IETF Logo Mail Archive

Re: [Uta] Kathleen Moriarty's Discuss on draft-ietf-uta-tls-attacks-04: (with DISCUSS)

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 14 October 2014 14:22 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AB8F1A8862; Tue, 14 Oct 2014 07:22:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LUdE71SDCMO2; Tue, 14 Oct 2014 07:21:59 -0700 (PDT)
Received: from mail-lb0-x22e.google.com (mail-lb0-x22e.google.com [IPv6:2a00:1450:4010:c04::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A16C1A8789; Tue, 14 Oct 2014 07:21:58 -0700 (PDT)
Received: by mail-lb0-f174.google.com with SMTP id p9so8289517lbv.19 for <multiple recipients>; Tue, 14 Oct 2014 07:21:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=xfGecDTI/r36/qZv8SnoDbKIiVTTwytfiQtUHxtMJNo=; b=D3JieEQxYc084wYArBpfVbBKsUeFz78035Wme3bbaQCM9HPQJfJFb1/jG30IvITH37 V8PFIKDP+fsMWeMhQBDcX9vEN5RAl0k8u8zQ4FqwjV5DwIQt9U+kEaVZubfLlSItBGmZ RyMXWBS9gY2kw/tJL2n6/5mM6NNleM3N9HoVu1RzNsKwPhSWnMDFw+WePMOfJJElegBM Lz3UFDPczuSphdr01kNzG9um0mgnKQZ/L8cl3txaHRRvTtwueHZbimto27z8J59TSfEX GmQlWrIZahAAW69oYnJf5Rc4I9vs4vO9R7t4fjnMmW6+hQ85WktzF+b1clOosF0bSTP+ e9tw==
MIME-Version: 1.0
X-Received: by 10.152.198.204 with SMTP id je12mr5636666lac.61.1413296516727; Tue, 14 Oct 2014 07:21:56 -0700 (PDT)
Received: by 10.112.95.36 with HTTP; Tue, 14 Oct 2014 07:21:56 -0700 (PDT)
In-Reply-To: <20141014135630.GB5499@typhoon.azet.org>
References: <20141013211915.22019.95654.idtracker@ietfa.amsl.com> <543D0CD9.7010209@gmail.com> <CA+K9O5SNLDXETS6Z+LeNtVq7wBhgj0Dq_M7ZAAriwW8+qmhJuw@mail.gmail.com> <63EDD477-3FC5-4A46-85F9-7DE84FD24BBC@akr.io> <20141014135630.GB5499@typhoon.azet.org>
Date: Tue, 14 Oct 2014 10:21:56 -0400
Message-ID: <CAHbuEH6wyrjZNxc8HbAvWj234JAmnKBkL4HHQEZvti0XjD+50g@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Aaron Zauner <azet@azet.org>
Content-Type: multipart/alternative; boundary="001a11348e2ad78a11050562bcab"
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/UqIpYlI4KvRdFAtsfbGVRz-rxjM
Cc: uta-chairs@tools.ietf.org, uta@ietf.org, Ralph Holz <ralph.ietf@gmail.com>, Alyssa Rowan <akr@akr.io>, Yaron Sheffer <yaronf.ietf@gmail.com>, The IESG <iesg@ietf.org>, draft-ietf-uta-tls-attacks@tools.ietf.org
Subject: Re: [Uta] Kathleen Moriarty's Discuss on draft-ietf-uta-tls-attacks-04: (with DISCUSS)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Oct 2014 14:22:02 -0000

On Tue, Oct 14, 2014 at 9:56 AM, Aaron Zauner <azet@azet.org> wrote:

> * Alyssa Rowan <akr@akr.io> [141014 14:39]:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA512
> >
> > On 14 October 2014 12:59:48 BST, Ralph Holz <ralph.ietf@gmail.com>
> wrote:
> >
> > >On the second point - I am not quite so sure we should call it an
> attack.
> > >In my experience, there are quite a few companies that use these boxes
> for entirely legitimate reasons -
> >
> > Quite a few nation state attackers that have actually deployed them
> widely would no doubt argue their use is also legitimate, likely for the
> prevention of terror, disharmony, and other bogeymen.
> >
> > Regardless of the intentions behind their use, MITM proxies do subvert
> the security properties of TLS as designed and deployed, and are thus
> correctly regarded as an attack in the general sense. I think it should
> absolutely be described as such.
>
> +1.
>
> >
> > >especially in the context of industrial espionage.
> >
> > TLS interception proxies are indeed useful in that context: they present
> an extraordinarily attractive vector for an attacker, especially when a
> target has willingly deployed one and expects to see it in normal use.
> >
> > I contend that they are not as useful for counter-espionage as some may
> think, especially given the additional threat they pose. Informed,
> consenting people could instead grant permissions on the endpoints to
> someone wishing to audit traffic (such as an antivirus utility), and this
> is the best place to perform scans as presumably legitimate users have
> legitimate admin rights and this does not affect the design or deployment
> of TLS.
> >
> > Also of course in most deployments, both ends have not provided consent,
> which is worth bearing in mind in some contexts.
> >
> > Anyone who's deployed one of these TLS interception middleboxes should
> perhaps take the opportunity to re-examine and test their assumptions about
> their usefulness, necessity, and their security. I would probably recommend
> they SHOULD NOT be used - there may be a valid reason in a specific
> deployment, but the risks should be weighed up and normally I feel this
> introduces more risk than it eliminates. To the extent it is accepted
> practice, I feel that is a problem.
>
> The whole discussion is somewhat political - I don't like to go into
> that kind of stuff on technical mailing lists; but: it escalated
> after 9/11, most of us will agree on that. I'm not just talking
> about the US of A. There has been a global policy shift. In central
> europe privacy for snailmail and banking was taken for granted e.g.
> a century ago by the general populus. And the arguments politicians
> and lobbyists constantly bring up are simply bullshit. Successful
> police work or counter-intelligence is possible without ANY use of
> modern technology. There's literature en mass on that subject. Some
> intelligence agencies [0] even declassified their work on these
> subjects during - for example - the cold war. The same holds true
> for corporate espionage, controlling and so forth. I just do not see
> a valid point in subverting security/privacy protocols for the sake
> of policy and politics.
>

Thanks for the discussion on this (more is welcome, I'm not trying to stop
the flow).  I'm glad to see there is interest to cover the two intercept
methods described in my discuss as well as the discussion on them.  I think
the important part for the middle box example is the warning/notification
to the user in a clear way so they are empowered to make a decision.  Some
corporate environments,  the security staff is more advanced and has taken
the time to outright block some access that would be encrypted (webmail
sites for instance - fine, that's their right to do that to prevent
viruses, etc.), they have also set up rules so that certain connections do
not go through the TLS proxy (financial sites).  Then there are users like
each of us, who know what the errors mean and can chose to not go to a site
if we think our privacy could be impacted in some way.  This doesn't need
to be described in the draft of course and I'm fine with consensus of the
WG, but would just like to see a clear warning to the user as a best
practice, independent of whether or not it is listed as an 'attack'.

Thanks.

>
> But that's just my opinion,
> Aaron
>
>
> [0] -
> https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications
>       (there's acutally a lot more information on that subject out
>        there but I'm convinced that you all know how to use google)
>



-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email