Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00

"David A. Cooper" <david.cooper@nist.gov> Tue, 24 October 2017 19:55 UTC

Return-Path: <david.cooper@nist.gov>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7C7B1397F3 for <tls@ietfa.amsl.com>; Tue, 24 Oct 2017 12:55:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.179
X-Spam-Level:
X-Spam-Status: No, score=-3.179 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4fMOM19kvsy5 for <tls@ietfa.amsl.com>; Tue, 24 Oct 2017 12:55:01 -0700 (PDT)
Received: from wsget2.nist.gov (wsget2.nist.gov [IPv6:2610:20:6005:13::151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A32E13F49A for <tls@ietf.org>; Tue, 24 Oct 2017 12:54:59 -0700 (PDT)
Received: from WSGHUB1.xchange.nist.gov (129.6.42.34) by wsget2.nist.gov (129.6.13.151) with Microsoft SMTP Server (TLS) id 14.3.361.1; Tue, 24 Oct 2017 15:54:51 -0400
Received: from postmark.nist.gov (129.6.16.94) by mail-g.nist.gov (129.6.42.33) with Microsoft SMTP Server id 14.3.361.1; Tue, 24 Oct 2017 15:54:57 -0400
Received: from [129.6.105.183] (cooper-optiplex-9010.campus.nist.gov [129.6.105.183]) by postmark.nist.gov (8.13.8/8.13.1) with ESMTP id v9OJsixl015832 for <tls@ietf.org>; Tue, 24 Oct 2017 15:54:44 -0400
CC: "tls@ietf.org" <tls@ietf.org>
References: <cde0e322-797c-56e8-8c8d-655248ed7974@nist.gov> <FB95CAC8-C967-4724-90FB-B7E609DADF45@akamai.com> <8A5E441B-90B7-4DF4-BD45-7A33C165691B@gmail.com> <3BA34D7B-BB04-4A1F-B18A-B0AC25402C4B@gmail.com>
From: "David A. Cooper" <david.cooper@nist.gov>
Message-ID: <0f9073f5-271b-a741-1a1e-f20ebc506d61@nist.gov>
Date: Tue, 24 Oct 2017 15:54:51 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <3BA34D7B-BB04-4A1F-B18A-B0AC25402C4B@gmail.com>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-NIST-MailScanner-Information:
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/uAGEKurZtxuY5OMfhJV4rdQMgm0>
Subject: Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2017 19:55:05 -0000

Why would these schools settle for a half measure that only allows them 
to snoop on traffic between their students and servers provide the keys 
to their Internet traffic to the schools? If a school wants to snoop on 
its students' traffic, it would do so in a much easier way than using 
draft-rhrd-tls-tls13-visibility, in the same way that some enterprises 
today use middleboxes to inspect all outgoing traffic.

This browser that students would be required to use would be one that 
has a CA controlled by the middlebox installed as a trust anchor. 
Whenever one of the students' clients tries to connect to an external 
secure site, the middlebox-controlled CA issues a certificate for that 
site so that the connection can be terminated at the middlebox. The 
middlebox then establishes a secure connection with the end server, thus 
setting up the middlebox as a MiTM.

There are already middleboxes on the market today that do this. They 
work for all outgoing connections and don't require any cooperation 
whatsoever from the outside servers that the clients are trying to 
connect to, and only expert users would notice the presence of the MiTM.

Given that such an effective and simple-to-implement solution is already 
available today, why would these schools be so anxious to use a 
complicated-to-implement and largely ineffective solution such as 
subverting draft-rhrd-tls-tls13-visibility for improper purposes?

On 10/24/2017 03:36 PM, Yoav Nir wrote:
>> On 24 Oct 2017, at 22:27, Ralph Droms <rdroms.ietf@gmail.com>; wrote:
>>
>>
>>> On Oct 24, 2017, at 3:23 PM, Salz, Rich <rsalz@akamai.com>; wrote:
>>>
>>> I use an airplane as an example of a “captive” population, substitute any similar group you want.
>>>
>>> 	• Yes, any box that sits between the client and the server can drop traffic for whatever reason it wants. Such a box could today drop any traffic that is protected using TLS.
>>>
>>> True, but that’s not the point.  The point is by adding this extension into the clientHello, we are providing middleboxes with another knob to control traffic.  I think we want to avoid that. And keep in mind it’s not just HTTP, but *any* TLS-using traffic, such as many VPN’s.  It wouldn’t necessarily enable spying, but it could be used to guarantee that all traffic is amenable to spying.
>>>
>>> As for how would such clients get promulgated?  Some simple scenarious include “surf for free on your flight, but use our Chromium-based browser to do so, available for free here.”    How many people on the plane would click and download?
>> Just to make sure I understand, in this scenario the special-purpose browser could just as easily, today, be a browser with no TLS at all?   That is, I don't see why this scenario is specific to the visibility extension.
> Think of the children.
>
> We can’t just let them loose on the Internet, there’s predators out there. So we will snoop on their traffic.  To do that, we block all traffic that isn’t snoopable, and we do it at the edge router in schools.  All schools in our state are required by law to install a firewall that does this. And we get the mobile operators to do so as well (only for handsets in schools).
>
> Now either the mobile OS vendors make a browser that works in schools (at least with a setting), or the school recommends a third party browser that works in school. And best of all, this is *more secure* than regular TLS 1.3, because it also protects your children from Internet predators. Think of the children.
>
> You can’t make a claim like that for an HTTP-only browser, and worse still, it won’t work on much of today’s Internet.
>
> Yoav