Re: [TLS] chairs - please shutdown wiretapping discussion...

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 12 July 2017 15:18 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97B1D12FEE1 for <tls@ietfa.amsl.com>; Wed, 12 Jul 2017 08:18:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Level:
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6nemQIix5lur for <tls@ietfa.amsl.com>; Wed, 12 Jul 2017 08:18:27 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B850E1298BA for <tls@ietf.org>; Wed, 12 Jul 2017 08:18:27 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 12DACBE5B; Wed, 12 Jul 2017 16:18:25 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 81ouKb2g4b_N; Wed, 12 Jul 2017 16:18:24 +0100 (IST)
Received: from [134.226.36.93] (bilbo.dsg.cs.tcd.ie [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id D0F0EBE4C; Wed, 12 Jul 2017 16:18:24 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1499872704; bh=lEWzg7LfXBstM/D7v0vnZYPq/4xeX+/g7H+FaCCWMjg=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=FXOYpHYzM0i7DSH7UoKczb1GW707nkG+dJAmi26Z5wHNXdOpa0d4TpXXOYBvX3W4b qq4Bnsug2KdzGNFvjBQeJZQSnNuzDc0ofgYsFakIgPv/1OBEb63Y1+Dhomz4L4tded yY39rYfUs/zeFPPs/NQBE1r3aXJQF8r2QWGnQTvE=
To: Kyle Rose <krose@krose.org>, Ted Lemon <mellon@fugue.com>
Cc: "Polk, Tim (Fed)" <william.polk@nist.gov>, IETF TLS <tls@ietf.org>
References: <E9640B43-B3AD-48D7-910D-F284030B5466@nist.gov> <CY4PR14MB13688370E0544C9B84BB52A3D7A90@CY4PR14MB1368.namprd14.prod.outlook.com> <9693fc25-6444-e066-94aa-47094700f188@cs.tcd.ie> <CY4PR14MB1368BA01881DD9495FE86DF0D7A90@CY4PR14MB1368.namprd14.prod.outlook.com> <d806a69c-af30-c963-a361-91075332a61b@cs.tcd.ie> <F87D7646-DC53-4EF8-A2D8-D0939A0FB351@vigilsec.com> <b9001044-83d7-805c-2a49-c2780401bbf8@cs.tcd.ie> <C4125902-CA3A-4EA8-989B-8B1CE41598FB@fugue.com> <0c87999c-9d84-9eac-c2c4-0f1fc8a70bdb@cs.tcd.ie> <6DA3E09E-5523-4EB2-88F0-2C4429114805@fugue.com> <CAJU8_nWpzZY5-0B1d8D6ced1Us3N63DC92FMLbn+t4RyE=fLcw@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <eeed8398-f845-2bdf-578b-56eb74bbe736@cs.tcd.ie>
Date: Wed, 12 Jul 2017 16:18:23 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <CAJU8_nWpzZY5-0B1d8D6ced1Us3N63DC92FMLbn+t4RyE=fLcw@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="RgrM2nDl7ackvo7DXBxpoLcUBPQcrD7kp"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ufhePdiuzBbtuwice-rxPyiTvxk>
Subject: Re: [TLS] chairs - please shutdown wiretapping discussion...
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jul 2017 15:18:30 -0000


On 12/07/17 13:24, Kyle Rose wrote:
> This proposal (and related proposals involving encrypting session keys to
> inspection boxes, either in-band or OOB) violates condition 2 because one
> endpoint would have to intentionally take action to deliver the session key
> or private DH share to the third party.

I agree if there are only two parties, i.e. some deployments
of schemes like this wiretapping scheme, do not meet the
definition of wiretapping in 2804.

> If one endpoint is feeding
> cryptographic material to a third party (the only way that information gets
> out to the third party, vulnerabilities notwithstanding), they are
> collaborating, not enabling wiretapping.

That's nonsense. In the POTS case, telcos are collaborating
with their local LEAs and that is wiretapping. Claiming that
no deployment of this scheme (e.g. the SMTP or wordpress.com
type ones already described on the list) meets the 2804
definition is just silly.

S.