IETF Logo Mail Archive

Re: [TLS] Malware (was Re: draft-green-tls-static-dh-in-tls13-01)

Watson Ladd <watsonbladd@gmail.com> Mon, 17 July 2017 16:55 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16525131B4E for <tls@ietfa.amsl.com>; Mon, 17 Jul 2017 09:55:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ykaSuGbLbA2 for <tls@ietfa.amsl.com>; Mon, 17 Jul 2017 09:55:17 -0700 (PDT)
Received: from mail-pg0-x233.google.com (mail-pg0-x233.google.com [IPv6:2607:f8b0:400e:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71B81131B4A for <tls@ietf.org>; Mon, 17 Jul 2017 09:55:17 -0700 (PDT)
Received: by mail-pg0-x233.google.com with SMTP id u5so20289069pgq.3 for <tls@ietf.org>; Mon, 17 Jul 2017 09:55:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=7WYKJILxOjJKjwmxzInHJr481xJ+ON5EAz5mei0V/Rs=; b=i5QtJzUB9yvqjQ19ChXkpO7gl3vO+sVStGMURVw0PbcNWGP6UFoxpP+naN8qji8zoR lThl3SDdXCUoJIBbr5DT8k1vSV/TIi6LrEKcPfwZ5rhQjBz2Rm0W90lhjWtTwT9eWk0O rTbE7lMq8Kv5ef18eQlGk2tIlJ22L74pTpkve8psPfTCuymno8QvzwKWd094ynUgzVTw QiVzjSGIsNDn7XAmh6pNlMKgWXA6fyWMdJo52Nxt7ssWVyfvSCkDifoYPtZagBiLNhpM u9AB+qy6RdmdXT+mjHNVbMu5H4p+oV8BaZ/jqYo9DKyFWO9MSYQ/2A5oa/E8Ud7RtjIg q1zw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=7WYKJILxOjJKjwmxzInHJr481xJ+ON5EAz5mei0V/Rs=; b=tF9WzeechtuTg2ztBxOWlWszezld6qffSHD/0nnoK9sFy5+Nwv3Z7xm7PiYv6MhbzB HdtvcTTtMvBoDkn0GzUiwje1lbowpX/cD58OsotolWcUJLcacd2dAt6yyZegOaYCk/iC 5dCXWVdCKqzzZQtVLus0TMADvmr9fFnuAsq9ykVG61q5dZL4HAOP+2+0ifVmgQK0T+L6 olK+dn7BcMubUXCisS6YNfeCtMwj3OwrHC4viG1f2RQZruSpFVZeclatd2LlwI2WPVjY NSX06jP1jwnYaxGvl/+mgo4C2bq23n0hEsz7bDM+Q2r/shn/KSMaBWGIMTk9I+DXbFxt tRDQ==
X-Gm-Message-State: AIVw110/AzqOBOme5+ylzfh8kl81wG2d30dHQYxc3QfTRDh5hVpBRaVx Ybc0vWOgkIF0HIqn9ju3nskt1l0d5Q==
X-Received: by 10.84.229.79 with SMTP id d15mr31879589pln.4.1500310517114; Mon, 17 Jul 2017 09:55:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.187.77 with HTTP; Mon, 17 Jul 2017 09:55:16 -0700 (PDT)
Received: by 10.100.187.77 with HTTP; Mon, 17 Jul 2017 09:55:16 -0700 (PDT)
In-Reply-To: <CACsn0ckBT29pqdrUk7DfcscmEmG8zoVn119gY+Y73FEuheJGTg@mail.gmail.com>
References: <CABkgnnU8ho7OZpeF=BfEZWYkt1=3ULjny8hcwvp3nnaCBtbbhQ@mail.gmail.com> <2A9492F7-B5C5-49E5-A663-8255C968978D@arbor.net> <CABkgnnX7w0+iH=uV7LRKnsVokVWpCrF1ZpTNhSXsnZaStJw2cQ@mail.gmail.com> <FDDB46BC-876C-49FC-9DAE-05C61BB5EFC9@vigilsec.com> <9C81BE7B-7C21-4504-B60D-96BA95C3D2FD@arbor.net> <CAEa9xj55jzch-v0mysbRSryNM0Y7Bdtevmrc3+FVxMO8EP5zWA@mail.gmail.com> <CC3CE5F8-C8C2-4A70-829D-483E26D20733@arbor.net> <CAEa9xj5eR6b_+CsSDArMWWr-u8hx5B81kDVEMEX8sgfUeMUS8g@mail.gmail.com> <C3B01C35-E3A2-4A8B-9DD7-D6E4153ED39F@arbor.net> <CAEa9xj6p0y9ZzxLJvtv9GDzzfs5s13nnLqm=4_fNDPGV+=Od8Q@mail.gmail.com> <BE4E8E4A-51FC-4211-A16F-EBA8B3F01757@arbor.net> <CAEa9xj7sVcGAR03f3pWsK7giFqmu7GRHN4gqh9Nb6uEAOM88Yw@mail.gmail.com> <637C97B3-DA63-4F61-8EB5-D938136D520C@arbor.net> <dfc93b70-0fa4-6cac-8c3d-5f2ff771f85d@a-oben.org> <64A2BAB5-5EAC-4608-9BF4-856CA0859042@arbor.net> <CACsn0cnXv_f_o4NEMMsYW7KQ8UqyEzhyYSAqyZpfsc4ddOr=eA@mail.gmail.com> <CACsn0ckBT29pqdrUk7DfcscmEmG8zoVn119gY+Y73FEuheJGTg@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Mon, 17 Jul 2017 09:55:16 -0700
Message-ID: <CACsn0cmmrGd1Q4-GmbJ2VNXUUgKyX18_MsBQmuA2e86bPcLxMQ@mail.gmail.com>
To: Roland Dobbins <rdobbins@arbor.net>
Cc: Simon Friedberger <simon.tls@a-oben.org>, tls@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c19ecb46ceb71055486437e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/yLcbVhrR8uk17v0mIoH_8g1Ckis>
Subject: Re: [TLS] Malware (was Re: draft-green-tls-static-dh-in-tls13-01)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jul 2017 16:55:19 -0000

On Jul 17, 2017 9:48 AM, "Roland Dobbins" <rdobbins@arbor.net> wrote:


On 17 Jul 2017, at 18:40, Simon Friedberger wrote:

I'm not sure the same considerations should apply to both those situations.
>

Actually, they do, when you're on your network prior to the egress point -
apologies for being unclear about that.

Many enterprises force all outbound user-generated traffic through proxies,
which then inspect TLS-wrapped traffic, blocking bad traffic (like data
exfiltration) while then opening up proxy connections for legitimate
traffic, FYI.

Conversely, they do the same with inbound traffic in response to said
user-generated traffic, and block things like malware downloads.


So FS has no impact on this, correct?


-----------------------------------
Roland Dobbins <rdobbins@arbor.net>


_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email