Re: [TLS] Breaking into TLS to protect customers

Daniel Kahn Gillmor <> Mon, 19 March 2018 09:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3B94C127023 for <>; Mon, 19 Mar 2018 02:42:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id NZJIUqgA9NDD for <>; Mon, 19 Mar 2018 02:42:40 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C565112E046 for <>; Mon, 19 Mar 2018 02:42:23 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTPSA id 9EA17F99A; Mon, 19 Mar 2018 05:42:22 -0400 (EDT)
Received: by (Postfix, from userid 1000) id 22E962039D; Mon, 19 Mar 2018 07:32:13 +0000 (GMT)
From: Daniel Kahn Gillmor <>
To: Yoav Nir <>, Ion Larranaga Azcue <>
Cc: "tls\" <>
In-Reply-To: <>
References: <> <> <> <>
Date: Mon, 19 Mar 2018 07:32:09 +0000
Message-ID: <>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature"
Archived-At: <>
Subject: Re: [TLS] Breaking into TLS to protect customers
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 19 Mar 2018 09:42:41 -0000

On Thu 2018-03-15 20:10:46 +0200, Yoav Nir wrote:
>> On 15 Mar 2018, at 10:53, Ion Larranaga Azcue <>; wrote:
>> I fail to see how the current draft can be used to provide visibility
>> to an IPS system in order to detect bots that are inside the bank…
>> On the one hand, the bot would never opt-in for visibility if it’s
>> trying to exfiltrate data…
> The presumption is that any legitimate application would opt-in, so
> the IPS blocks any TLS connection that does not opt in.

Thanks for clarifying the bigger picture here, Yoav.

So if this technology were deployed on a network where not all parties
are mutually trusting, it would offer network users a choice between
surveillance by the network on the one hand (opt-in) and censorship on
the other (opt-out and be blocked).  Is that right?

Designing mechanism for the Internet that allows/facilitates/encourages
the network operator to force this choice on the user seems problematic.
Why do we want this for a protocol like TLS that is intended to be used
across potentially adversarial networks?

datacenter operators who want access to the cleartext passing through
machines they already control already have mechanisms at their disposal
to do this (whether they can do so at scale safely without exposing
their customers' data to further risks is maybe an open question,
regardless of mechanism).

Mechanisms that increase "visibility" of the cleartext run counter to
the goals of TLS as an end-to-end two-party secure communications