Re: [TLS] OpSec WGLC for draft-ietf-opsec-ns-impact

"Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com> Wed, 19 August 2020 18:45 UTC

Return-Path: <ncamwing@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46B5C3A094B; Wed, 19 Aug 2020 11:45:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Oa2PQEOt; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=mOZaxKYj
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YaU5mEt2FlNj; Wed, 19 Aug 2020 11:45:48 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7714E3A096B; Wed, 19 Aug 2020 11:45:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4406; q=dns/txt; s=iport; t=1597862748; x=1599072348; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=KK5P8tz4MWRdsN3mEqP4osoqweFInoVuy8HDn0IzyRE=; b=Oa2PQEOtD6pV5bcOjfd6+IboqAzV6sNTQVzCfKBLIvw6jYybqGgnUqtn qhSfaZa22DoUK2ZGZu3kW5l8c1ij6j5YEMKYNjTK0NsskYbH3SKTuSem8 sS5AQU9+fndrMwOH4iC1P05EY0Ziurmn55sZn+NoxDhLsQIw+ssuPOxpm k=;
IronPort-PHdr: =?us-ascii?q?9a23=3AZlIQNBMIVzkFchljPeMl6mtXPHoupqn0MwgJ65?= =?us-ascii?q?Eul7NJdOG58o//OFDEvKwx3kPNR4DLrfVehLmev6PhXDkG5pCM+DAHfYdXXh?= =?us-ascii?q?AIwcMRg0Q7AcGDBEG6SZyibyEzEMlYElMw+Xa9PBtJHNz7dxvVuHLhpTIXEw?= =?us-ascii?q?/0YAxyIOm9E4XOjsOxgua1/ZCbYwhBiDenJ71oKxDjpgTKvc5Qioxneas=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DICQDWcT1f/4gNJK1ZBoEJgxwjLgd?= =?us-ascii?q?wWC8sCoQtg0YDjV2YbIFCgREDVQsBAQEMAQEYCwoCBAEBhEwCF4IaAiQ4EwI?= =?us-ascii?q?DAQELAQEFAQEBAgEGBG2FXAyFcgEBAwEBARAREQwBASwLAQ8CAQgODAImAgI?= =?us-ascii?q?CJQsVEAIEAQ0FIoMEAYJLAw4gAQ6mXQKBOYhhdoEygwEBAQWCSoJmGIIOCYE?= =?us-ascii?q?OKoJxg2KGLx0bggCBESccgk0+glwBAYFFAggQgxczgi2QCw+Ca5IOMpByCoJ?= =?us-ascii?q?iiGSGTIpyAx6DAYEjiDuILIsckj+fRAIEAgQFAg4BAQWBaiOBV3AVOyoBgj4?= =?us-ascii?q?JRxcCDY4rF4NOhRSBcINSdDcCBgEJAQEDCXyPMgGBEAEB?=
X-IronPort-AV: E=Sophos;i="5.76,332,1592870400"; d="scan'208";a="794906597"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 19 Aug 2020 18:45:46 +0000
Received: from XCH-ALN-002.cisco.com (xch-aln-002.cisco.com [173.36.7.12]) by alln-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 07JIjkuW014493 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 19 Aug 2020 18:45:46 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-ALN-002.cisco.com (173.36.7.12) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 19 Aug 2020 13:45:46 -0500
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 19 Aug 2020 13:45:46 -0500
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 19 Aug 2020 14:45:45 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Du5yF6e/8mpZbvcroZgdaeoWZbVH8uQ5Xx7l3oKw4LFpUCGT717bZb7zR5KZ9y63pagpRS1mZNqmRRCVAgXHt9/Tt5lQxCQEIm50SN7YVdAY63ifVj1oOoaPPClXDk1XxhctUfVobee+LV5ZdRaSVc+Gbcfk9B0QVPHPRxkrWWmwKpHQjFQ3qRPajqfkbCgQYSpx+GR989u1IoNwB4e2aagQ8Qnj0GWKmf7xXERa26HZvzULZcwBv0sFWy2AuOOaS4LUjLI4Pf9S/7MgLJRhIBWixrvO097u0P//mx0jNIY+me6keYqcu10mirzCH9loKyV1SYtBnsbYMYSjhhJHqQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KK5P8tz4MWRdsN3mEqP4osoqweFInoVuy8HDn0IzyRE=; b=j1g/0iH7cJTLmnNhuRkBnPEs+qMpgtUe0oyiB6j/QNQ5mqS5dmLXsEsK/Y5ZEgkxSVAqihWagj3ZsXm/nedUO9w/MC1QPE4c+5HgJZNLdQWQAgCIDaOrsDANNgQhbvOCqqe462tYJRfXtkqXeS9tOv/hOjdFvvxtdQSXmscAX290K7tv52JweYKmee+C3mA6hojAmNk0sapX9YS98awYNLaHy4vMMPrc1T0HH2x4aAClqKwGUquXyoFvYJuPdf1HwUqyd0Yz7uvtkmzvxTYKkZ11fE1rkwiBB3jw7OrNMegr46T5sHJcSlG0xq2xckCqY8erLPjIDlPGfQLyCmmjPw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KK5P8tz4MWRdsN3mEqP4osoqweFInoVuy8HDn0IzyRE=; b=mOZaxKYjgp0FzopqX98FD8o4eblD0fkMEjwaAh3+yDy2vY7FZWADjJDnTKLDMx/St1QPBGsuE7KlVt+h6B2EEbaTzV+DZll3Qa63a62m1ntU0DFB1zM9FI0pF2QtZ4tpPk41ME+AGBEpAu/y7xDzdRjMGFbzU4wVyEN8JKYGceU=
Received: from BY5PR11MB4070.namprd11.prod.outlook.com (2603:10b6:a03:181::16) by BYAPR11MB3158.namprd11.prod.outlook.com (2603:10b6:a03:1c::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3283.27; Wed, 19 Aug 2020 18:45:44 +0000
Received: from BY5PR11MB4070.namprd11.prod.outlook.com ([fe80::6945:e1a2:7eff:5f4c]) by BY5PR11MB4070.namprd11.prod.outlook.com ([fe80::6945:e1a2:7eff:5f4c%7]) with mapi id 15.20.3305.025; Wed, 19 Aug 2020 18:45:44 +0000
From: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
To: Nick Lamb <njl@tlrmx.org>, "tls@ietf.org" <tls@ietf.org>
CC: "opsec@ietf.org" <opsec@ietf.org>
Thread-Topic: [TLS] OpSec WGLC for draft-ietf-opsec-ns-impact
Thread-Index: AQHWdKy3EuzQbe4YYUORvBwC+sTNmak/UzCA
Date: Wed, 19 Aug 2020 18:45:44 +0000
Message-ID: <2B1FF3B4-949A-4A29-ABDC-B2B91878B947@cisco.com>
References: <20200817163938.07580cee@totoro.tlrmx.org>
In-Reply-To: <20200817163938.07580cee@totoro.tlrmx.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.18.200713
authentication-results: tlrmx.org; dkim=none (message not signed) header.d=none;tlrmx.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [73.162.233.180]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 152f7ff4-b1e0-4c66-edc6-08d8447014c6
x-ms-traffictypediagnostic: BYAPR11MB3158:
x-microsoft-antispam-prvs: <BYAPR11MB3158A4C572F24EC7DF6AF4C7D65D0@BYAPR11MB3158.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9hXv/KRu/LvLFxTm536njZUFvqY/jcq21xQxOpBOWSEp35ZylCiEe9rtumyuWe2a2cRFknlqOQ8SN7HTG7JmLhe70R85VsGEhc8NaFL2MYDJT3d32EsPdcEA0ZIVYzwUYNJTEwY3l2t1E27dLd9OZR6Zzh/9giineN1FsRJN3J+bQZ/AXwOqP807kCCWywVMRM++ar6BqDsTrsDUxQvyktdwMhLWisO1Bv/5/M/YJILwtBs1peDvYfr/mAqBkWmA7BE9GtXoG/9AuQaSwG6G323fC5xeoGtLP95GUFFg6c8727Uc4hWrmCDrdGdVQ4GjwNQo5nXvGibMpeI9mbTyqjT6Jk1t6ch9YzBx7xHoWomyFqIH6yeuSMeaDs+yMINo6vaB21C4sDpPNepnHDfBJw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR11MB4070.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(6029001)(4636009)(376002)(346002)(136003)(396003)(39860400002)(366004)(66446008)(66556008)(66476007)(110136005)(66946007)(71200400001)(76116006)(36756003)(316002)(2906002)(5660300002)(83380400001)(86362001)(2616005)(33656002)(8936002)(4326008)(478600001)(64756008)(6512007)(8676002)(966005)(26005)(6486002)(6506007)(186003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: frMzIh0jEPtKPrLNqK9kXOJP8Zb0cSV3T/X3bVeHqWW0BpjCiNK6aZqJo4NDzrVQiLnFe1rJ6fJXk26dBcEt+pf1MP6RquHoj1NzFm8R9PKeVra1ivY47FXCGAP3DtHyGwEPMyEBPZPkrf8JWg8vLRFOORVwTp94GjMG4xOsUqaADL1Axi+5B2CjcEMtyCn7Ws2dvLxiVnAzgAj6PmM41oViD7pkz9PD0tys1eP+JNBhFMyWnyj4I1ci6uBwH0cZVQuX9pzudTddxTPDhQU1gnrSR3Z2IQfNlwntJwu9OIqcjyxjNsl3u5pjd5jzXmcuzE7dC5tYgBDfcNDaBJRE9bS/wTnlSiTuVV0R1dPYIiAaANTxr7bDaGOhDN4UR930NULFEol5wt0AnAn3O7IgNlCoz5dMFEVf9VrnBviNOqxCmke01UXLVDST7s88NV9QepMMmREjNeQKwICaAoQS1UtPl7rNIT/0kWrV4Df2wLcAHzY89lXT+RxdtZVvMjVhASfwzM9dVj8gkuiBVBmVrL1WRbbWeZjjA9gj47HKqgSBUY3q3ffFu/2wEdKlxX7EkiJ/iLwHQyqttZXUPvyRIYAszL0l6Tx5xrkokZCNg0RtLBAHqsYhGDOSiaCWDfQQfRTqTmpRWu01PNqan0hwgA==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <0DFB3BBD104305438FF6B3B19B45C4EF@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4070.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 152f7ff4-b1e0-4c66-edc6-08d8447014c6
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2020 18:45:44.6803 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 85ulvsZ0is1cQreQS93eOq5yrZ3/tMh0S0SeqNRWsoB35BcZqt2KGe1vBsJ8FSvpQmZhJfXOeTXlWvSK/uhSIg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3158
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.12, xch-aln-002.cisco.com
X-Outbound-Node: alln-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/vh2BtGhYYNqBQ__nDgTNbpDwlLE>
Subject: Re: [TLS] OpSec WGLC for draft-ietf-opsec-ns-impact
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Aug 2020 18:45:52 -0000

Hi Nick,
Thanks for reviewing the doc, please see further responses/comments below:

On 8/17/20, 8:40 AM, "TLS on behalf of Nick Lamb" <tls-bounces@ietf.org on behalf of njl@tlrmx.org> wrote:

    I am not very familiar with IETF working group practices, however it
    strikes me as surely unusual to have a document enter Last Call
    (supposedly believed by its owners to be ready for publication) and yet
    immediately then be revised showing it was in fact not ready at all.
[NCW] It was an unfortunate oversight on my part as I somehow did not catch
Tom's feedback when I updated the draft until he pointed it out and I had to
go to the opsec mailarchive to retrieve his initial comments.   
I don't believe, we the authors made any notion that we were ready for publication;
I believe the last call process is to ensure there is more review before publication.
    
    However this seems to be what happened to draft-ietf-opsec-ns-impact.
    The below comments concern draft-ietf-opsec-ns-impact-02, the newer
    document.
    
    Section 4.1 Perfect Forward Secrecy ends:
    
    > TLS session data.ss
    
    I think this is a typographical error and the trailing "ss" should be
    removed from the document. If not it should be explained.
    [NCW] Thanks for catching it, a formatting remnant which will be removed.
    
    
    Section 4.2 Encrypted Server Certificate describes a practice which is
    inherently unsound. Passive inspection of the Certificate message from
    TLS 1.2 or earlier isn't a reliable source of information because a
    passive eavesdropper isn't able to discern whether the X.509 document
    presented corresponds to this server or not. The Client can confirm
    this using the TLS protocol but an eavesdropper can't. So the change in
    TLS 1.3 does not impact the practical security policy available, only an
    appearance is altered.
[NCW] The document describes what is in practice today with TLS 1.2 and 1.1
whether we believe it is unsound or otherwise, it is what is done today.
    
    Passive systems described throughout Section 5.1 fall to this same
    error, using the phrase "reduced effectiveness" which the document
    defines as not being "as effective on TLS 1.3 traffic" but in fact
    since this practice didn't work, it will remain exactly as effective
    (not at all) as before.
[NCW] Again, the document is describing what is in practice today.
    
    A related consequence passes into Section 5.2. Since the Certificate
    message is only reliable for a Client, it has in fact always been
    necessary to fully proxy the TLS session in order to rely on this data,
    so this is not in fact an impact from TLS 1.3 but (if it wasn't done
    previously for all versions) a vulnerability in such products.
[NCW] With TLS 1.2 the observer can see the handshake thru completion
with the Finished message before affecting a policy decision.
    
    
    As it stands then, this document is misleading.
    
    Nick.
    
    _______________________________________________
    TLS mailing list
    TLS@ietf.org
    https://www.ietf.org/mailman/listinfo/tls