Re: [TLS] draft-green-tls-static-dh-in-tls13-01

Ted Lemon <mellon@fugue.com> Fri, 14 July 2017 19:15 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 421491316A8 for <tls@ietfa.amsl.com>; Fri, 14 Jul 2017 12:15:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 567SwoWSifci for <tls@ietfa.amsl.com>; Fri, 14 Jul 2017 12:15:21 -0700 (PDT)
Received: from mail-pg0-x22b.google.com (mail-pg0-x22b.google.com [IPv6:2607:f8b0:400e:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17F41131690 for <tls@ietf.org>; Fri, 14 Jul 2017 12:15:21 -0700 (PDT)
Received: by mail-pg0-x22b.google.com with SMTP id j186so49742961pge.2 for <tls@ietf.org>; Fri, 14 Jul 2017 12:15:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=UePewbRvoDVav4WwzV0ZHk0hkOLnxMEUDnjLP1Ws570=; b=OdWgTey1GIua+tFxFJ4AFEhAfw5LOsWClh11rv8OywEIqIlnUMVv349y1Zwr+L28mg Bu/7rh5yx3MQqkLFsk6WvfHFcWZWR+u0toTTsBk+QKOKys0QO7Z2tFnTInGq0lEj5O6E 5+WKq3zKF/Oh16j82eeMRhL8Hxl0NleR7dob6mh6OTsl+l3jBy6Z8PIm6+d8fHnb0UE3 giRQulvPyhfaKJVu5ZvtJs/cVcNW8qFE5W/wYn+DfkrV+OIIYsmIcPxUkBL5Qn3UN8D8 OPvWNb5Rbfx2O83NkRFeaka9fWX+Y20EN0r+l1zOAWsCYURs+kOTjLNccN5HiNWao9CQ dYXA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=UePewbRvoDVav4WwzV0ZHk0hkOLnxMEUDnjLP1Ws570=; b=R74h78v6/OUEb0dwRsd2lS2aqPVsFW7/2vA5YqiAk9uLxCvgz8O4G9NdAhZTpmUALV fWcfPVX9kN6cLk6Rac0uB2iDhnli7Oi8g5HhwXITTKnZvxBmHfdhpFFpiO4iDE0YO8td LQpYVbRbsTOndZ6XTv9TGgwsTn1HnCnzi1hHIQ2CdguV6wtS1b60AgtYx/xs6p86e1hD LhO/Kmupv+s9jk/HHOarBaKE8asBSfYQUMqpLsB5l23juTr4cHLWSOC/EKO/Qyc8gncP 1u/D2TckUBA0qoTCeBTZRCOZ6kwsZSfsPyUvT+tEK6mj2IncFomD4QTQLcL3hop9eaas Hv1w==
X-Gm-Message-State: AIVw110YbjryLmiz+j0Lzf2LOWu4V+ouwIIugxWxklwQSB+yvujmX83p FnxHLr64kBcfhh1KhLe/C8fGnAH9Blap
X-Received: by 10.99.105.4 with SMTP id e4mr16787315pgc.228.1500059720529; Fri, 14 Jul 2017 12:15:20 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.181.42 with HTTP; Fri, 14 Jul 2017 12:15:19 -0700 (PDT)
Received: by 10.100.181.42 with HTTP; Fri, 14 Jul 2017 12:15:19 -0700 (PDT)
In-Reply-To: <6AF150DF-D3C8-4A4A-9D56-617C56539A6E@arbor.net>
References: <CAPCANN-xgf3auqy+pFfL6VO5GpEsCCHYkROAwiB1u=8a4yj+Fg@mail.gmail.com> <CAOjisRxxN9QjCqmDpkBOsEhEc7XCpM9Hk9QSSAO65XDPNegy0w@mail.gmail.com> <CABtrr-XbJMYQ+FTQQiSw2gmDVjnpuhgJb3GTWXvLkNewwuJmUg@mail.gmail.com> <72BACCE6-CCB9-4DE9-84E6-0F942E8C7093@gmail.com> <a0a7b2ed-8017-9a54-fec0-6156c31bbbfa@nomountain.net> <6AF150DF-D3C8-4A4A-9D56-617C56539A6E@arbor.net>
From: Ted Lemon <mellon@fugue.com>
Date: Fri, 14 Jul 2017 21:15:19 +0200
Message-ID: <CAPt1N1mmg6d7WNcM=RecK4vbLvjoTQd4ND8iwtrp=cQzXsPAsw@mail.gmail.com>
To: Roland Dobbins <rdobbins@arbor.net>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c140dcec8cee905544bde94"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/z0zXhMGo2AEV5XMy_83_c2iZa5o>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jul 2017 19:15:23 -0000

It seems to me that all the use cases you just described require the
*client* to have a static key, since the client is the thing that the
operator controls. If the client uses an unknown key, is malware or
unauthorized.

On Jul 14, 2017 20:42, "Roland Dobbins" <rdobbins@arbor.net>; wrote:

> On 15 Jul 2017, at 1:01, Melinda Shore wrote:
>
> It might make sense to kick it over to ops for a discussion with people
>> whose meat and potatoes is monitoring, management, and
>> measurement.
>>
>
> As someone who is ops-focused, I think this is an excellent suggestion!
>
> There have been several assertions posted to the list recently regarding
> various aspects of security and their intersection with encryption.  It may
> be useful to take a moment and clarify a few of them.
>
> With regards to DDoS mitigation as it relates to encrypted attack traffic,
> only a subset of attacks in a subset of situations can actually be
> adequately mitigated without full visibility into (and often the ability to
> interact with) the traffic within the cryptostream.  There are various ways
> to approach this issue, including full session termination and
> 'transparent' detection/classification, the latter of which isn't of course
> feasible in a PFS scenario.  Each of these general approaches has its
> advantages and drawbacks.
>
> Very specifically, fingerprints of encrypted streams are not in fact
> adequate for DDoS defense; again, they're only useful for a subset of
> attack types in a subset of situations.
>
> In the case of detecting and classifying hostile activity within a given
> network - which isn't limited to malware spreading, but includes data
> extraction, attempts at unauthorized access, attempts at subverting
> additional devices, et. al. - the same basic caveats apply.  It is not in
> fact possible to adequately detect and classify all, or even a large
> subset, of hostile network traffic without visibility into the
> cryptostream.  There are some gross behaviors which can be
> detected/classified whilst standing outside the tunnel, but assertions to
> the effect that all or most of what's required in this arena is possible
> without visibility (one way or another) into the relevant encrypted traffic
> are incorrect.
>
> It's also important to understand that inserting proxies into multiple
> points of a network topology is not cost-free, nor an unalloyed good.  It
> is impractical in many circumstances, and has highly unwelcome side-effects
> in many more, including a negative impact on reliability, performance, and
> availability, as well as broadening the potential attack surface.  Endpoint
> monitoring does not scale well, is often impossible to implement due to
> both technical and administrative challenges - and one can't really trust
> endpoints to self-report, anyways, as they can be subverted.
>
> In many scenarios, one form or another of network-based visibility into
> encrypted traffic streams within the span of administrative control of a
> single organization is legitimate, vital and necessary.  It is not
> 'wiretapping', any more than tools such as tcpdump or telemetry formats
> such as IPFIX and PSAMP can be categorized as 'wiretapping'.  The fact is,
> the availability, confidentiality, and integrity of systems, applications,
> and networks that everyone on this list relies upon is highly dependent
> upon the ability of organizations to have visibility into encrypted traffic
> streams within their own networks, for purposes of security as well as
> testing and troubleshooting.
>
> How this can be accomplished is a matter for further discussion.  But it's
> important that everyone focused on this topic understands that it is simply
> not possible to successfully defend against many forms of DDoS attacks nor
> to detect and classify hostile network traffic in the context of encrypted
> communications without visibility into the traffic in question, via some
> mechanism.  The same goes for troubleshooting complex problems.
>
> Those with operational experience at scale will likely recognize and
> acknowledge the difficulties and challenges noted above; others may wish to
> consider these factors and their impact on the operational community and
> the networks, services, and applications for which they are responsible,
> and upon which we all depend, every day.
>
> -----------------------------------
> Roland Dobbins <rdobbins@arbor.net>;
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>