IETF Logo Mail Archive

[TLS]Trust Anchor Negotiation Surveillance Concerns and Risks

Devon O'Brien <asymmetric@google.com> Sat, 20 July 2024 01:28 UTC

Return-Path: <asymmetric@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A9A7C15154D for <tls@ietfa.amsl.com>; Fri, 19 Jul 2024 18:28:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m33q9l4r-xwI for <tls@ietfa.amsl.com>; Fri, 19 Jul 2024 18:28:33 -0700 (PDT)
Received: from mail-qt1-x82f.google.com (mail-qt1-x82f.google.com [IPv6:2607:f8b0:4864:20::82f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04A3BC15106C for <tls@ietf.org>; Fri, 19 Jul 2024 18:28:32 -0700 (PDT)
Received: by mail-qt1-x82f.google.com with SMTP id d75a77b69052e-447df43324fso445661cf.1 for <tls@ietf.org>; Fri, 19 Jul 2024 18:28:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1721438911; x=1722043711; darn=ietf.org; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=Is7P/QRJRKg4IBQ2Lnb/c1JxopWdmIIq7BupLU+q6mI=; b=r7wgGTYWzLs5+8Yofb13Zh+d7QvKQBYWuX0okxaWkAjyyicnl7ufo/5uQmnzOS2tyF Gg4kR2GPiTl17q3JFPeV7Tc/JpGVv+HHUgKbPTQmDfdpRNGqXQ1VI0qqVhlu6/T6MtT2 4ej2dITJFC2Sk2TJO9nBFuzdJBPtueuM5AGMsfzVtjBk7T2rp6+OHeG6buPioUkkUH9K pzpl017PvPUnDdiBhHJjMUO7qX2y8CvNDXnVbPzrBP49MvllPqv3Vg7luqoevIM4hmbG mJolAOct05fII03BijYn0lwwS5PXl46ANUV6ZdNbOXW0ctINRUQP9pnl6AwGnOY0eD8T nDWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721438911; x=1722043711; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Is7P/QRJRKg4IBQ2Lnb/c1JxopWdmIIq7BupLU+q6mI=; b=IzdBye8XfSfmS0xE3scdW+c4TUSDbouWUEUIizsME2gwUFK+q42j80UHEjN0WM0K8r Lrhpgp/+v3qalXpRoufJ9t/D4meePxtiTiQCi2LRR+dKTKZBbO8CmiTkroeY9htIm2lb LTiSF37oMJa26IXeqQsxRuiSOn4JV1bsaJda2YfUcAvH+mESyCWLJhblApl1WUKvkKmk 6vpVBXiNjwu02g31nnC/85+Td8xnAB7kadV/+MEAv+nwD+iciQbNC7AdH/7s+yo0D7fI rAzZHQa8mxt0vGlOiV/Yo+01vpZBKuTjY1XUoVrFNyXfYW1OLzUuPdg9kIZ+53gpMs2J /iOw==
X-Gm-Message-State: AOJu0YyyM5QNE0QkWihtznsVJusHeUVm1Cjr5/M6nI0kwxo3ZMm2N56g bPx/JVQMKQAcrgsFXCwnEhdyU78HKx5zrr5F8F9Tvbj3o7EAwkb0Sn6J8zS3S6b73zlftlQK8Te 5vPFGb1Vh2U0zz5CS84RoeIDrHcMax0YOlgKuiK2td+4Dv5ugMvF5b64=
X-Google-Smtp-Source: AGHT+IFiUmnI8ZuGUyq1qlVnfYk5Vqsm0EU2mONdFDy6LHr4sshyyRPDou2aVr7d0/+1zH0u1rOJHFq7su0LSXOLWK4=
X-Received: by 2002:a05:622a:44e:b0:447:db2d:1f95 with SMTP id d75a77b69052e-44fa7da377cmr697981cf.28.1721438911382; Fri, 19 Jul 2024 18:28:31 -0700 (PDT)
MIME-Version: 1.0
From: Devon O'Brien <asymmetric@google.com>
Date: Fri, 19 Jul 2024 18:28:20 -0700
Message-ID: <CAD2nvsT4qWqudiv1C1wZn6rB4_s-9EDENq5TXEbxr_ygcMFjDQ@mail.gmail.com>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d12b53061da3ba26"
Message-ID-Hash: EJ2JQTNWJBERHNHQOMRRKNLH5VPO4JXF
X-Message-ID-Hash: EJ2JQTNWJBERHNHQOMRRKNLH5VPO4JXF
X-MailFrom: asymmetric@google.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Bob Beck <bbe@google.com>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Trust Anchor Negotiation Surveillance Concerns and Risks
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/vkgEg947W6Ip21uHSw3UuMMEd3o>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Hi all, We’ve added a document that attempts to summarize, and offer an
initial analysis of, several of the scenarios that have been raised in
on-list discussions related to the possibilities that Trust Expressions (or
more broadly, Trust Anchor Negotiation) could be used to enable
surveillance, or to make surveillance easier to achieve than with existing
solutions.

We’ve been adding to this document for some time, and while there is
overlap with the documents that Dennis has recently shared, it is not a
response to them, as it was nearly complete by the time they were posted.
Our goal is for this analysis to be complete and accurate, so we will
incorporate additional scenarios, arguments, and analysis over time based
on the ensuing discussion.

https://github.com/davidben/tls-trust-expressions/blob/main/surveillance-and-trust-anchor-negotiation.md

As with any of the other documents in the repository, we encourage you to
ask on list, or file a github issue if you feel we have missed something or
that our analysis is incorrect

We look forward to the WGs comments and hope to see those coming to
Vancouver next week.

- Devon, Bob, David

v2.37.1 | Report a Bug | By Email | System Status