Re: [TLS] Industry Concerns about TLS 1.3

[BITS Security <BITSSecurity@fsroundtable.org>]

Bill--We believe it isn't a binary choice between maximizing public Internet security and minimizing enterprise risk.  I am not advocating for a particular solution but if social media chooses to use PFS only that is fine with us and likely we would use PFS is many public Internet situations as well.  

That said, at least one of the sites you mentioned was known to have an APT inside their perimeter (Operation Aurora) for about a month and part of the tactics within that attack which was publicly reported was the use of "SSL" to mask C&C communications.  That's the type of threat we are concerned about inside of the enterprise network and we need visibility (and flexibility appropriate to our network design and risk tolerance) to solve for these issues in way that protects people like the ones you mentioned.  

End-point monitoring while useful has a lot of limitations:  logging issues, often can't meet packet capture requirements, etc.  We are not against end-point monitoring and do consider it a tool in the toolkit but it simply can't adequately replace robust network security monitoring tools.  

- Andrew 



-----Original Message-----
From: Bill Frantz [mailto:frantz@pwpconsult.com] 
Sent: Friday, September 23, 2016 9:31 PM
To: BITS Security <BITSSecurity@fsroundtable.org>
Cc: tls@ietf.org
Subject: Re: [TLS] Industry Concerns about TLS 1.3

On 9/23/16 at 2:24 PM, BITSSecurity@fsroundtable.org (BITS
Security) wrote:

>But general-purpose messaging services (and other collaboration
>services) which don’t have an explicit man-in-the-middle (and don’t 
>permit server-side access to user plaintext and can’t be observed by 
>other means) can’t be used in supervised environments. This rules out 
>many cloud-hosted services today.

I see a train wreck coming and it looks like this:

The public internet, Google, Cloud services, Facebook, Twitter, etc. etc. move in the direction of improving security using things like PFS, because the idea of protecting human rights advocates in the parts of the world where people are routinely tortured sells well to the general public, people like me, and others on this list.

On the other hand, some major enterprises continue to depend on being able to break the security of their employees to monitor their networks in ways that the bad guys can easily use, as opposed to installing endpoint or gateway monitoring.

This train wreck results in fewer and fewer public internet services being available to users within these enterprises. 
Eventually, employees give up on the corporate network and start using their cell phones to communicate with customers, research investments etc., completely bypassing the regulatory required monitoring.

This scenario says it doesn't matter whether TLS 1.3 and successors allows RSA. If they have any PFS modes, these will be the only ones public internet servers will accept. If they are turned off in enterprise clients, they will not be able to connect without going through a gateway which turns them on.

My conclusion is that enterprises that depend on being able to decrypt traffic without involving the endpoints should start moving to systems that do involve the endpoints.

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | Ham radio contesting is a    | Periwinkle
(408)356-8506      | contact sport.               | 16345 
Englewood Ave
www.pwpconsult.com |  - Ken Widelitz K6LA / VY2TT | Los Gatos, CA 95032