Hi David,
On 23/05/2024 14:07, David Adrian wrote:
There is certainly a discussion to be had about how well Trust
Expressions solves problems experienced by the HTTPS ecosystem and the
Web PKI today. However, that requires moving past repeated,
unsubstantiated claims about how Trust Expressions enables government
surveillance, something has been repeatedly debunked by multiple
people in this thread, all of whom are attempting to discuss in good
faith. And yet, each time someone does this, you change the shape of
your argument, claim there is more nuance that no one except you can
see, and describe some easily debunked partial scenario that you
believe to be worse.
This is, politely, hogwash and a rather shabby attempt to portray this
as a one-sided discussion.
I have presented a single consistent argument about how Trust
Expressions solves a key deployment challenge for parties trying to
perform this kind of abuse. This argument has not changed over the
course of the thread, as I noted in my latest reply to Nick, this was
just a summary of the previous discussion.
This argument has been supported by others in the thread, in particular
by Stephen Farrell:
Having read the draft and the recent emails, I fully agree with
Dennis' criticisms of this approach. I think this is one that'd best
be filed under "good try, but too many downsides" and left at that.
Meanwhile, the four loudest voices who deny there are legitimate
concerns around this proposal all work for the same team at Google and
have announced their intent to prototype this technology already [1].
The majority of the participants in this thread have engaged with these
discussions with curiosity and have yet to voice any conclusion. I am
sure they will do so when they have made up their minds.
My personal reading has been that folks who have engaged in the
discussion would agree there is both reasonable concern about how
effective T.E. is at solving the problems it claims to and that the
risks of abuse cannot be dismissed as easily as the authors would like.
It may be worth taking a step back, and considering if the people you
have worked with for nearly a decade or more, and who have been
instrumental in improving TLS over the years, have truly suddenly
decided to pivot to attempting to backdoor mass surveillance through
the IETF.
I have noted throughout that this is a complex topic which reasonable
people may disagree on. I have a great deal of respect for the authors
who I know are acting out of genuine intent to improve the world. We
simply disagree on whether the proposed design is likely to effective at
solving the problems it sets out and how seriously it could be abused by
others.
A few replies relating to surveillance are inline.
-dadrian
> I think we have to agree that Trust Expressions enables websites to
adopt new CA chains regardless of client trust and even builds a
centralized mechanism for doing so. It is a core feature of the design.
No one has to agree to this because you have not backed this claim at
all. Nick sent two long emails explaining why this was not the case,
both of which you have simply dismissed [...]
This is something that I believe David Benjamin and the other draft
authors, and I all agree on. You and Nick seem to have misunderstood
either the argument or the draft.
David Benjamin, writing on behalf of Devon and Bob as well:
By design, a multi-certificate model removes the ubiquity requirement
for a trust anchor to be potentially useful for a server operator.
[...]
Server operators, once software is in place, not needing to be
concerned about new trust expressions or changes to them. The heavy
lifting is between the root program and the CA.
From the Draft (Section 7):
Subscribers SHOULD use an automated issuance process where the CA
transparently provisions multiple certification paths, without changes
to subscriber configuration.
The CA can provision whatever chains it likes without the operator's
involvement. These chains do not have to be trusted by any clients. This
is a centralized mechanism which allows one party (the CA) to ship
multiple chains of its choice to all of its subscribers. This obviously
has beneficial use cases, but there are also cases where this can be abused.
Can you explain, specifically, the government and site action that you
expect that will result in surveillance, keeping in mind that ACME
_already_ allows the CA to provide a bundle of untrusted
intermediates? What is the chain of events here? What are the actions
you see taken by a government, a CA, site owners, and root programs?
CA provided intermediates doesn't offer any long term transition without
Trust Expressions. You could absolutely stuff the domestic CA in there
on some short term basis, but you're never going to be able to take out
the WebPKI recognized intermediate (for all the folks connecting without
the domestic CA). As a result, there's no long term off-ramp away from
the WebPKI. Nor is this really practical for multiple countries to do.
Put another way: There is a credible way with Trust Expressions to build
a fragmented Internet where each country has its own trust store and
websites just grab a certificate for each country they do business in.
Governments have a strong reason to prefer this outcome (control and
mass surveillance). CAs have a strong reason to prefer this outcome (you
can sell the same certificate multiple times). You may even recall a
recent federation of governments, backed by a bunch of CAs, which took a
stab at doing just this for their geographic region [2]. This is not
possible today (with or without intermediate stuffing).
The claim you and the authors are making is that you only want to
fragment the WebPKI along the lines of the existing root programs. Your
belief is that if anyone tries to use the same technology to fragment
the WebPKI along any other lines, you will simply say no. This is
unrealistic and ahistorical given the events of last year.
In terms of the actual actions that lead down this path. It necessarily
ends with a government passing a law which forces clients to accept a
root certificate they control and browser vendors acquiescing. It
appears from recent events involving the larger browsers, acquiescing is
a just a function of the relevant market size and financial penalties
they face for not complying.
The authors have also made the argument that legislation being passed to
force these bad roots upon clients is independent of anything Trust
Expressions does. I have argued at length up the thread that it does
change the probability of this legislation being passed in a few key ways:
1) It enables a gradual roll out of cert chains from the domestic CA,
where sites transition to using a domestic CA without losing
international availability.
2) This roll out can be incentivized any number of ways. Trust
Expressions makes the downside to the site of complying to be zero.
Trust Expressions also enables a CA to do this roll out without having
to convince site operators.
3) The claim that there are a large number of websites willing to use
this CA is an attractive argument to lawmakers, who will be receptive to
both greater domestic control of the Internet and bringing trust
decisions entirely within the country. You might have heard the phrase
"Digital Sovereignty".
4) Trust Expressions enables the proponent of the law to argue that in
the future all web traffic can be 'secured' domestically, without losing
any international access.
5) The only thing lawmakers need to do is pass a law to enforce that
local browsers respect their domestic trust regime.
Without Trust Expressions, there is no credible way to tell lawmakers
that this domestic trust regime can ever have a legitimate purpose.
Because who else outside the country will trust it? And if no one else
trusts it, no website can adopt it without dropping off the rest of the
web. If no websites can adopt it, it cannot have any legitimate
function. Its pretty hard (though clearly not impossible) to get such
blatantly malicious laws passed without some kind of veneer of legitimacy.
> Whilst having your domestic root CA ship in clients does enable
surveillance, it's not especially useful when no websites use that
root CA, so targets can tell when their connection is being
intercepted. Governments therefore either have two choices: MiTM
everything (a substantial hurdle to have passed into law) or compel
adoption by websites of the domestic CA (so that MiTM certs blend in
with real ones).
This attack is possible right now. There are already domestic root CAs
included in root stores. However, we have no reason to suspect that
they are being used for MITM because of certificate transparency. And
if they were being used for MITM, they would be removed by root
programs (subject to legal requirements).
I agree. The important aspect is being able to evict them if misbehavior
is detected.
Can you explain what you mean by "blend in", given that certificate
transparency exists?
The effectiveness of certificate transparency is conditional upon both
clients enforcing it and N-2 of the N certificate logs behaving
non-maliciously. This is reasonably easy to achieve for low N as we have
today (although brings its own risks around availability). This gets
harder as N increases, for example if 30 countries were to start
operating CT logs, the security CT provides would decay to nearly nothing.
I agree though that transparency is a fantastic tool in general and a
priority for future development of the web.
[1] https://groups.google.com/a/chromium.org/g/blink-dev/c/R6VOVMt81y8
[2] https://last-chance-for-eidas.org
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
