Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable to externally set PSK identity enumeration

On Mon, Mar 19, 2018 at 02:33:52PM +0100, Nikos Mavrogiannopoulos wrote: > On Fri, 2018-03-16 at 14:45 -0500, Benjamin Kaduk wrote: > > On Fri, Mar 16, 2018 at 09:11:32AM -0400, Christian Huitema wrote: > > > > > > > > If you want to use PSK with some level of privacy, you might adopt > > > a >

Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable to externally set PSK identity enumeration

On Mon, Mar 19, 2018 at 05:00:51PM +0100, Hubert Kario wrote: > On Sunday, 18 March 2018 16:27:34 CET Eric Rescorla wrote: > > After discussion with the chairs and the AD, I have opted to just add a > > section > > that explains the attack. I just merged that (but managed not to get it > > into

Re: [TLS] Breaking into TLS to protect customers

On Mon, Mar 19, 2018 at 9:23 AM, Yoav Nir wrote: [snip] > > On 19 Mar 2018, at 7:32, Daniel Kahn Gillmor > wrote: > > So if this technology were deployed on a network where not all parties > > are mutually trusting, it would offer network users a

Re: [TLS] Breaking into TLS to protect customers

* It's difficult to speculate here about the potential impact, but isn't another possibility that it would legitimize a mass-market of such products, particularly if such capabilities were introduced into clients and browsers? That is definitely a goal. The people who are in favor of this,

Re: [TLS] Breaking into TLS to protect customers

On Mon, Mar 19, 2018 at 12:22:48PM -0400, Ryan Sleevi wrote: > On Mon, Mar 19, 2018 at 10:20 AM, Colm MacCárthaigh > wrote: > > > 2/ clients and browsers could easily consider such sessions insecure by > > default. This would mean that adopters would have to deploy

Re: [TLS] Breaking into TLS to protect customers

On Mon, Mar 19, 2018 at 01:23:30PM +, Yoav Nir wrote: > Hi, Daniel > > Inline... > > > On 19 Mar 2018, at 7:32, Daniel Kahn Gillmor wrote: > > > > > > So if this technology were deployed on a network where not all parties > > are mutually trusting, it would offer

Re: [TLS] Breaking into TLS to protect customers

On Mon, Mar 19, 2018 at 10:20 AM, Colm MacCárthaigh wrote: > 2/ clients and browsers could easily consider such sessions insecure by > default. This would mean that adopters would have to deploy configurations > and mechanisms to enable this functionality, similar to - but

Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable to externally set PSK identity enumeration

On Sunday, 18 March 2018 16:27:34 CET Eric Rescorla wrote: > After discussion with the chairs and the AD, I have opted to just add a > section > that explains the attack. I just merged that (but managed not to get it > into -27 > due to fumble fingering). If there is no consensus on the

Re: [TLS] Breaking into TLS to protect customers

Commenting purely on the straw-man proposal: How would passive tools get to the new message if it is sent before the TLS 1.3 server Finished, given that the handshake is already encrypted by that point? You could send it as plaintext before client Finished, but that changes the properties of

Re: [TLS] Breaking into TLS for enterprise "visibility" (don't do it)

Dear TLS WG, Enterprise "visibility" is a network issue, not an Internet issue, and thus, to my _limited_ understanding, should be out of scope of IETF. Nonetheless, enterprise security is important, and enterprise networks use Internet technology internally, so the topic is perhaps still

Re: [TLS] Breaking into TLS to protect customers

It's true that breaking open cleartext runs counter to the mission of end-to-end TLS, but it also seems like operators are going to do it if they can. Whether by staying on plain RSA, using static-DH, MITM through installing a private trusted CA, or exporting session secrets, they can certainly do

Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable to externally set PSK identity enumeration

On Mon, Mar 19, 2018 at 1:33 PM, Nikos Mavrogiannopoulos wrote: > On Fri, 2018-03-16 at 14:45 -0500, Benjamin Kaduk wrote: > > On Fri, Mar 16, 2018 at 09:11:32AM -0400, Christian Huitema wrote: > > > > > > > > > On 3/15/2018 5:51 PM, Benjamin Kaduk wrote: > > > > On Thu, Mar 15,

Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable to externally set PSK identity enumeration

On Fri, 2018-03-16 at 14:45 -0500, Benjamin Kaduk wrote: > On Fri, Mar 16, 2018 at 09:11:32AM -0400, Christian Huitema wrote: > > > > > > On 3/15/2018 5:51 PM, Benjamin Kaduk wrote: > > > On Thu, Mar 15, 2018 at 12:25:38PM +0100, Hubert Kario wrote: > > > ... > > > > we do not have a reliable

Re: [TLS] Breaking into TLS to protect customers

Hi, Daniel Inline... > On 19 Mar 2018, at 7:32, Daniel Kahn Gillmor wrote: > > On Thu 2018-03-15 20:10:46 +0200, Yoav Nir wrote: >>> On 15 Mar 2018, at 10:53, Ion Larranaga Azcue wrote: >>> >>> I fail to see how the current draft can be used to

Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable to externally set PSK identity enumeration

On Mon, Mar 19, 2018 at 6:38 AM, Daniel Kahn Gillmor wrote: > On Sun 2018-03-18 12:08:13 -0400, Viktor Dukhovni wrote: > >> The devices that might use external PSKs will likely be unavoidably >> fingerprinted by source IP address and the target mothership. > > I'm not

Re: [TLS] Breaking into TLS to protect customers

+1 On Mon, Mar 19, 2018 at 3:32 AM, Daniel Kahn Gillmor wrote: > On Thu 2018-03-15 20:10:46 +0200, Yoav Nir wrote: >>> On 15 Mar 2018, at 10:53, Ion Larranaga Azcue wrote: >>> >>> I fail to see how the current draft can be used to provide visibility

Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable to externally set PSK identity enumeration

On Sun 2018-03-18 12:08:13 -0400, Viktor Dukhovni wrote: > The devices that might use external PSKs will likely be unavoidably > fingerprinted by source IP address and the target mothership. I'm not convinced that this is the case -- it's not at all clear that IoT devices will be attached to a

Re: [TLS] Breaking into TLS to protect customers

On Thu 2018-03-15 20:10:46 +0200, Yoav Nir wrote: >> On 15 Mar 2018, at 10:53, Ion Larranaga Azcue wrote: >> >> I fail to see how the current draft can be used to provide visibility >> to an IPS system in order to detect bots that are inside the bank… >> >> On the one hand,

Re: [TLS] Breaking into TLS to protect customers

Hi Darin, > On 18 Mar 2018, at 16:09, Darin Pettis wrote: > > pushing this to another technology or WG isn't going to solve the current > problem in time. In time for what? Mat ___ TLS mailing list TLS@ietf.org