Re: [OPSEC] Request comments and discussion for draft-camwinget-tls-ns-impact

"Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com> Wed, 04 March 2020 23:33 UTC

Return-Path: <ncamwing@cisco.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F3D63A0C44 for <opsec@ietfa.amsl.com>; Wed, 4 Mar 2020 15:33:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=SVzpA4bA; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=QcUYvsTS
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yEbu5jxNUnwF for <opsec@ietfa.amsl.com>; Wed, 4 Mar 2020 15:33:10 -0800 (PST)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FC0A3A0C37 for <opsec@ietf.org>; Wed, 4 Mar 2020 15:33:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2038; q=dns/txt; s=iport; t=1583364790; x=1584574390; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=I65uVipHkxjCi8W403wYyyG/MA72Gnnoo+OIcd1z1I0=; b=SVzpA4bAaQJQ74fl4ASYGM5hsbdRkiZ1PKglZLlV//iIWqUAVfAqWae9 CXisDTQom4a+cqKoGJGO+LylQKSr38nO4WKvDMq13qt9muofowntDEyeE 63wOVUKoxlA7avH6RRulgeC1l0WakoKYzvIu1A8dvlteffm06jJIJmDrA A=;
IronPort-PHdr: =?us-ascii?q?9a23=3AuEpjVBUoQ4RWskuNnzr5isM7JwnV8LGuZFwc94?= =?us-ascii?q?YnhrRSc6+q45XlOgnF6O5wiEPSA9yJ8OpK3uzRta2oGXcN55qMqjgjSNRNTF?= =?us-ascii?q?dE7KdehAk8GIiAAEz/IuTtank8F81HS15j8FmwMFNeH4D1YFiB6nA=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DgAQBhOWBe/4gNJK1jAxsBAQEBAQE?= =?us-ascii?q?BBQEBAREBAQMDAQEBgXuBVCknBWxYIAQLKoQVg0YDimqCX5gVgUKBEANUCQE?= =?us-ascii?q?BAQwBARgLCgIEAQGEQwIXgWokOBMCAwEBCwEBBQEBAQIBBQRthVYMhWQBAQE?= =?us-ascii?q?DAQEQEREMAQEsCwENAgIBCBAIAgImAgICGQwLFRACBA4FGweDBAGCSgMuAQ6?= =?us-ascii?q?iYwKBOYhidYEygn8BAQWBQ0FAglUYggwDBgWBCSqFIYcGGoIAgTgggk0+axk?= =?us-ascii?q?BgV8BAQMBgSc6FwoZDYJKMoIskCZAnzoKgjyHUo8UHIJJjGyLfESXKpJPAgQ?= =?us-ascii?q?CBAUCDgEBBYFpIoFYcBU7KgGCQVAYDY4dGIEPAQiCQzOEYYVBdIEpjR8BAQ?=
X-IronPort-AV: E=Sophos;i="5.70,515,1574121600"; d="scan'208";a="739132225"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 04 Mar 2020 23:33:07 +0000
Received: from XCH-ALN-002.cisco.com (xch-aln-002.cisco.com [173.36.7.12]) by alln-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 024NX7NG017462 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 4 Mar 2020 23:33:07 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-ALN-002.cisco.com (173.36.7.12) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 4 Mar 2020 17:33:07 -0600
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 4 Mar 2020 18:33:06 -0500
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 4 Mar 2020 18:33:06 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; =?utf-8?q?b=3DDT1hSt0oRyWbydRSudXdUQJPyT3MDpJnIM+G6mf0q5LMbsgFmsDVsOVAjCWa9?= =?utf-8?q?IWvt/z6iMbFjH7ucZrIF1MvwTTJfwMMsmrvJaXYaX/TJEAMkErrQm8D8jfoEmd0Zw?= =?utf-8?q?2njkKJpOc7OjPhbbJQr3XvriTfcgrK9sMMt0jexHp8pbmrWyrN8jb0Vxh9x8+2q7D?= =?utf-8?q?LDlzn1nQ0nyWPxB3NXNPGJH+oS8nRDqInmka+2gUDGBV5982XoQnvWvoluEQrG4+b?= =?utf-8?q?BvpwVQr60pxwMFq1KbhywrX0KMGWedldQTERJtVADJbEcbCPvNREhgwVREkQv8iv/?= =?utf-8?q?CspFzEih7MteCijlft/cg=3D=3D?=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AMessage-ID=3ACont?= =?utf-8?q?ent-Type=3AMIME-Version=3AX-MS-Exchange-SenderADCheck=3B?= =?utf-8?q?bh=3DI65uVipHkxjCi8W403wYyyG/MA72Gnnoo+OIcd1z1I0=3D=3B_b=3DHLvtIr?= =?utf-8?q?v7u7JoMaVB0fZ5vdB0FUvwxUrBoHJBl+LLRcOuWHOOvgtlj3hLY50sOXZnl4q9MsA?= =?utf-8?q?88qnmYk7bMzw2Pl4FYapzWkgtRknWRQJmaBCw7ylz976AGrNAJp0PitiMBUw2sy1C?= =?utf-8?q?QbIsjtmTq+7X+s7yS7gTlWAP7Zy8XOPVQ7G0sEuhE5ZS9TXiEXT4u/X/xouyM7Cfd?= =?utf-8?q?O/GONgUlXj04gNLbPHkMRNE1ji2FbgC5npBFpDgsX8fluZf/7YFq4vYHGA8TxniEF?= =?utf-8?q?mHOBCVzj9Hc1QjFcyeNwEqtvvvrH9XjPAOuVMDk7gd4IUiJTsvkaFePMOEnEI8whw?= =?utf-8?q?gJZ+2dV7uvA=3D=3D?=
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AM?= =?utf-8?q?essage-ID=3AContent-Type=3AMIME-Version=3AX-MS-Exchange-SenderADC?= =?utf-8?q?heck=3B_bh=3DI65uVipHkxjCi8W403wYyyG/MA72Gnnoo+OIcd1z1I0=3D=3B_b?= =?utf-8?q?=3DQcUYvsTSZeIQdZafEmlIOnA518cGoBkQ4r428zx88YezEXA9E5YvGZWFpEBW+a?= =?utf-8?q?mSTkRn/aNuB2MiHYPNdgsvTjGO4oXoGktfel1CRuaz3NoSa/BmXrUrBc2Z5QB/2uh?= =?utf-8?q?BAbXkXDH623bQ7tur2HmRO4W1Y13rQE6pi4Kv47yCFds=3D?=
Received: from BY5PR11MB4070.namprd11.prod.outlook.com (2603:10b6:a03:181::16) by BY5PR11MB4449.namprd11.prod.outlook.com (2603:10b6:a03:1cc::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.16; Wed, 4 Mar 2020 23:33:04 +0000
Received: from BY5PR11MB4070.namprd11.prod.outlook.com ([fe80::852d:fab4:18c1:72d2]) by BY5PR11MB4070.namprd11.prod.outlook.com ([fe80::852d:fab4:18c1:72d2%7]) with mapi id 15.20.2793.013; Wed, 4 Mar 2020 23:33:04 +0000
From: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
To: =?utf-8?B?U2Now7Zud8OkbGRlciwgSsO8cmdlbg==?= <J.Schoenwaelder@jacobs-university.de>
CC: "opsec@ietf.org" <opsec@ietf.org>
Thread-Topic: [OPSEC] Request comments and discussion for draft-camwinget-tls-ns-impact
Thread-Index: AQHV8csjPCc2ri87eUiwsjydupKew6g4DUSAgACDiIA=
Date: Wed, 4 Mar 2020 23:33:04 +0000
Message-ID: <9F8D0BFA-A66F-4DDD-94AA-66136F0C72C7@cisco.com>
References: <DC776DEE-D5DC-46CD-BDBE-114990494486@cisco.com> <20200304074217.mn7mboum3e7ynj5l@anna.jacobs.jacobs-university.de>
In-Reply-To: <20200304074217.mn7mboum3e7ynj5l@anna.jacobs.jacobs-university.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.13.200210
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ncamwing@cisco.com;
x-originating-ip: [2001:420:283:1005:183:ec60:cf8a:19]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f2fef074-4c1f-40e6-9db9-08d7c09462cd
x-ms-traffictypediagnostic: BY5PR11MB4449:
x-microsoft-antispam-prvs: =?utf-8?q?=3CBY5PR11MB444961BCD346E28FF4E453AAD6E?= =?utf-8?q?50=40BY5PR11MB4449=2Enamprd11=2Eprod=2Eoutlook=2Ecom=3E?=
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 0332AACBC3
x-forefront-antispam-report: SFV:NSPM; =?utf-8?q?SFS=3A=2810009020=29=284636?= =?utf-8?b?MDA5KSgzNjYwMDQpKDM0NjAwMikoMzc2MDAyKSgxMzYwMDMpKDM5NjAwMykoMzk4?= =?utf-8?b?NjA0MDAwMDIpKDE4OTAwMykoMTk5MDA0KSg2NTA2MDA3KSgzMzY1NjAwMiko?= =?utf-8?q?478600001=29=2866446008=29=28966005=29=2864756008=29=286486002=29?= =?utf-8?q?=2866476007=29=2866946007=29=2866556008=29=2836756003=29=28316002?= =?utf-8?b?KSg2NjU3NDAxMikoMjkwNjAwMikoMjYxNjAwNSkoODY3NjAwMikoNzEyMDA0?= =?utf-8?b?MDAwMDEpKDY1MTIwMDcpKDc2MTE2MDA2KSg4MTE2NjAwNikoMTg2MDAzKSg2?= =?utf-8?q?916009=29=288936002=29=284326008=29=285660300002=29=2881156014=29?= =?utf-8?q?=2886362001=29=3B?= DIR:OUT; SFP:1101; SCL:1; SRVR:BY5PR11MB4449; H:BY5PR11MB4070.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: =?utf-8?q?se0gEU3jRNgU7Vn7Y7LloVeQwUQIYON?= =?utf-8?q?Nym9ANaTfYpOgCtWiNNuMN2jrshG+lBxQIxuNMij9DiU2F7tQ0utLhhTQx0JvIikc?= =?utf-8?q?hFFmiT/iK10ypt/0S/w7Ts1Cc7Q5Xj9TTq/ocYL86Abf2qZPQS6VOoiCUbDukVwxQ?= =?utf-8?q?nWlSlixNejN2vCly22qeTQlbjyF4GC/CxoAzrRwOeofQoA1DiRkYDwULvgVGL9ab2?= =?utf-8?q?HPaPe46hOmRQWJsx0zVTxeCIT53Ta82OdySY0swrlWEiA6nC4YnNE+33vvUTfvJjS?= =?utf-8?q?kc6i35E552iYC7ULuv99r1QNfaezfyf3J2L27GpsiRtqFisV+k6wsasZ+Lcr+VmR/?= =?utf-8?q?md17B1aTaLdSjFDY6jwfn5ZMm9PSAJVX2Lbc9Be/tiR8YZFEAj+stBxkoOeIz3shX?= =?utf-8?q?d2F2v180y4HoV0mfssuFLpSlLMHDg32/xHYPCXQDy7/+q62y7pgDb5zfxoSDdxsGa?= =?utf-8?q?rPKiOUdvnKQmCvvFVMjS1/XYSkcScBOnVGhtLlbnkLkodh7Q=3D=3D?=
x-ms-exchange-antispam-messagedata: =?utf-8?q?nFVsbTGQ0V0IEz9Z7JivIPHqRqsG/R?= =?utf-8?q?+hdxviU5DVyRcB49HDd5RH83jlNqtAGWKhSaag6Siuk24DTkA/oJk1ENcXEqR5PGI?= =?utf-8?q?yQjT2clHAZ1t4A0R1fwooAujyNV7QNKIPnX8PdaQF319PpLuK9/qI0KK8jikNvH1s?= =?utf-8?q?4mgE4KPp8BGu8bPuu6a1xeH38+bH2w/VGK3cmsVIiFfTdLIHclOXiw=3D=3D?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <CD18CFD58057CF40B91A2C3857DDBF2C@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: f2fef074-4c1f-40e6-9db9-08d7c09462cd
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Mar 2020 23:33:04.0660 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: =?utf-8?q?LEvZDpTgYS3KtWdOiw9Jv?= =?utf-8?q?nOTM8Hh2uDLspiVo6S8kJeMJVF4pNAySuiC6pShFDu7vDebW5PsBEZkAILL5hBAcg?= =?utf-8?q?=3D=3D?=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR11MB4449
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.12, xch-aln-002.cisco.com
X-Outbound-Node: alln-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/kYFntn8I5Z8Q2VUA8Lv-TxnVfJA>
Subject: Re: [OPSEC] Request comments and discussion for draft-camwinget-tls-ns-impact
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Mar 2020 23:33:20 -0000

Many thanks for the quick response Jürgen!  And of course, as authors, we would like to see
If there is interest in the WG to adopt the document; barring we reasonably address all feedback.

Warm regards, Nancy

On 3/3/20, 11:42 PM, "Schönwälder, Jürgen" <J.Schoenwaelder@jacobs-university.de> wrote:

    Dear Nancy,
    
    I have read the document and I like it, a very well written and useful
    catalog of TLS-specific security functions and how they are affected
    by TLS 1.3. Thanks for putting this together.
    
    /js
    
    On Wed, Mar 04, 2020 at 02:18:05AM +0000, Nancy Cam-Winget (ncamwing) wrote:
    > Hello OPSEC participants,
    > 
    > Given the trends to improve on security and privacy, we thought it important to also
    > document how network security solutions are used and how they interact with TLS.
    > We have submitted https://datatracker.ietf.org/doc/draft-camwinget-tls-ns-impact/
    > and believe it is appropriate to discuss in this working group.
    > 
    > Warm regards,  Nancy (and my co-authors)
    
    > _______________________________________________
    > OPSEC mailing list
    > OPSEC@ietf.org
    > https://www.ietf.org/mailman/listinfo/opsec
    
    
    -- 
    Juergen Schoenwaelder           Jacobs University Bremen gGmbH
    Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
    Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>