCHLKckjeEg=; b=rOYaqni4ClplcuBV9u/5SUSlp5Dplf7m5Hjc6oBavjTVdbjsbMio7xurSnirxcZAawmt bX44jIyWhQRoHNprkX9m+fQIBFpliechbmldhyvmJDQkaQwTbLF18LGKUhdUt7xKJlpm IJWo3pfgHHyxt9FFJFCorlCsxasqQBFP1s8=
Received: from mail.thefacebook.com ([199.201.64.23]) by mx0a-00082601.pphosted.com with ESMTP id 29n2dbsddm-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 05 Apr 2017 13:20:07 -0700
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (192.168.54.28) by o365-in.thefacebook.com (192.168.16.24) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 5 Apr 2017 13:20:06 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector1-fb-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=8vFB6mXwdJxnFZ5Hi5uvre5fg7v1N9SaQCHLKckjeEg=; b=ZPj3Z/TBmsXQOUsLG0UHMHf1+v2Hon/wzrPRKVcMX3if8bdknsepbk97uwmQ2snLS4L7z1ZIxmeJoA40DCEverVCKs0UjM+cUL9CKyhiLooA+YfEsEFgyrn73ei63rFtYV0rehjhw5Ok2YLebHnvVI7WpvGiw90Ad6aUyZS+7cw=
Received: from MWHPR15MB1455.namprd15.prod.outlook.com (10.173.234.145) by MWHPR15MB1456.namprd15.prod.outlook.com (10.173.234.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1005.10; Wed, 5 Apr 2017 20:20:03 +0000
Received: from MWHPR15MB1455.namprd15.prod.outlook.com ([10.173.234.145]) by MWHPR15MB1455.namprd15.prod.outlook.com ([10.173.234.145]) with mapi id 15.01.1005.020; Wed, 5 Apr 2017 20:20:04 +0000
From: Subodh Iyengar <subodh@fb.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Simon Friedberger <simon.tls@a-oben.org>, "tls@ietf.org" <tls@ietf.org>, Richard Salz <rich.salz@gmail.com>, "Kaduk, Ben" <bkaduk@akamai.com>
Thread-Topic: [TLS] security considerations for draft-rescorla-tls-subcerts
Thread-Index: AQHSqaBOocVmAQvSZkGxKH7FNtBXA6GxLuRegASs84CAAOJSgIAAAPGAgAAA7ICAAC8aD4AAQ8yAgAANcWM=
Date: Wed, 05 Apr 2017 20:20:03 +0000
Message-ID: <MWHPR15MB1455C7BE1C32A3FADD8759FAB60A0@MWHPR15MB1455.namprd15.prod.outlook.com>
References: <m27f362zxm.fsf@dhcp-89ad.meeting.ietf.org> <MWHPR15MB1455F0758BE196CAB4BDF8BDB6360@MWHPR15MB1455.namprd15.prod.outlook.com> <c5799647-4568-4cbf-1708-52934a961f67@akamai.com> <d93fe5c1-5236-f86c-34d0-2606204d672d@a-oben.org> <f4aeff835aa4437f8d2996cba926bc11@usma1ex-dag1mb1.msg.corp.akamai.com> <df23dab4-d8cd-7d7e-3372-1dfed4457d45@a-oben.org> <MWHPR15MB145571244E36DA811C5F6CDCB60A0@MWHPR15MB1455.namprd15.prod.outlook.com>, <b5f89159-57da-a443-e675-5e2ccf5ecae5@cs.tcd.ie>
In-Reply-To: <b5f89159-57da-a443-e675-5e2ccf5ecae5@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: cs.tcd.ie; dkim=none (message not signed) header.d=none;cs.tcd.ie; dmarc=none action=none header.from=fb.com;
x-originating-ip: [25.173.47.4]
x-microsoft-exchange-diagnostics: 1; MWHPR15MB1456; 7:R5+SVsIEm6IUfkK8J+Jf/neUZ7Lk4YOKqocm6x/S/FEF1Kkklsf+y9iKqSEpOjQzvg0b3AqKaP5BtrBxuE4KLX1BEdUVB2IVHFhPrsKcO63IC/MSpGfsysI/g2qsNmQQKlfWYZkNO8++AmhC3QNw1ACd/pkLWYyqHikivqhWcTqywlSJ+6plw9XdqG5ZxdzUOzefXcibUfEGBH8DoJSecf3XSJ3KgFfbbHLbbpmuzPICAYLpddE+uDKNJXr7gnB0/HZN2DB9K1kE0gDoxNQNONI4+MFmtSKA2siaERNg4bPk9J+wLNTvz9gU7BL3rdk7s8o8K1JnuXFdUfD76kNZTw==; 20:sm8eDHfr1W0NMeGuq0wibN8ewfQ+ujFxrCmaIFOwfM52CCN6sR1zRwKTrz4JuwMrr2oSg+pnmgVK/grk8wOwrZ1+eUORXAQdwg9rQrhTXArWjkx3Y/Azky4xWn5WWkutosmrPa3x9UanAQekkR6Rv0/tapwtmtfM9YAYX0IgABI=
x-ms-office365-filtering-correlation-id: cea1afdf-6a3b-4349-02f1-08d47c612501
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081); SRVR:MWHPR15MB1456;
x-microsoft-antispam-prvs: <MWHPR15MB1456C74F44F2F8562F74E514B60A0@MWHPR15MB1456.namprd15.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(32856632585715)(158342451672863)(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(6041248)(20161123555025)(20161123560025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(20161123564025)(6072148); SRVR:MWHPR15MB1456; BCL:0; PCL:0; RULEID:; SRVR:MWHPR15MB1456;
x-forefront-prvs: 0268246AE7
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39410400002)(39450400003)(39850400002)(39400400002)(39840400002)(377454003)(24454002)(55016002)(66066001)(189998001)(6246003)(81166006)(25786009)(229853002)(54896002)(2950100002)(8676002)(74316002)(99286003)(6116002)(9686003)(3846002)(102836003)(2501003)(77096006)(53546009)(2900100001)(7736002)(5660300001)(7696004)(53936002)(33656002)(50986999)(76176999)(38730400002)(122556002)(93886004)(3280700002)(54356999)(3660700001)(230783001)(15650500001)(6506006)(2906002)(6436002)(8936002)(39060400002)(86362001); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR15MB1456; H:MWHPR15MB1455.namprd15.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_MWHPR15MB1455C7BE1C32A3FADD8759FAB60A0MWHPR15MB1455namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Apr 2017 20:20:03.7705 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR15MB1456
X-OriginatorOrg: fb.com
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-04-05_15:, , signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/s5-ZgkLvmVYsPWlK1Pdidq9Z8Aw>
Subject: Re: [TLS] security considerations for draft-rescorla-tls-subcerts
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Apr 2017 20:20:36 -0000

> With that goal in mind, wouldn't it help mitigate the threat if
the holder of the longer term credential (the cert subject) were
to include within the signature e.g. an IP address range within
which the delegated credential is allowed to be used?

We thought about this originally, but we discounted this because it breaks when http and socks proxies are used. Looking at some data I had a non trivial number of requests access our site using proxies. I'm not sure whether there's a good method for a client to enforce ip address ranges when a proxy does the dns resolution.


Subodh

________________________________
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Sent: Wednesday, April 5, 2017 12:30:31 PM
To: Subodh Iyengar; Simon Friedberger; tls@ietf.org; Richard Salz; Kaduk, Ben
Subject: Re: [TLS] security considerations for draft-rescorla-tls-subcerts


I've no strong opinion for or against this. One question below
though.

On 05/04/17 17:07, Subodh Iyengar wrote:
> The threat model here is that since if a less-trusted host having a
> key is compromised for a certain period of time without detection,
> and an attacker can steal private keys during that period. In many
> situations we are fine with giving the TLS terminator a certificate /
> key, i.e. they actually have a trust relationship, however we want a
> compromise to only give the attacker a limited power to use the
> credential. Revocation is arguably effective, so we would not be okay
> with giving a less trusted host a long term private key. However we'd
> be okay with giving a less-trusted host a short term key.

With that goal in mind, wouldn't it help mitigate the threat if
the holder of the longer term credential (the cert subject) were
to include within the signature e.g. an IP address range within
which the delegated credential is allowed to be used?

Cheers,
S.

v2.23.0 | Report a Bug | By Email