Re: [TLS] Industry Concerns about TLS 1.3

Tony Arcieri <bascule@gmail.com> Thu, 29 September 2016 00:37 UTC

Return-Path: <bascule@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8F0D12B01C for <tls@ietfa.amsl.com>; Wed, 28 Sep 2016 17:37:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id avDoOTAzZJGb for <tls@ietfa.amsl.com>; Wed, 28 Sep 2016 17:37:06 -0700 (PDT)
Received: from mail-vk0-x235.google.com (mail-vk0-x235.google.com [IPv6:2607:f8b0:400c:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AB2712B010 for <tls@ietf.org>; Wed, 28 Sep 2016 17:37:06 -0700 (PDT)
Received: by mail-vk0-x235.google.com with SMTP id y190so28886383vkd.3 for <tls@ietf.org>; Wed, 28 Sep 2016 17:37:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=eBD9ECEwArMGOFP8l6sOvk/qrd7fOB8ZpcRf5AwAM1Y=; b=UFnMmbJ9xpZmjX98GFfKqA1yzuCse2VEJ3xRHrIlCAsc8rnnA2PZKWLk9ebHDMBmn5 EGDYgzM5PSTNDUSDE3g3unBqHXi7s3C2weDmVCMGcgvpy3yNEzNlWp/OvJrpJqk5ric5 x1syCT8eG4xR6uTcq2sdRA4qaUQ/sErXJJKP6+BmdgojTaNThQzCJ26BDtft2DGsaXoA lF6OEtZhgDEI8qYL2ZD5q+1z+3mwTjCZNxlsh+othNf4QhTgNhQwqO9sjKaywQp67sLV pfRKAgo/qqLhnQ6ZJz+rQAkVdvDiU6lFXzQPqTeXvP6eXSSyIb8F/Bniy/bAouUOctm0 5wzQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=eBD9ECEwArMGOFP8l6sOvk/qrd7fOB8ZpcRf5AwAM1Y=; b=b3qLTINeTvlbmydhMeq7Q9ygY9C3o7Yj1YnjG8MMS5U+bqcWXEF2kaEMcDykRQ3XK2 ZemmpCfOEQFMzXQ3IhSSFjshWC3cmHznAS2ovnLz6KOquCVN2pF09V+i9JuuGL+N7Pol EIiQcsuCkBzxS4/hmNLp78rej1gbPgnjc3HQluTzP8dON0Fv15hE9uSUNf5cpjVQQDT4 gxal/xzF6Oc8FcNKIT08whCvJiFu0pGUVvM6wTaJAIPK5MfcDIBnSy2bVyZzzMgJ9w6V JfAtNHznQ03s4ao01bGkjGPdlczRv391LDjrZCLib+LPfDQZyD9pUFteVY54fauVDuGM 8Liw==
X-Gm-Message-State: AA6/9RmZi6XLF1BgfKB8lTQ+VyXJBfq14G0/l/F2dOu1FMn1yQEyvjg14O1QDE10DsRSNwvD/mYjRlG0MuS4HA==
X-Received: by 10.31.69.81 with SMTP id s78mr1146761vka.47.1475109425673; Wed, 28 Sep 2016 17:37:05 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.153.195 with HTTP; Wed, 28 Sep 2016 17:36:44 -0700 (PDT)
In-Reply-To: <282ff05b-f013-7af8-2c44-64ee814323a9@nomountain.net>
References: <r470Ps-10116i-D1400872992D4A999C16CBD8D0E8C6D1@Williams-MacBook-Pro.local> <282ff05b-f013-7af8-2c44-64ee814323a9@nomountain.net>
From: Tony Arcieri <bascule@gmail.com>
Date: Wed, 28 Sep 2016 17:36:44 -0700
Message-ID: <CAHOTMV+0wbMC6FKRQ4tAwKf1SoisKEf1hAsNqTH9gQGRha44Zg@mail.gmail.com>
To: Melinda Shore <melinda.shore@nomountain.net>
Content-Type: multipart/alternative; boundary=001a114dbe68527c4a053d9aadc9
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/3F8CEeA5U14N1V_mRzVHss-q25U>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Industry Concerns about TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2016 00:37:09 -0000

On Wed, Sep 28, 2016 at 4:27 PM, Melinda Shore <melinda.shore@nomountain.net
> wrote:

> We have poor participation and representation from
> enterprise networks.  So now we've got someone showing up from
> the enterprise space and saying "I have this problem related to
> protocol changes."  And yeah, he's very, very late in this
> process, although it's worth pointing out that it's in the best
> tradition of the IETF to deal with technical problems that crop
> up with documents at any point in their development.


"BITS Security" is representing *some* companies in the payments space,
namely these ones: http://fsroundtable.org/members/

Their concerns are not representative of "the enterprise", "the industry",
"the payments space", etc. In fact some of the companies in the
aforementioned link have personally contacted me to note they disagree with
"BITS Security". Even among their cabal, their opinion is contentious.

My personal opinion, as a security professional directly working on
implementing TLS for a payments company, is their last-minute proposed
changes would harm the security of our payments platform. I want to deploy
TLS 1.3 in its current form. I also think the reasoning for their proposed
changes is based on flawed premises.

There are relevant industry groups BITS Security seems actually concerned
with, such as the PCI Council. BITS Security should be voicing their
concerns there, and the PCI Council should be working with the IETF to
implement such changes if they're actually deemed necessary.

I do not think this is a case of the IETF failing to understand "industry
requirements". I strongly disagree the proposal represents "industry
requirements" at all. I think they are trying to subvert the IETF process
because they have inadequate security processes and they do not want to see
their inadequate processes disturbed by security improvements to TLS.

As a payments professional, my personal opinion is improving the security
of TLS is *paramount*. The voiced concerns are not representative of
"enterprise", "industry", or "payments" as a whole, but an last-minute
opinion of companies who haven't been paying attention to the process who
do not want to invest in upgrading their security practices.

The IETF is doing great work. This entire thread is a distraction, and I
hope it does not result in changes which weaken TLS 1.3's security.

-- 
Tony Arcieri