Re: [TLS] TLS and middleboxes again

Chris Richardson <chris@randomnonce.org> Tue, 30 August 2011 14:56 UTC

Return-Path: <chris@randomnonce.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAA7421F8B47 for <tls@ietfa.amsl.com>; Tue, 30 Aug 2011 07:56:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level:
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bAD65enaGU4R for <tls@ietfa.amsl.com>; Tue, 30 Aug 2011 07:56:55 -0700 (PDT)
Received: from mail-qy0-f179.google.com (mail-qy0-f179.google.com [209.85.216.179]) by ietfa.amsl.com (Postfix) with ESMTP id 0561E21F8B4C for <tls@ietf.org>; Tue, 30 Aug 2011 07:56:54 -0700 (PDT)
Received: by qyk35 with SMTP id 35so4122199qyk.10 for <tls@ietf.org>; Tue, 30 Aug 2011 07:58:22 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.237.77 with SMTP id kn13mr1808980qcb.105.1314716302434; Tue, 30 Aug 2011 07:58:22 -0700 (PDT)
Received: by 10.229.190.211 with HTTP; Tue, 30 Aug 2011 07:58:22 -0700 (PDT)
X-Originating-IP: [96.244.254.104]
In-Reply-To: <036F4DE5-2E91-4946-87E2-F3258038E511@checkpoint.com>
References: <20110825073046.30318.5618.idtracker@ietfa.amsl.com> <036F4DE5-2E91-4946-87E2-F3258038E511@checkpoint.com>
Date: Tue, 30 Aug 2011 10:58:22 -0400
Message-ID: <CADKevbAoC=p+bxLb9HWVrrV3ybfkHUPDUMzS4ZLYo=0vopz4ww@mail.gmail.com>
From: Chris Richardson <chris@randomnonce.org>
To: Yoav Nir <ynir@checkpoint.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: "tls@ietf.org List" <tls@ietf.org>
Subject: Re: [TLS] TLS and middleboxes again
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Aug 2011 14:56:57 -0000

If the middlebox is inserting KeyShareInfo records into the stream,
then it must modify the TCP sequence number on all future packets in
the handshake.  One cannot use a "dumb" middlebox that modifies the
handshakes and nothing more.

Perhaps an out-of-band keysharing mechanism would be better.

On Thu, Aug 25, 2011 at 3:39 AM, Yoav Nir <ynir@checkpoint.com> wrote:
> Hi all
>
> Several weeks ago, Dave McGrew submitted a draft for improving the workings of TLS proxies. As expected, this generated a lot of controversy, with some people saying that they'd rather hand over the session keys to the middlebox than to standardize a MitM attack.
>
> I was on the other side of that debate, but one problem with comparing the two alternatives is that for proxies there are several commercial products and Dave's draft, while there's nothing for key sharing. To remedy that, and help the discussion along, I've submitted the below draft. Comments and additional controversy are very welcome.
>
> Yoav
>
> Begin forwarded message:
>
>> From: "internet-drafts@ietf.org" <internet-drafts@ietf.org>
>> Date: August 25, 2011 10:30:46 AM GMT+03:00
>> To: "i-d-announce@ietf.org" <i-d-announce@ietf.org>
>> Subject: I-D Action: draft-nir-tls-keyshare-00.txt
>> Reply-To: "internet-drafts@ietf.org" <internet-drafts@ietf.org>
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>
>>       Title           : A Method for Sharing Record Protocol Keys with a Middlebox in TLS
>>       Author(s)       : Yoav Nir
>>       Filename        : draft-nir-tls-keyshare-00.txt
>>       Pages           : 11
>>       Date            : 2011-08-25
>>
>>   This document contains a straw man proposal for a method for sharing
>>   symmetric session keys between a TLS client and a middlebox, so that
>>   the middlebox can decrypt the TLS-protected traffic.
>>
>>   This method is an alternative to the middlebox becoming a proxy.
>>
>>
>> A URL for this Internet-Draft is:
>> http://www.ietf.org/internet-drafts/draft-nir-tls-keyshare-00.txt
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>