Re: [OPSEC] Request comments and discussion for draft-camwinget-tls-ns-impact

"Schönwälder, Jürgen" <J.Schoenwaelder@jacobs-university.de> Wed, 04 March 2020 07:42 UTC

Return-Path: <J.Schoenwaelder@jacobs-university.de>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1793D3A0414 for <opsec@ietfa.amsl.com>; Tue, 3 Mar 2020 23:42:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jacobsuniversity.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9NdCx9dkpCYX for <opsec@ietfa.amsl.com>; Tue, 3 Mar 2020 23:42:21 -0800 (PST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2079.outbound.protection.outlook.com [40.107.20.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49D943A040E for <opsec@ietf.org>; Tue, 3 Mar 2020 23:42:20 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; =?utf-8?q?b=3DkPOWoghXczlJCZtHto4a+xI1bBxAVzUry59yzosGgreqpOtCsmJMxoehNw/HF?= =?utf-8?q?vXPEQLr0uyN3pjNAUWBf7pow1FtBBpf+0Hf9OBWXpAsWsx8QWJnKyQupkLsTblSpM?= =?utf-8?q?EKDk4a7rCPWA1FVynekFD/u7tXOxQudK8WWJgQB9ae/yvDZFP1md4Nsjv9Cvnh0qY?= =?utf-8?q?gbz7XejnkqxqWeWDMzB8xkWVwmkxy7jNSvmnI94fQqamv0bLIiy9xy1UOTdtEr3Vb?= =?utf-8?q?97eeSJ+E1rHnS5NGRA94a9u89IXIaKPRlZ1WsCISownWVkXY7gvCsTuOhcLfhFu2V?= =?utf-8?q?dsiosCvCyCmYFdTGqkljg=3D=3D?=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AMessage-ID=3ACont?= =?utf-8?q?ent-Type=3AMIME-Version=3AX-MS-Exchange-SenderADCheck=3B?= =?utf-8?q?bh=3D9Ug/SkIrGMsHEIWaN4WKCLfprLE10tmx6BQI5tQXBAI=3D=3B_b=3DF/JbD4?= =?utf-8?q?R+DPSVDEXglzAV7S3LjVdR/NcPqLhebp9yauufAe9AcOMGau+lN+Tv0wzEArd4m4k?= =?utf-8?q?+2oscnyxh/ktM6ZYUg0owu1t3G0naFbWAeAf+O8M0IvCE53DrGpX6JFnz5pT5mlK5?= =?utf-8?q?LmyMySHyo2Gviu1p2OHlmxUC5vMWx20E1L+YV2JSBSqcr8GJ1BaGaZ5WptVnmPkht?= =?utf-8?q?IaIIaBHcp2XsoNPzasd0HVv5fF1Ysv18p6i2MG9cEcYxRvTp7hqqPnoHq5drEHhvs?= =?utf-8?q?umtbp+J2BmMBRN5g5OFL6353SquwAf+D5XDTSMLywBSwGN0Msh+6W77jF0IQ412dw?= =?utf-8?q?XeqdlqY4gAA=3D=3D?=
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jacobs-university.de; dmarc=pass action=none header.from=jacobs-university.de; dkim=pass header.d=jacobs-university.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jacobsuniversity.onmicrosoft.com; s=selector2-jacobsuniversity-onmicrosoft-com; =?utf-8?q?h=3DFrom=3ADate=3AS?= =?utf-8?q?ubject=3AMessage-ID=3AContent-Type=3AMIME-Version=3AX-MS-Exchange?= =?utf-8?q?-SenderADCheck=3B?= =?utf-8?q?bh=3D9Ug/SkIrGMsHEIWaN4WKCLfprLE10tmx6BQI5tQXBAI=3D=3B_b=3DTP7AS0?= =?utf-8?q?OJ1ZGUIDAFe53FeHDo497OsWo6aev1Wv8kfiA2cAH6x5OzECoGhSiLz6R5j1aBhtJ?= =?utf-8?q?epNcazzJosud3J+dri6vaEdUFSLmTgbtj4ae8ILPZA3KBUuqaYkb9wy4Q+aVTrKMD?= =?utf-8?q?7CtCBz2YMT+O3PHCsVe2nZYh3F2ds94n+ME=3D?=
Received: from AM4P190MB0004.EURP190.PROD.OUTLOOK.COM (10.172.221.19) by AM4P190MB0148.EURP190.PROD.OUTLOOK.COM (10.172.220.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.18; Wed, 4 Mar 2020 07:42:18 +0000
Received: from AM4P190MB0004.EURP190.PROD.OUTLOOK.COM ([fe80::b931:fce:e8b5:ec62]) by AM4P190MB0004.EURP190.PROD.OUTLOOK.COM ([fe80::b931:fce:e8b5:ec62%10]) with mapi id 15.20.2772.019; Wed, 4 Mar 2020 07:42:18 +0000
Received: from localhost (212.201.44.247) by AM3PR05CA0088.eurprd05.prod.outlook.com (2603:10a6:207:1::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.15 via Frontend Transport; Wed, 4 Mar 2020 07:42:17 +0000
From: =?iso-8859-1?Q?Sch=F6nw=E4lder=2C_J=FCrgen?= <J.Schoenwaelder@jacobs-university.de>
To: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
CC: "opsec@ietf.org" <opsec@ietf.org>
Thread-Topic: [OPSEC] Request comments and discussion for draft-camwinget-tls-ns-impact
Thread-Index: AQHV8csjPCc2ri87eUiwsjydupKew6g4DUSA
Date: Wed, 4 Mar 2020 07:42:18 +0000
Message-ID: <20200304074217.mn7mboum3e7ynj5l@anna.jacobs.jacobs-university.de>
References: <DC776DEE-D5DC-46CD-BDBE-114990494486@cisco.com>
In-Reply-To: <DC776DEE-D5DC-46CD-BDBE-114990494486@cisco.com>
Reply-To: =?iso-8859-1?Q?Sch=F6nw=E4lder=2C_J=FCrgen?= <J.Schoenwaelder@jacobs-university.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: AM3PR05CA0088.eurprd05.prod.outlook.com (2603:10a6:207:1::14) To AM4P190MB0004.EURP190.PROD.OUTLOOK.COM (2603:10a6:200:65::19)
x-originating-ip: [212.201.44.247]
authentication-results: spf=none (sender IP is ) smtp.mailfrom=J.Schoenwaelder@jacobs-university.de;
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f07e9b2b-34e4-4b3a-cd8a-08d7c00f90a7
x-ms-traffictypediagnostic: AM4P190MB0148:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: =?utf-8?q?=3CAM4P190MB014811A206BCD966DB647B98DEE?= =?utf-8?q?50=40AM4P190MB0148=2EEURP190=2EPROD=2EOUTLOOK=2ECOM=3E?=
x-ms-oob-tlc-oobclassifiers: OLM:6430;
x-forefront-prvs: 0332AACBC3
x-forefront-antispam-report: SFV:NSPM; =?utf-8?q?SFS=3A=2810009020=29=283760?= =?utf-8?b?MDIpKDEzNjAwMykoMzY2MDA0KSgzNDYwMDIpKDM5ODUwNDAwMDA0KSgzOTYwMDMp?= =?utf-8?b?KDE5OTAwNCkoMTg5MDAzKSgzNDUwNzAwMDAxKSgxMDc2MDAzKSgyOTA2MDAyKSgy?= =?utf-8?b?NjAwNSkoNjY1NTYwMDgpKDk2NjAwNSkoNjQ3NTYwMDgpKDY2OTQ2MDA3KSg2?= =?utf-8?q?6446008=29=2866476007=29=286916009=29=2886362001=29=28186003=29?= =?utf-8?q?=2881156014=29=2852116002=29=28786003=29=286496006=29=28712004000?= =?utf-8?b?MDEpKDg5MzYwMDIpKDgxMTY2MDA2KSg4Njc2MDAyKSg2NDg2MDAyKSg0Nzg2?= =?utf-8?b?MDAwMDEpKDE2NTI2MDE5KSg5NTYwMDQpKDQ3NDQwMDUpKDQzMjYwMDgpKDMx?= =?utf-8?q?6002=29=285660300002=29=3B?= DIR:OUT; SFP:1101; SCL:1; SRVR:AM4P190MB0148; H:AM4P190MB0004.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: jacobs-university.de does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: =?utf-8?q?4wo++5lOjU7U2xTxnA62WTpD1liYbXs?= =?utf-8?q?ZKWBMYc9HtwrCyMkBQwnnT34QHZNlSMCv4FbtUUKGzFkAzL70vq9lpNUWCIiwTgJZ?= =?utf-8?q?S4YzuqMkUeP5KHdhCZidzttnE+tIoQ92IwAgPg9llhaV8SCKzjBxCTm55g8iRsUij?= =?utf-8?q?XT35W68NhBBC4ZZ3Ibo5/K+iR9zldSZXv0u+LZ730CaKJ+kwFYakArZBzmX7x0Qgy?= =?utf-8?q?EtYpkjfv5lRLoB+6wmFALzcenmv56bzcs2yPzePXWfLNl1h2wDH5qxsMXtU/6osey?= =?utf-8?q?QC45GVFiREwDyaimGGTLDyYc1JUaVvWWx5hP37etXvBNR+GwWW+7AgbPKlc0StiCV?= =?utf-8?q?MQI3FKcC4dHKTRypeDY+ZtG2X494AqqjgujiOFfXTWIu83rAe4edlzZnwCmlaP7tY?= =?utf-8?q?o54GvAUDpKyLAcXaLgrqCPsgo9+7I044behgV9Ch6inw8zbfoMfd+F+Cdz4gPAbMr?= =?utf-8?q?eo9v/f0auaL6WqDyEAoLxfHVOEjjEUvrKp5gLo2WNpRbMyJw=3D=3D?=
x-ms-exchange-antispam-messagedata: =?utf-8?q?HDdKi4N7/pJuCWmBNAQs4S6KL1ZZiz?= =?utf-8?q?M0wyzPONZevCsj0dx24XvliF5SRd1YqznYm0Wfsnu4KQpOFGhPxDILUs17QMNiRk5?= =?utf-8?q?HUyi7P11BKPKLxbPG5pllUAR19IYKeANhCwA37oo5V/iq6qyJMsux8Q=3D=3D?=
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <A81A4F1C7F0A044E91DA8CAB8C41EB20@EURP190.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: jacobs-university.de
X-MS-Exchange-CrossTenant-Network-Message-Id: f07e9b2b-34e4-4b3a-cd8a-08d7c00f90a7
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Mar 2020 07:42:18.2372 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: =?utf-8?q?2ezz1clJVhS7TLZxgpGrE?= =?utf-8?q?hzuh01iXZe18AT2ID3OuxHNyqoE0MPfanDz+89P33J3xJ3fSHc6dsVBwUOM8KqHva?= =?utf-8?q?KnwEjLqNKs8bgi5mjNL4I=3D?=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4P190MB0148
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/sHj-qUF1lluxVTEZYbBZL7LFZxM>
Subject: Re: [OPSEC] Request comments and discussion for draft-camwinget-tls-ns-impact
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Mar 2020 07:42:23 -0000

Dear Nancy,

I have read the document and I like it, a very well written and useful
catalog of TLS-specific security functions and how they are affected
by TLS 1.3. Thanks for putting this together.

/js

On Wed, Mar 04, 2020 at 02:18:05AM +0000, Nancy Cam-Winget (ncamwing) wrote:
> Hello OPSEC participants,
> 
> Given the trends to improve on security and privacy, we thought it important to also
> document how network security solutions are used and how they interact with TLS.
> We have submitted https://datatracker.ietf.org/doc/draft-camwinget-tls-ns-impact/
> and believe it is appropriate to discuss in this working group.
> 
> Warm regards,  Nancy (and my co-authors)

> _______________________________________________
> OPSEC mailing list
> OPSEC@ietf.org
> https://www.ietf.org/mailman/listinfo/opsec


-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>