W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2013

Re: Comments on Explicit/Trusted Proxy

From: Roberto Peon <grmocg@gmail.com>
Date: Sat, 4 May 2013 14:00:37 -0700
Message-ID: <CAP+FsNdcbAzeygCXPi-jQOST-n7jpu2Z_Lnu_DOeF_Ux1zD7Sw@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: "Adrien W. de Croy" <adrien@qbik.com>, HTTP Working Group <ietf-http-wg@w3.org>
Agreed, agreed, ditto :)
-=R
On May 4, 2013 11:35 AM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
wrote:

>
>
> On 05/04/2013 04:30 PM, Roberto Peon wrote:
> > Ugh. The last part of the email means that you are being deliberately
> > insulting. This is, in the long-run, rarely effective.
>
> No, I'm not insulting anyone nor trying to. I am describing
> the purported requirements here as mainly-bogus which is
> pejorative but entirely different and is IMO justified. I
> think emphasis on the bogosity of the purported requirements
> is deserved.
>
> I won't respond blow by blow because I think we're talking
> at cross purposes as I wasn't commenting specifically about
> your draft but about the entire set of proposals for MITMing
> TLS. But to address your points:
>
> - My approach is not ideological at all, but based solely
> on good engineering and security practices.
>
> - Possible government mandated MITM attacks on IETF protocols
> were a major factor in why we ended up with RFC2804. I suggest
> that's required reading for people proposing work on this
> topic.
>
> - We are not talking about privacy at all here but about
> confidentiality. Confusing those, in this context, is a
> bad idea.
>
> - Yes, I do believe that MITM is happening in enterprises,
> that we should not standardise it because of the bad
> outcomes I mentioned in my mail and that we should try
> use whatever mechanisms we can to make it detectable
> (e.g. pinning or certificate transparency). The reason
> for all that is not ideological but because it is an
> attack on the protocol.
>
> I also think we can leave the discussion at this point,
> given that there is no WG chartered for this. At least
> I'm happy to leave it there.
>
> S.
>
>
> > responses inline.
> >
> > On Sat, May 4, 2013 at 3:29 AM, Stephen Farrell
> > <stephen.farrell@cs.tcd.ie>wrote:
> >
> >>
> >> On 05/03/2013 11:52 PM, Adrien W. de Croy wrote:
> >>>
> >>> sorry I should have been more clear, my questions weren't in the
> context
> >>> of your proposal, but in the context of what the current situation is,
> >>> and mostly in response to Stephen's comments.
> >>>
> >>> Concerns were raised about creating a requirement for servers to
> >>> authenticate proxies.
> >>
> >> Not quite. If one did accept the mainly-bogus arguments for
> >> MITMing TLS (and I clearly don't:-), and you want any level
> >> of security at all, you need a secure N-party protocol instead
> >> of TLS or to change HTTP significantly and use multiple but
> >> linked TLS sessions. I don't know of any real solution for
> >> these mainly-bogus requirements that does not involve web
> >> servers being able to authenticate every possible proxy in
> >> either case. Being able to do that is just not practical IMO.
> >>
> >
> > You can state this without being pejorative, in which case I might agree.
> >
> > There are two suppositions in the draft:
> >
> > 1) MITM may be unavoidable in the long-term, in which case the lesser of
> > evils is to have a MITM which is detectable and which is prevented from
> > modifying or falsifying information.
> >
> > 2) It may be interesting to have a connection to a proxy which is
> > point-to-point private, and which allows the proxy to perform caching
> > duties as it might with HTTP, but with guarantees that the content it
> > serves is unmodified.
> >
> > I'm assuming you conflate the motivation for #1 with the rest of
> everything
> > and have an adverse ideological reaction.
> > I don't particularly like it either, but that (that
> > coporations/organizations/gov't entities, etc. will be forcing
> > unconstrained MITM by various means) was the supposition. If it is in
> > general false, *good*. If it is true, then choose some lesser of evils,
> and
> > discuss it. A discussion about whether such a mechanism would hasten the
> > creation of such a world is also interesting and valid. Being a
> pragmatist,
> > I see that ideology is useful until it isn't. I also know that there are
> > companies and organizations which *DO* do SSL MITM by installing and
> > configuring root certs, etc. and there is currently no protection
> guarantee
> > to users traversing such.
> >
> >
> >
> >> The problem with claims that you don't need the ability
> >> for any web server to authenticate any proxy is that that
> >> would allow any middle-box to join any TLS session which
> >> would mean that TLS confidentiality would be a thing of the
> >> past. That'd be a hugely bad outcome.
> >>
> >
> > You are either misinterpreting or falsifying here.
> >
> > The mechanism specified in the draft requires at least three TLS sessions
> > which interplay, and possibly 4.
> >
> > 1) client<-> proxy   for point-to-point privacy
> > 2) proxy <-> server for point-to-point privacy
> > 3) client (tunneled through the proxy) <-> server for end-to-end privacy
> > and authentication
> > 4) client (tunneled through the proxy, null-cipher or similar used,
> > integrity key NOT exposed) <-> server for end-to-end integrity while
> > allowing the proxy to examine/delay/drop and provide policy to the client
> > or server outside of the tunnel
> >
> > In other words, the only way to don't also have a full TLS session (which
> > simply happens to be tunneled) with full authentication and encryption is
> > when you explicitly give this up by configuring it manually (like what
> one
> > does today).
> >
> > In other words it is always the client's choice to do #4, and doing so
> does
> > require an explicit configuration by said client.
> > It is also stated that this trust relationship is likely problematic in
> the
> > public case, which is why I didn't provide for any mechanism for
> > automatically configuring such, and I called out that that part is
> > potentially problematic and needs further consideration.
> >
> >
> > None of the trust things are problematic in the caching case-- automatic
> > configuration would be fine there, but I didn't go into it because I
> didn't
> > want that part conflated with the much more worrisome aspects. It is fine
> > because if something is cached (at an intermediary) it is public
> > information, and all we care about in that case is that the integrity of
> > the item is intact.
> > The draft's scheme for caching does provide a potential privacy benefit
> > there as well, however-- since one may now speak with a caching proxy
> over
> > a channel which is point-to-point private, it is more difficult to see
> what
> > (public) resources the client is requesting.
> >
> >
> >> Requiring that web-sites can and will go through all the
> >> URLs they serve and decide which are ok to MITM and which
> >> are not also seems bogus to me. That'd either result in
> >> failure to establish many many TLS sessions because we'd
> >> have invented a bogus-standard that more or less forced
> >> proxies and web servers to choose non-interoperable options
> >> or else would mean that many many TLS sessions were MITMable
> >> through web-server admin inaction. Again both are hugely
> >> bad outcomes.
> >>
> >>
> > Do you write or maintain servers that serve commercial traffic?
> > It doesn't sound that way.
> >
> > In any case, as a larger problem, you're arguing from both ends and
> somehow
> > not meeting in the middle.
> >
> > You're seem to be asserting that MITM proxies are bad and won't happen
> > (i.e. you dispute the premise behind #1), but then you're also asserting
> > that when they do happen, that servers should completely ignore it and
> > happily serve content through servers which are unauthenticated to the
> > user, unknown to the user, and unknown to the server.
> >
> > So, which is it?
> > Do you believe that MITM is not happening and never will?
> > Or do you believe that MITM will happen, and if so that clients and
> servers
> > should be blind to it, and should accept mutated data without comment or
> > reaction?
> >
> >
> >
> >> Oh, and I've left out the fact that there are many non-web
> >> uses for TLS any of which could be screwed if we standardised
> >> a way to MITM TLS designed to satisfy mainly-bogus HTTP proxy
> >> driven requirements. I don't see any of the proponents of these
> >> mainly-bogus requirements doing the security analysis of the
> >> impact their mainly-bogus solutions would have on those other
> >> protocols. Hey - there's likely another hugely bad outcome
> >> or 10.
> >>
> >
> > The draft was submitted to the HTTP working group to help with HTTP's
> > particular requirement set, and as a response to the fact that, while
> > encrypting point-to-point communications allows for protocol evolution,
> it
> > makes caching difficult, and also as a real-world result of dealing with
> > schools and other entities which have legal or perceived moral reasons
> for
> > enforcing policies on communications.
> >
> > In other words, problems faced because I do have to serve clients.
> >
> > The scheme specified in the draft requires no change to TLS's mechanisms,
> > though the considered and informed input of security experts on the
> content
> > of the draft is hopefully useful.
> >
> >
> >> The answer about what to do here is obvious to anyone who
> >> cares about security and BCP61 says the IETF does. What to
> >> do here is: don't break TLS.
> >>
> >>> My questions were about how does a server know it's a proxy, so how can
> >>> a client be trusted more, and therefore how is a proxy less
> trustworthy.
> >>
> >> From any rational web server perspective, no forward proxy is
> >> "trustworthy" (terrible term to use btw, it means nothing as
> >> used above).
> >>
> >
> > That is precisely the point!
> >
> > Some resources are too sensitive to allow through any non
> client-controlled
> > proxy. Only the server has any reasonable potential of knowing which
> these
> > are, and it *should not* trust the proxy in such cases.
> >
> >
> >>
> >> If a web server cares, it can add an account for the user
> >> (not UA) and the UA is (sort of) under the control of that
> >> user according to our host-based security models. Proxies
> >> are just unknowns.
> >>
> >
> >
> > How would this work w.r.t proxies?
> >
> >  -=R
> >
> >>
> >> Stephen.
> >>
> >> PS: Yes, the above uses pejorative language. Apologies for
> >> that, but yes, it is deliberate;-)
> >>
> >>
> >>> HTTP auth only covers one small part of the picture, and doesn't lock a
> >>> proxy out of the conversation, only out of the authentication.  The
> >>> proxy can still modify anything else about the requests.
> >>>
> >>> Regards
> >>>
> >>> Adrien
> >>>
> >>>
> >>> ------ Original Message ------
> >>> From: "Roberto Peon" <grmocg@gmail.com>
> >>> To: "Adrien W. de Croy" <adrien@qbik.com>
> >>> Cc: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>; "HTTP Working
> Group"
> >>> <ietf-http-wg@w3.org>
> >>> Sent: 4/05/2013 9:07:44 a.m.
> >>> Subject: Re: Comments on Explicit/Trusted Proxy
> >>>> The client has no need to do TLS in TLS and wouldn't do it by default.
> >>>> The proxy has no choice but to do TLS in TLS (since that is what the
> >>>> client sends it), and, since it doesn't have the integrity keys, it
> >>>> can't change the data, etc. without detection by the client or server.
> >>>>
> >>>> So, if the server receives a stream which indicates that it is doing
> >>>> TLS, it knows this should be treated as having come through a proxy.
> >>>>
> >>>> -=R
> >>>>
> >>>>
> >>>> On Fri, May 3, 2013 at 1:27 PM, Adrien W. de Croy <adrien@qbik.com>
> >>>> wrote:
> >>>>>
> >>>>> my next question, is how can the server tell the difference between a
> >>>>> proxy and a client?
> >>>>>
> >>>>>
> >>>>> ------ Original Message ------
> >>>>> From: "Roberto Peon" <grmocg@gmail.com>
> >>>>> To: "Adrien W. de Croy" <adrien@qbik.com>
> >>>>> Cc: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>; "HTTP Working
> >>>>> Group" <ietf-http-wg@w3.org>
> >>>>> Sent: 4/05/2013 4:23:10 a.m.
> >>>>> Subject: Re: Comments on Explicit/Trusted Proxy
> >>>>>>
> >>>>>> A proxy can represent the interests of a 3rd party which has nothing
> >>>>>> to do with the client or server. The motivations of this 3rd party
> >>>>>> may not be known, and are often enough antithetical to the wishes of
> >>>>>> the client or server.
> >>>>>>
> >>>>>> The motivation of the client is more likely known-- they simply want
> >>>>>> the content the server is providing, without allowing it to be
> >>>>>> modified in ways which make for a poor experience (not just that
> >>>>>> page load, but overall, including things like not having their bank
> >>>>>> account mysteriously go to zero).
> >>>>>>
> >>>>>> -=R
> >>>>>>
> >>>>>>
> >>>>>> On Fri, May 3, 2013 at 4:16 AM, Adrien W. de Croy <adrien@qbik.com>
> >>>>>> wrote:
> >>>>>>>
> >>>>>>> As far as a server is concerned, why would a client be any more
> >>>>>>> trustable than a proxy?
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> Adrien
> >>>>>>>
> >>>>>>> ------ Original Message ------
> >>>>>>> From: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
> >>>>>>> To: "HTTP Working Group" <ietf-http-wg@w3.org>
> >>>>>>> Sent: 3/05/2013 8:16:33 p.m.
> >>>>>>> Subject: Re: Comments on Explicit/Trusted Proxy
> >>>>>>>>
> >>>>>>>> The contrast between this arm-waving nonsense and the precision
> >>>>>>>> with which this wg are tackling HTTP/2.0 performance is frankly
> >>>>>>>> astounding.
> >>>>>>>>
> >>>>>>>> Every web site in the world (and all the non-HTTP uses of TLS)
> >>>>>>>> are supposed to be able to authenticate every proxy in the world
> >>>>>>>> and know when its ok for a particular set of proxies to MITM an
> >>>>>>>> TLS session? That's just BS.
> >>>>>>>>
> >>>>>>>> Note, I'm not specifically directing this at Roberto - I mean
> >>>>>>>> the entire discussion rests on BS notions like the above.
> >>>>>>>>
> >>>>>>>> S.
> >>>>>>>>
> >>>>>>>> On 05/03/2013 01:53 AM, Roberto Peon wrote:
> >>>>>>>>>  The scheme allows for injection of bytes, but not within any of
> >>>>>>>>> the secure
> >>>>>>>>>  tunnels. Instead, the proxy's bytes are clearly demarqued as
> >>>>>>>>> different.
> >>>>>>>>>
> >>>>>>>>>  The idea here is that the client or server should always know
> >>>>>>>>> when the
> >>>>>>>>>  proxy has changed bytes, and it shouldn't, though it may inject
> >>>>>>>>>  bytes/requests/whatever in either direction.
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>  Sure, a client cert is one way of authenticating to the server.
> >>>>>>>>> I didn't go
> >>>>>>>>>  into that much detail, but rather pointed out that the scheme
> >>>>>>>>> proposed in
> >>>>>>>>>  that doc, that servers may decide they don't want to service
> >>>>>>>>> queries from
> >>>>>>>>>  (some) proxies, and direct the client to either try directly, or
> >>>>>>>>> allow the
> >>>>>>>>>  request to fail.
> >>>>>>>>>
> >>>>>>>>>  -=R
> >>>>>>>>>
> >>>>>>>>>  On Thu, May 2, 2013 at 5:48 PM, Adrien W. de Croy
> >>>>>>>>> <adrien@qbik.com> wrote:
> >>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>  proxies need to be able to modify the bytes or at least inject
> >>>>>>>>>> messages
> >>>>>>>>>>  back to the client.
> >>>>>>>>>>
> >>>>>>>>>>  e.g.
> >>>>>>>>>>
> >>>>>>>>>>  * request denied by policy (e.g. you can't POST to that site
> >>>>>>>>>> due to DLP
> >>>>>>>>>>  rules)
> >>>>>>>>>>  * serving from cache
> >>>>>>>>>>  * ad stripping
> >>>>>>>>>>  * malware blocking
> >>>>>>>>>>  * etc etc etc
> >>>>>>>>>>
> >>>>>>>>>>  let alone stripping hop-by-hop headers etc
> >>>>>>>>>>
> >>>>>>>>>>  So I don't think anyone will bother with a scheme that doesn't
> >>>>>>>>>> allow for
> >>>>>>>>>>  that. If the only option of the intermediary is to delay or
> >>>>>>>>>> drop the
> >>>>>>>>>>  connection, the client is going to be in the dark as to why.
> >>>>>>>>>> Already the
> >>>>>>>>>>  user experience in this area is poor.
> >>>>>>>>>>
> >>>>>>>>>>  As for intercepting proxies. Whilst I agree they are a PITN,
> >>>>>>>>>> they are
> >>>>>>>>>>  strongly favoured by customers for several obvious reasons.
> >>>>>>>>>>
> >>>>>>>>>>  Until we can get a wide-spread mechanism deployed to securely
> >>>>>>>>>> FORCE
> >>>>>>>>>>  clients to use a proxy, we're going to see interception.
> >>>>>>>>>>
> >>>>>>>>>>  As for MITM. Whilst we continue to think of it as an attack, we
> >>>>>>>>>> will
> >>>>>>>>>>  continue to see resistance. It's clear some people see it only
> >>>>>>>>>> negatively,
> >>>>>>>>>>  where others see this as an opportunity to improve things
> >>>>>>>>>> compared to
> >>>>>>>>>>  current MITMs.
> >>>>>>>>>>
> >>>>>>>>>>  Personally I would rather know what is going on, than be in the
> >>>>>>>>>> dark and
> >>>>>>>>>>  be forced to swallow whatever I receive simply because I was
> >>>>>>>>>> forced (by
> >>>>>>>>>>  company policy) to install a root cert for the spoofed certs.
> >>>>>>>>>> Sites using
> >>>>>>>>>>  EV certs will show me what is going on if I know a site uses EV
> >>>>>>>>>> certs,
> >>>>>>>>>>  since the EV breaks on spoofed certs. Or I need to check the
> >>>>>>>>>> cert path on
> >>>>>>>>>>  any site to see if I can find the forced cert at the root. But
> >>>>>>>>>> that's me,
> >>>>>>>>>>  not everyday punters.
> >>>>>>>>>>
> >>>>>>>>>>  As for the server trusting the proxy. Why is that any different
> >>>>>>>>>> to the
> >>>>>>>>>>  server trusting the client. Use a client cert. Can always fall
> >>>>>>>>>> back to a
> >>>>>>>>>>  tunnel if the server indicates it needs a client cert.
> >>>>>>>>>> Currently there's
> >>>>>>>>>>  no way around this issue in today's MITM systems except for
> >>>>>>>>>> installing the
> >>>>>>>>>>  client cert on the proxy.
> >>>>>>>>>>
> >>>>>>>>>>  Adrien
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>  ------ Original Message ------
> >>>>>>>>>>  From: "Roberto Peon" <grmocg@gmail.com>
> >>>>>>>>>>  To: "Peter Lepeska" <bizzbyster@gmail.com>
> >>>>>>>>>>  Cc: "HTTP Working Group" <ietf-http-wg@w3.org>
> >>>>>>>>>>  Sent: 3/05/2013 12:13:21 p.m.
> >>>>>>>>>>  Subject: Re: Comments on Explicit/Trusted Proxy
> >>>>>>>>>>
> >>>>>>>>>>   responses inline.
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>   On Thu, Apr 25, 2013 at 1:38 PM, Peter Lepeska
> >>>>>>>>>> <bizzbyster@gmail.com>
> >>>>>>>>>>   wrote:
> >>>>>>>>>>
> >>>>>>>>>>>  Some comments on Roberto's doc:
> >>>>>>>>>>>
> >>>>>>>>>>>    In the case where the user-agent has been configured with
> >>>>>>>>>>> Chris as a
> >>>>>>>>>>>     trusted-proxy, either Anne's connect-stream MUST use either
> >>>>>>>>>>> a null-
> >>>>>>>>>>>     cipher, or Anne MUST provide the decryption key material to
> >>>>>>>>>>> Chris
> >>>>>>>>>>>     immediately after tunnel establishment, and before any data
> >>>>>>>>>>> traverses
> >>>>>>>>>>>     the tunnel.
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>  This seems like a showstopper to me. Even if we can get past
> >>>>>>>>>>> the problems
> >>>>>>>>>>>  associated with a trusted proxy in general, I can't see
> >>>>>>>>>>> getting acceptance
> >>>>>>>>>>>  of any approach that involves sending a session key from one
> >>>>>>>>>>> machine to
> >>>>>>>>>>>  another. But why not just use two full SSL sessions like the
> >>>>>>>>>>> typical MITM
> >>>>>>>>>>>  proxy
> >>>>>>>>>>> (http://crypto.stanford.edu/ssl-mitm/orhttp://mitmproxy.org/)
> >>>>>>>>>>>  approach? But instead of forging certificates like they do,
> >>>>>>>>>>> just give the
> >>>>>>>>>>>  trusted proxy its own certificate and then display both the
> >>>>>>>>>>> trusted proxy
> >>>>>>>>>>>  certificate and the content server certificate in the browser
> >>>>>>>>>>> when the user
> >>>>>>>>>>>  wants info about the two point-to-point SSL sessions.
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>  Using two connections may require two separate connections at
> >>>>>>>>>> the eventual
> >>>>>>>>>>  endpoint, and it contributes to bufferbloat.
> >>>>>>>>>>  Also, the proxy may wish to influence the private channel (e.g.
> >>>>>>>>>> don't talk
> >>>>>>>>>>  to site X). With connection sharing, this is
> >>>>>>>>>> difficult/impossible otherwise
> >>>>>>>>>>  (that other connection may not only go to example.com).
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>>   "For the purpose of this document, it is assumed that the
> >>>>>>>>>>> user locates
> >>>>>>>>>>>
> >>>>>>>>>>>     a piece of paper upon a wall and reads it, typing these
> proxy
> >>>>>>>>>>>     settings into a configuration field for their user-agent.
> >>>>>>>>>>> This is
> >>>>>>>>>>>     obviously not the only possible configuration mechanism,
> >>>>>>>>>>> but it may,
> >>>>>>>>>>>     sadly, be the most secure. It is assumed that alternate
> >>>>>>>>>>> distribution
> >>>>>>>>>>>     techniques may be discussed.
> >>>>>>>>>>>
> >>>>>>>>>>>  "
> >>>>>>>>>>>
> >>>>>>>>>>>  While explicit proxy configuration may be the most secure, it
> >>>>>>>>>>> is very
> >>>>>>>>>>>  difficult to manage for mobile devices especially, as others
> >>>>>>>>>>> have mentioned
> >>>>>>>>>>>  on this list. Transparent interception is the more widely
> >>>>>>>>>>> adopted approach
> >>>>>>>>>>>  -- not because of security but because of stability and
> >>>>>>>>>>> manageability.
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>  There is no secure automatic proxy configuration unless a
> >>>>>>>>>> completely
> >>>>>>>>>>  separate trust chain is somehow created and is reliable (or at
> >>>>>>>>>> least moreso
> >>>>>>>>>>  than what we have with TLS today).
> >>>>>>>>>>  Transparent proxying causes problems in upgrading the protocol
> >>>>>>>>>> as nobody
> >>>>>>>>>>  knows where the problem lies. If this wasn't such a painful
> >>>>>>>>>> point, we'd
> >>>>>>>>>>  have been using SPDY over port 80...
> >>>>>>>>>>  I'm fundamentally opposed to transparent proxying because it
> >> makes
> >>>>>>>>>>  protocol evolution next to impossible when you can't figure out
> >>>>>>>>>> who is
> >>>>>>>>>>  messing up...
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>>   What about "transparent" proxies that advertise themselves?
> >>>>>>>>>>> Is it
> >>>>>>>>>>>  possible to use NPN (
> >>>>>>>>>>>  https://technotes.googlecode.com/git/nextprotoneg.html) to
> >>>>>>>>>>> advertise the
> >>>>>>>>>>>  presence of an intercepting proxy for 443 traffic? Then the
> >>>>>>>>>>> user can be
> >>>>>>>>>>>  notified that a proxy wants to be trusted for X reasons and
> >>>>>>>>>>> the user would
> >>>>>>>>>>>  then make the opt in or opt out decision. Then, similar to
> >>>>>>>>>>> SPDY, the
> >>>>>>>>>>>  presence of the trusted proxy in the end-to-end path could be
> >>>>>>>>>>> signaled to
> >>>>>>>>>>>  the end user via icons in the browser.
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>  MITM is used today with no user knowledge. At least in this
> >>>>>>>>>>> approach, a
> >>>>>>>>>>>  user has the ability to opt in or out and to also be aware of
> >>>>>>>>>>> the presence
> >>>>>>>>>>>  of the intermediate proxy.
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>  That is the idea.
> >>>>>>>>>>  Additionally, and this is important, the server gets to decide
> >>>>>>>>>> if the MITM
> >>>>>>>>>>  is acceptable, and, in the proposed scheme the MITM doesn't get
> >>>>>>>>>> to modify
> >>>>>>>>>>  bytes. It merely gets to advise the recipient of how to deal
> >>>>>>>>>> with them,
> >>>>>>>>>>  delay them, or disconnect.
> >>>>>>>>>>
> >>>>>>>>>>  -=R
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>  On Thu, Apr 25, 2013 at 1:38 PM, Peter Lepeska
> >>>>>>>>>> <bizzbyster@gmail.com>wrote:
> >>>>>>>>>>
> >>>>>>>>>>>  Some comments on Roberto's doc:
> >>>>>>>>>>>
> >>>>>>>>>>>    In the case where the user-agent has been configured with
> >>>>>>>>>>> Chris as a
> >>>>>>>>>>>     trusted-proxy, either Anne's connect-stream MUST use either
> >>>>>>>>>>> a null-
> >>>>>>>>>>>     cipher, or Anne MUST provide the decryption key material to
> >>>>>>>>>>> Chris
> >>>>>>>>>>>     immediately after tunnel establishment, and before any data
> >>>>>>>>>>> traverses
> >>>>>>>>>>>     the tunnel.
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>  This seems like a showstopper to me. Even if we can get past
> >>>>>>>>>>> the problems
> >>>>>>>>>>>  associated with a trusted proxy in general, I can't see
> >>>>>>>>>>> getting acceptance
> >>>>>>>>>>>  of any approach that involves sending a session key from one
> >>>>>>>>>>> machine to
> >>>>>>>>>>>  another. But why not just use two full SSL sessions like the
> >>>>>>>>>>> typical MITM
> >>>>>>>>>>>  proxy (http://crypto.stanford.edu/ssl-mitm/ or
> >>>>>>>>>>> http://mitmproxy.org)
> >>>>>>>>>>>  approach? But instead of forging certificates like they do,
> >>>>>>>>>>> just give the
> >>>>>>>>>>>  trusted proxy its own certificate and then display both the
> >>>>>>>>>>> trusted proxy
> >>>>>>>>>>>  certificate and the content server certificate in the browser
> >>>>>>>>>>> when the user
> >>>>>>>>>>>  wants info about the two point-to-point SSL sessions.
> >>>>>>>>>>>
> >>>>>>>>>>>  "For the purpose of this document, it is assumed that the user
> >>>>>>>>>>> locates
> >>>>>>>>>>>
> >>>>>>>>>>>     a piece of paper upon a wall and reads it, typing these
> proxy
> >>>>>>>>>>>     settings into a configuration field for their user-agent.
> >>>>>>>>>>> This is
> >>>>>>>>>>>     obviously not the only possible configuration mechanism,
> >>>>>>>>>>> but it may,
> >>>>>>>>>>>     sadly, be the most secure. It is assumed that alternate
> >>>>>>>>>>> distribution
> >>>>>>>>>>>     techniques may be discussed.
> >>>>>>>>>>>
> >>>>>>>>>>>  "
> >>>>>>>>>>>
> >>>>>>>>>>>  While explicit proxy configuration may be the most secure, it
> >>>>>>>>>>> is very
> >>>>>>>>>>>  difficult to manage for mobile devices especially, as others
> >>>>>>>>>>> have mentioned
> >>>>>>>>>>>  on this list. Transparent interception is the more widely
> >>>>>>>>>>> adopted approach
> >>>>>>>>>>>  -- not because of security but because of stability and
> >>>>>>>>>>> manageability.
> >>>>>>>>>>>
> >>>>>>>>>>>  What about "transparent" proxies that advertise themselves? Is
> >> it
> >>>>>>>>>>>  possible to use NPN (
> >>>>>>>>>>>  https://technotes.googlecode.com/git/nextprotoneg.html) to
> >>>>>>>>>>> advertise the
> >>>>>>>>>>>  presence of an intercepting proxy for 443 traffic? Then the
> >>>>>>>>>>> user can be
> >>>>>>>>>>>  notified that a proxy wants to be trusted for X reasons and
> >>>>>>>>>>> the user would
> >>>>>>>>>>>  then make the opt in or opt out decision. Then, similar to
> >>>>>>>>>>> SPDY, the
> >>>>>>>>>>>  presence of the trusted proxy in the end-to-end path could be
> >>>>>>>>>>> signaled to
> >>>>>>>>>>>  the end user via icons in the browser.
> >>>>>>>>>>>
> >>>>>>>>>>>  MITM is used today with no user knowledge. At least in this
> >>>>>>>>>>> approach, a
> >>>>>>>>>>>  user has the ability to opt in or out and to also be aware of
> >>>>>>>>>>> the presence
> >>>>>>>>>>>  of the intermediate proxy.
> >>>>>>>>>>>
> >>>>>>>>>>>  Thoughts?
> >>>>>>>>>>>
> >>>>>>>>>>>  Peter
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>   On Apr 24, 2013, at 12:49 PM, William Chan (陈智昌)
> >>>>>>>>>>> <willchan@chromium.org>
> >>>>>>>>>>>  wrote:
> >>>>>>>>>>>
> >>>>>>>>>>>   Yep, but no, it hasn't gone anywhere.
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>  On Wed, Apr 24, 2013 at 7:44 AM, Peter Lepeska
> >>>>>>>>>>> <bizzbyster@gmail.com>wrote:
> >>>>>>>>>>>
> >>>>>>>>>>>>  Hi William,
> >>>>>>>>>>>>
> >>>>>>>>>>>>  Is this draft by Roberto Peon the one you were referring to?
> >>>>>>>>>>>>
> >>>>>>>>>>>>  http://tools.ietf.org/html/draft-rpeon-httpbis-exproxy-00
> >>>>>>>>>>>>
> >>>>>>>>>>>>  Has this gone anywhere?
> >>>>>>>>>>>>
> >>>>>>>>>>>>  I'm looking to design and build a "trusted proxy" that aligns
> >>>>>>>>>>>> with the
> >>>>>>>>>>>>  browser development roadmap/vision in order to provide web
> >>>>>>>>>>>> acceleration
> >>>>>>>>>>>>  functionality and so would like to get involved in this
> >>>>>>>>>>>> process if still
> >>>>>>>>>>>>  active.
> >>>>>>>>>>>>
> >>>>>>>>>>>>  Thanks,
> >>>>>>>>>>>>
> >>>>>>>>>>>>  Peter
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>  On Mon, Apr 30, 2012 at 5:57 PM, William Chan (陈智昌) <
> >>>>>>>>>>>>  willchan@chromium.org> wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>>>  On the contrary, I think it's great to have multiple
> >>>>>>>>>>>>> proposals. If you
> >>>>>>>>>>>>>  have your own vision for how this should work, please send
> >>>>>>>>>>>>> it out! :) My
> >>>>>>>>>>>>>  statement was simply an FYI, not a "back off, we've got
> this!"
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>  On Mon, Apr 30, 2012 at 2:45 PM, Peter Lepeska
> >>>>>>>>>>>>> <bizzbyster@gmail.com>wrote:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>>  Perfect then I'll sit tight.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>  Thanks,
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>  Peter
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>  On Mon, Apr 30, 2012 at 5:43 PM, William Chan (陈智昌) <
> >>>>>>>>>>>>>>  willchan@chromium.org> wrote:
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>  FYI, we (google spdy team) have been discussing a "trusted
> >>>>>>>>>>>>>>> proxy"
> >>>>>>>>>>>>>>>  internally and I think Roberto's got a draft in the works.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>  On Mon, Apr 30, 2012 at 2:22 PM, Peter Lepeska
> >>>>>>>>>>>>>>> <bizzbyster@gmail.com>wrote:
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>  Hi Mark,
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>  Earlier this group discussed the idea of a "trusted
> >>>>>>>>>>>>>>>> proxy". Does
> >>>>>>>>>>>>>>>>  that fall under the HTTP/2.0 category?
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>  I may have some cycles for this.
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>  Thanks,
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>  Peter
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>  On Fri, Apr 27, 2012 at 1:28 AM, Mark Nottingham
> >>>>>>>>>>>>>>>> <mnot@mnot.net>wrote:
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>  Just a reminder that we're still accepting proposals
> for:
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>  1. HTTP/2.0
> >>>>>>>>>>>>>>>>>  2. New HTTP authentication schemes
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>  As per our charter
> >>>>>>>>>>>>>>>>> <http://datatracker.ietf.org/wg/httpbis/charter/
> >>>>>>>>>>>>>>>>>>  .
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>  So far, we've received the following proposals
> >>>>>>>>>>>>>>>>> applicable to
> >>>>>>>>>>>>>>>>>  HTTP/2.0:
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> <
> >> http://trac.tools.ietf.org/wg/httpbis/trac/wiki/Http2Proposals>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>  But none yet for authentication schemes:
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> <
> >> http://trac.tools.ietf.org/wg/httpbis/trac/wiki/HttpAuthProposals
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>  As communicated in Paris, the deadline for proposals is
> >>>>>>>>>>>>>>>>> 15 June,
> >>>>>>>>>>>>>>>>>  2012. It's fine if your proposal isn't complete, but we
> >>>>>>>>>>>>>>>>> do need to have a
> >>>>>>>>>>>>>>>>>   good sense of it by then, for discussion.
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>  Regards,
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>  --
> >>>>>>>>>>>>>>>>>  Mark Nottingham http://www.mnot.net/
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>
> >>
> >
>
Received on Saturday, 4 May 2013 21:01:07 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:13 UTC