OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cyber-council message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Impacts of other standards on users


I have a few question for the user council.  Have you given any thought to the impacts of QUIC + TLS 1.3 + encrypted SNI + no static RSA/DH key support on your security sensors, middle boxes, and data center security strategies?  I mean last I checked most vendors that have inspection devices, firewalls, and or sensors can do very little if anything with UDP traffic. Further, a lot of companies like to use static RSA/DH keys in their datacenter so they can do digital forensics and decrypt sessions after the fact.

As you may or may not know, QUIC is a replacement for TCP that is being worked on in the IETF. It mandates TLS 1.3 with no static key support. In addition QUIC runs over UDP, so all of the session management is done at the application level.  This means there is no TCP sequence number or session information in the clear.  It is all encrypted. So all of your flow control tools and load balancers will probably have issues, along with your firewalls and IDS/IPS sensors.

Another aspect is the encrypted SNI, which means any full TLS proxy devices will no longer be able to selectively decrypt traffic based on perceived content.  Meaning, there will be no way to say "this is banking traffic" so do not decrypt it.  It seems to me that this will make all of the middle boxes that are deployed in the network a prime target for threat actors, as they will NOW have access to all of the juicy encrypted sessions, not just the average encrypted session.

Just wondering if any of you have started to think about these ramification to your network. 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]