[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [TLS] comment on null encryption ciphersuite; https RFC amendment ...to compensate

To: "Blumenthal, Uri" <uri.blumenthal@xxxxxxxxx>, <tls@xxxxxxxx>
Subject: RE: [TLS] comment on null encryption ciphersuite; https RFC amendment ...to compensate
From: Peter Williams <home_pw@xxxxxxx>
Date: Sun, 19 Nov 2006 13:45:53 -0800
Cc:
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>

FINANCIAL DATA PROTECTION caveat , in INTEL null confidentiality scheme

Im going to assume that Intel is only sponsoring this for "quality" PSK environments.. perhaps by supporting integration with TPM cores in Intel CPUs, which support external key fill, and thus support PSK by providing hardware-based external key management for TLS-PSK-based confidentiality services.

Perhaps, we can cut a deal. Change the text in the draft, security sections.

There is a example disclaimer...which says something like "be advised: dont use this technique for sensitive information exchange. E.g. passwords".

Change the example list to include specific financial account types: i) creditcard numbers, ii) bankaccount numbers, or iii) other Personal Identifying Financial Information

As it stands, the goals of Intel as stated in the email (presumably addressing a few repressive regimes that want confidentiality - for any purpose - to be lowered to less than 40bit encryption (despite 40 bit encryption being shown even 10 years ago to be compromised in 3h, using a bit of brute-forcing commodity equipment!) ) is not compatible with the security section - which indicates that the technique is not appropriate for "sensitive information exchange". That incongruity aside, we can address my objection by listing - as inappropirate - those financial data -related account data types that I enumerate.

Deal?

s
Subject: RE: [TLS] comment on null encryption ciphersuite; https RFC amendment ...to compensate
Date: Sun, 19 Nov 2006 11:32:51 -0500
From: uri.blumenthal@xxxxxxxxx
To: home_pw@xxxxxxx; tls@xxxxxxxx

Peter,

Whether you like it or not, but (a) there are applications that are OK with authentication/integrity only, and more importantly (b) some legistations and domains forbid encrypted channels, period. To address this reality, authentication-only TLS protocol suites are introduced. Their applicability is clear and limited - exactly as explicitly specified in the document.

Political balance and issues should be brought to US Congress and corresponding foreign bodies.

P.S. Perhaps it is worth to ensure that GUI unambiguously differentiates between encrypted and authenticated-only channel. If so, I bet you that Firefox will be there before MS IE. :-)

From: Peter Williams [mailto:home_pw@xxxxxxx]
Sent: Saturday, November 18, 2006 9:13 PM
To: tls@xxxxxxxx
Subject: [TLS] comment on null encryption ciphersuite; https RFC amendment ...to compensate

I'm EXTREMELY worried socially about an IAB-endorsement of the null encryption ciphersuite for TLS. Whilst I recognize its value, on the stated merits, I think we need a political balance addressing issues beyond IETF's scope. Too many consumers are potentially going to be duped by the millions of well-meant but potentially incorrect e-commerce website representations which today affirm that "SSL protects your credit-card data (via encryption etc)". With the use of endorsed null encryption ciphersuites in TLS/SSL, that is obviously not true (in any way grandma would understand). The average consumer is trained to assume "SSL" (or TLS) protects your from obvious criminal activities, concerning pilfering credit card numbers. IAB activities that destroy the brand name of SSL is something which is not worth the value of endorsing the null-encryption ciphersuite, in my own view.

Perhaps the right balance for IAB/IESG is to to require that the https RFC be simultaneously modified so that it makes it NON-CONFORMING for SSL/TLS in the https context to ever use the null encryption ciphersuites. Other URL protocols can be registered with IANA that don't confuse consumers (e.g. httpnos://1.1.1.1.6.5.4.2.0.2.enum.att.com/), which can even behave exactly as https v.10 otherwise does, but allowing for a conforming use of the null-encryption cipher suite.

Peter

From: home_pw@xxxxxxx
To: tls@xxxxxxxx
Subject: RE: [TLS] IETF67 TLS Summary
Date: Sat, 18 Nov 2006 09:53:44 -0800
CC:

Express yourself with gadgets on Windows Live Spaces Try it!

Search from any Web page with powerful protection. Get the FREE Windows Live Toolbar Today! Try it now!

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] comment on null encryption ciphersuite; https RFC amendment ...to compensate
  - From: EKR

Prev by Date: [TLS] DH_anon
Next by Date: Re: [TLS] comment on null encryption ciphersuite; https RFC amendment ...to compensate
Previous by thread: [TLS] DH_anon
Next by thread: Re: [TLS] comment on null encryption ciphersuite; https RFC amendment ...to compensate
Index(es):
- Date
- Thread