Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00

"David A. Cooper" <> Wed, 25 October 2017 16:43 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4B14C13F419 for <>; Wed, 25 Oct 2017 09:43:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.488
X-Spam-Status: No, score=-1.488 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, MIME_HTML_ONLY=0.723, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id lZXIZjyjDRUA for <>; Wed, 25 Oct 2017 09:43:07 -0700 (PDT)
Received: from ( [IPv6:2610:20:6005:13::151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 889C613941E for <>; Wed, 25 Oct 2017 09:43:07 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 14.3.361.1; Wed, 25 Oct 2017 12:42:58 -0400
Received: from ( by ( with Microsoft SMTP Server id 14.3.361.1; Wed, 25 Oct 2017 12:43:05 -0400
Received: from [] ( []) by (8.13.8/8.13.1) with ESMTP id v9PGgrjt021302 for <>; Wed, 25 Oct 2017 12:42:53 -0400
To: "" <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
From: "David A. Cooper" <>
Message-ID: <>
Date: Wed, 25 Oct 2017 12:42:53 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/html; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <>
Subject: Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 25 Oct 2017 16:43:10 -0000

No, they would not prevent those other mechanisms. Where is your evidence that they would?

If the "attacker" controls the software that the client is using, then it would set up the software to not check public-key pinning or CT, if necessary. As Richard noted, this may not even require developing custom software. It may be as simple as distributing a standard browser with its own CA added as a "user-installed" root certificate.

In the case that the "attacker" has the cooperation of the server, and the client is using unmodified software, then the data sent between the client and server (including the server's certificate) would be no different than if the server wasn't allowing the "attacker" to have access to the data. There would be no information available to the client at all that would distinguish between scenarios in which the server either is or isn't allowing another party to have access to the data being transmitted over the TLS session.

If public-key pinning and CT would prevent other mechanisms from working, please explain in detail how they would do so. Or better yet, let's end this line of discussion and work on finding mutually agreeable solutions to the underlying problem.

On 10/25/2017 12:12 PM, Richard Barnes wrote:
On Wed, Oct 25, 2017 at 12:06 PM, Salz, Rich <> wrote:
> since those other means would be easier and more effective. You
    have done nothing to suggest otherwise.

Public-key pinning and CT seem like they would prevent those other mechanisms.  No?

Remember that non-default, user-installed root certificates are exempted from those mechanisms in all current browsers.