IETF Logo Mail Archive

Re: [TLS] TLS@IETF101 Agenda Posted

"Salz, Rich" <rsalz@akamai.com> Thu, 15 March 2018 03:15 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C760212D82F for <tls@ietfa.amsl.com>; Wed, 14 Mar 2018 20:15:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hws3vmuGfx4I for <tls@ietfa.amsl.com>; Wed, 14 Mar 2018 20:15:05 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FC6E127078 for <tls@ietf.org>; Wed, 14 Mar 2018 20:15:05 -0700 (PDT)
Received: from pps.filterd (m0122330.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w2F3DGcG022837; Thu, 15 Mar 2018 03:15:03 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=KHZQLyRv8xzPOf8ZecBk0Vlm9h0vXchELJ/8tTSLmYs=; b=gu7/EOBBVIxj2SiJtnKQRVaZUZxrx8dtypxcWV3Mi+9ZFrqv4dFCUuUHeujCobWPQKxr m4Bz8bnHFvECgSRj+eX1qbOKx9Qq6P7d32PLiQzlyDCVsE1yKaAzZhQlQuUG7If7StM8 xdIFSB3Le0TFTUPJaGa69k+aZCYslwrEOr43ywDhyHS4E6GUSqZXqeFb9XvxO7hsU0IN DMiU1o7v127XAUnUdBgLzajZ7KvM0aBMElVPYHnHO344kQnMTIF8VIGOCaja06W9Dihr /I1wV8nXDyFhuMB06mS2z7Ed6yDy750gFnzmfbCeIX+PdJSmJ8HDYCNY5kBYo+pcpShW Vw==
Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19]) by mx0b-00190b01.pphosted.com with ESMTP id 2gq90ws17q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 15 Mar 2018 03:15:03 +0000
Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w2F3BEjc025757; Wed, 14 Mar 2018 23:15:02 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.31]) by prod-mail-ppoint2.akamai.com with ESMTP id 2gmbk003xu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 14 Mar 2018 23:15:02 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb2.msg.corp.akamai.com (172.27.123.102) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 14 Mar 2018 23:15:01 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1263.000; Wed, 14 Mar 2018 23:15:01 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: nalini elkins <nalini.elkins@e-dco.com>, Ryan Sleevi <ryan-ietftls@sleevi.com>
CC: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] TLS@IETF101 Agenda Posted
Thread-Index: AQHTtvl2jdjB7/0TLECBbBkkzUJLO6PG6bYAgABgygCAAXVYgIAACUMAgACBwICAAEcAAIAE8GYAgAAMrwCAAA5/gP//vtmAgABEIID//8M5gIAARI0AgAAVGgCAAAnRAIAB3GOAgAAEHACAAAKjAIAAA9WAgAAEcAD///cmgA==
Date: Thu, 15 Mar 2018 03:15:00 +0000
Message-ID: <0A6E7350-33EA-4D3F-BBB2-31E80CB6833C@akamai.com>
References: <6140B7A6-A1C7-44BC-9C65-9BE0D5E1B580@sn3rd.com> <986797a7-81b0-7874-5f39-afe83c86635b@cs.tcd.ie> <CAOgPGoBYc7O+qmjM-ptkRkE6mRsOYgc5O7Wu9pm3drFp3TVa6Q@mail.gmail.com> <d7dfdc1a-2c96-fd88-df1b-3167fe0f804b@cs.tcd.ie> <CAHbuEH7E8MhFcMt2GSngSrGxN=6bU6LD49foPC-mdoUZboH_0Q@mail.gmail.com> <1a024320-c674-6f75-ccc4-d27b75e3d017@nomountain.net> <2ed0gc.p5dcxd.31eoyz-qmf@mercury.scss.tcd.ie> <d7ec110f-2a0b-cf97-94a3-eeb5594d8c24@cs.tcd.ie> <CAAF6GDcaG7nousyQ6wotEg4dW8PFuXi=riH2702eZZn2fwfLQw@mail.gmail.com> <CAPsNn2XCNtqZaQM6Bg8uoMZRJE+qQakEwvw8Cn9fBm-5H+Xn_A@mail.gmail.com> <3F8142DE-EADB-4AB9-A204-7D87ACDCD3E3@akamai.com> <CAPsNn2VE_7+rWT0fp9rrVnZrgcY7ORLWTee+kf_Av1dqm4CiDQ@mail.gmail.com> <CB55AABB-8937-4F6B-B5AC-B6F262F08A4F@akamai.com> <CAPsNn2U_xG28Tumo3oRkQ+6=BHzgv-6YtgNSpwvhdFFRWc7EQQ@mail.gmail.com> <2DC45296-244E-4C72-8B3C-DE47EADAC2DE@fugue.com> <MWHPR21MB018978EDE7EA49B3D55B65268CD20@MWHPR21MB0189.namprd21.prod.outlook.com> <CAPsNn2UyTwe_qs_OpwFy0ikBrjcCuZqww2ZiLkk8MbcqkDvzNg@mail.gmail.com> <CAErg=HEfR27g6YqiaWXs7nY8fc=FNXq0r8v6aXsNs_hXUjd9TQ@mail.gmail.com> <CAPsNn2W-z+wQGra=LuVGM961j65OjetR91hT-JQh4sjzAuSuvw@mail.gmail.com> <CAErg=HHnohEzi9OZViWM30p-P2dEGBtw+r5UWEtM7AFnXrVx6g@mail.gmail.com> <CAPsNn2VtozN6Udf3inQCE+Kixrac4pu1tT7kMJUxUmZBJ88rRA@mail.gmail.com>
In-Reply-To: <CAPsNn2VtozN6Udf3inQCE+Kixrac4pu1tT7kMJUxUmZBJ88rRA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.b.0.180311
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.41.175]
Content-Type: multipart/alternative; boundary="_000_0A6E735033EA4D3FBBB231E80CB6833Cakamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-03-15_01:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1803150035
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-03-15_01:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1803150035
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/10m3mLwhPkJ7NxpwB3s9zioOqIs>
Subject: Re: [TLS] TLS@IETF101 Agenda Posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Mar 2018 03:15:07 -0000

  *   I think the core of the discussion is that no matter how many times I say that enterprises are trying to protect their customers, you do not consider that a valid use case.

Can you point to a section in the Fenter draft that shows how customers are being protected?  I could not find it.  I only found the following: “Ubiquitous packet capture and decryption are required for enterprise troubleshooting, and without this capability there will be high severity outages that cannot be solved in an acceptable time frame.” And throughout the rest of that document there is discussion about various types of operational debugging.  Can you tell show me where there is a “protect the customer” need, as opposed to “protecting the enterprise”?

In my experiences, virtually no enterprise will allow TLS connections from Internet to pass through their DMZ.  They terminate at an exterior firewall.  Are you aware of organizations that would, for example, allow a user or partner in front of a browser to open a TLS connection all the way back to an internal service endpoint?

v2.23.0 | Report a Bug | By Email