Re: [TLS] Additional TLS 1.3 results from Chrome

Tim Hollebeek <tim.hollebeek@digicert.com> Tue, 19 December 2017 15:08 UTC

Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52F74129C6C for <tls@ietfa.amsl.com>; Tue, 19 Dec 2017 07:08:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1hfPpjWfImN5 for <tls@ietfa.amsl.com>; Tue, 19 Dec 2017 07:08:34 -0800 (PST)
Received: from mail1.bemta8.messagelabs.com (mail1.bemta8.messagelabs.com [216.82.243.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 639821241FC for <tls@ietf.org>; Tue, 19 Dec 2017 07:08:34 -0800 (PST)
Received: from [216.82.242.36] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-6.bemta-8.messagelabs.com id CE/B0-03583-17B293A5; Tue, 19 Dec 2017 15:08:33 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA1WTWUwTURSGe2em05FQM0xRjg2N2sQFtA1GiQU 10RdTH0x8UytRBx1ptS21UxTDg3WXVhRjUaxAwaCQYgUV41LRUKugRAQUY1xiCGAEJEQRxd2O U1zevnv+P+c/d6NwZohUUlyug7NbWbOajCGeTrlcp7HNSjOkBL/M1gVHUnXVA60y3c/6fEJ3o uGJTPf+oQstluqPhctx/SlnO6EPuDtJfWXlZ0x/rHs/vkJqkJqsmdm566XGls4DMtvxhbnBwB 7SifzpLhRDEfQQBtfDvYSwYGgPBlWu29FFGMFXd6vMhcZRJJ0CTxqaMEGIp4sRtJ73kIKA01N hqKOMEFhBp0H96BskcDydDtdKG6O8FArquiONqEjeNCi7NFsoy+kMqG/yy8Swrwg+7n0sFYRx 9CLwFOzDBUb0RPh0/xwmZiXAsx7fbwY6HrraW0iRJ0Bf9w+p6M+A0uFQtK6G54FRJLIKOnxuJ IQBHZLBjX5/VNDC5aODUV4Oh/xuQjSdRdBeECREIRlOf2rAhR0AvQW++7ix8sGwFxP9t3Go6T 0hEz2J8Kp0nuipkUJz22aBGXojePzicApaCS8f56NClOT9Z28i+xD8bNN4fx9SHNw72UOI9WQ oCvRHeTJcGSzBRV4AxV8aSW/0PjzuLpnIqTBw5x0qR5QfzeQ5+zbOrpmXqs20m7KMDgtrMmvm pOi0Fo7n2SzOzGby2g3Zloso8ux2SiToKvoRXhNCkyhMPUH+wKMzMOMzszfuMLK8cZ09x8zxI ZRIUWqQ+5LTDEycncvicjeZzJG3OyYDFauOlx9Jishy3sZaeFOWKN1Hc6mShmffMOr1yQEnzh DWbCunTJBbhU60YDXmWP80GvsHHUilVMiRRCJhYm2c3WJy/K/3owQKqRXyXUKXWJPV8SevPzI KFhmlaNV8YRQH+1dSOlGGtzmwwVagqB4gY6aZy9uGzUseNRs96wqLklQzbvadW1aaVN6jqV1Z eF4/4sZfGGqDzKwzj1KrFtvuqSpXt6vXdt5Kqz6cx+QkmLe/2JrxqqlCeiFu0ceWD3OdnX7Xo LIk1FXRqC+GMu3yDyOXVMfzFr6dztac2j04pcqB7u6fqSZ4IzsnGbfz7C/Me3KDAgQAAA==
X-Env-Sender: tim.hollebeek@digicert.com
X-Msg-Ref: server-8.tower-94.messagelabs.com!1513696111!202019311!1
X-Originating-IP: [216.32.181.176]
X-StarScan-Received:
X-StarScan-Version: 9.4.45; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 32113 invoked from network); 19 Dec 2017 15:08:32 -0000
Received: from mail-by2nam01lp0176.outbound.protection.outlook.com (HELO NAM01-BY2-obe.outbound.protection.outlook.com) (216.32.181.176) by server-8.tower-94.messagelabs.com with AES256-SHA256 encrypted SMTP; 19 Dec 2017 15:08:32 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=3NaN9odGAZO0au7pD3fdt90dWAg0a7HdUDrq5ur9DsQ=; b=eqwX2K4qp+xdozDfOO4cpkkb6m3A9KiRizzQzAgN9B/5ayzGBXyD0AiQvCmnxqAwELW4eGlDkgH9hhHdC/PPNB2skAcGVMkZ+cLj+TPLgjjtTVtkD1wBCF+4Gi3DdL1i1qRsehuaam57dToK6MoQBy7FaPrQZqTCgOdehza/cs4=
Received: from DM5PR14MB1289.namprd14.prod.outlook.com (10.173.132.19) by DM5PR14MB1291.namprd14.prod.outlook.com (10.173.132.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.323.15; Tue, 19 Dec 2017 15:08:30 +0000
Received: from DM5PR14MB1289.namprd14.prod.outlook.com ([10.173.132.19]) by DM5PR14MB1289.namprd14.prod.outlook.com ([10.173.132.19]) with mapi id 15.20.0323.018; Tue, 19 Dec 2017 15:08:30 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "Salz, Rich" <rsalz@akamai.com>, Eric Rescorla <ekr@rtfm.com>, David Benjamin <davidben@chromium.org>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Additional TLS 1.3 results from Chrome
Thread-Index: AQHTeDdnoK0wVwYZnkmqGWUHphtSUKNJlvsAgABSngCAALp9AIAAIE+Q
Date: Tue, 19 Dec 2017 15:08:30 +0000
Message-ID: <DM5PR14MB12890EA07E2BE7A61AE94729830F0@DM5PR14MB1289.namprd14.prod.outlook.com>
References: <CAF8qwaA4su2j-Lh9XRcLbT_Tysg9H24ys=TCC=Rd1bvrFNds7A@mail.gmail.com> <CABcZeBN9ABRSY76NWfqy5QouVE9BJR78nwExNGe-bXsnn1GkmA@mail.gmail.com> <68370EF8-8F21-435C-98F0-D621D142C629@akamai.com> <2da50a0b-4b28-35fc-fe32-44a4afff9f4f@cs.tcd.ie>
In-Reply-To: <2da50a0b-4b28-35fc-fe32-44a4afff9f4f@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [74.111.107.128]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR14MB1291; 6:Tkd2goENRiNksClMMClKfa1QrdM/Xl83WF6tgPVYzi1jjZKaPN4rRkAOg9n+LNIqTaXaxmscTxCj9h6jnlQhHEkWtcuP+ZUI0QSWfp9k6M7d0+jS7mD7/V5Ga0lWjzdboSMu+6Xx+PAlczCHI6AKrenSzoh3nrYp544s+6LdGJ2HZbQYh9mqsw8H6YUAoRgTTTj7r+FBBZ/Z5ku4V8YQbmaBCWrDR/mCnHI6zLLke4tL1BY+mXSSs8GUDceD93tuA4pwbBX4nEys/GydvBMUBMW3Z8YB/NRkx2UBDwS6zZQ5ixwRroi+Jio/3qNEQfdqTmYViIb7mh74I8r7Uxj6K15cbw/8nDCA5FM6bd7hvw4=; 5:PBURUfAy9s1uHRcPeBHiGkxDm3AL4kPIDzbJYVM9QWVLKkenW6V9UBQYXmZcLezibgHnnI8g1+UGGWPln07b+uWWAIqPbSse7nuiJlR8CNxFa+4QrvFhGlWEWo6zF8e0Dmn79pTN6mMdfHvhSI2OqLt5d8o8UZ9/jlVVWwt9/fs=; 24:VeA0fr4F3dAtAyN4byh1fI+4mt0nl7sTvxv3lCICX4VQBrwpn56gMQeatu3fSOeIl1kmxwwZYEODhLyq6qS+LgJvdAK96T1dIsXpuusZeVY=; 7:klGBXqHbAcgkp4jBgQBiLmnBuKy9UG0ry4ph21GyWz0TXHhY5ZykKK3B4gjxdZmN+5RkdbigXYZeGU7tqPSVDm0SVXnV0wQS3fVflizZ2KMkp2T1KEzSRak4NMn3wCgNrYvp0BE5cv5sd63rADMGBpRLSciODnkdJqUNxQqgARjQHiwjzhtJGaLgla8usR21P1hD4eLZvSjLs2wCcpbmu7hZWQvbnK5zPOgzKxLsbYr2pQI2nDD++m+HxOxcfE11
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 2d7e231f-bc19-497f-c53e-08d546f25d7c
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(5600026)(4604075)(4534020)(4602075)(4603075)(4627115)(201702281549075)(2017052603307)(49563074); SRVR:DM5PR14MB1291;
x-ms-traffictypediagnostic: DM5PR14MB1291:
x-microsoft-antispam-prvs: <DM5PR14MB12912B9222CCC304055A5AB1830F0@DM5PR14MB1291.namprd14.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231023)(3002001)(6041248)(20161123562025)(20161123564025)(2016111802025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123558100)(20161123560025)(6072148)(6043046)(201708071742011); SRVR:DM5PR14MB1291; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:DM5PR14MB1291;
x-forefront-prvs: 052670E5A4
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(346002)(376002)(39860400002)(366004)(189003)(199004)(2950100002)(6506007)(8676002)(81156014)(7696005)(59450400001)(93886005)(106356001)(76176011)(66066001)(86362001)(8936002)(102836003)(6116002)(3846002)(3280700002)(316002)(110136005)(5660300001)(3660700001)(7736002)(99936001)(6436002)(6246003)(305945005)(74316002)(81166006)(2906002)(9686003)(4326008)(229853002)(478600001)(2900100001)(99286004)(77096006)(25786009)(105586002)(97736004)(53936002)(68736007)(55016002)(14454004)(33656002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR14MB1291; H:DM5PR14MB1289.namprd14.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=2.16.840.1.101.3.4.2.1; boundary="----=_NextPart_000_05E1_01D378A0.8A598760"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2d7e231f-bc19-497f-c53e-08d546f25d7c
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Dec 2017 15:08:30.6187 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR14MB1291
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/3TwVWkUZRwUL8BxD0K-XinT8aFw>
Subject: Re: [TLS] Additional TLS 1.3 results from Chrome
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Dec 2017 15:08:36 -0000

> I'm not sure I agree renumbering is the right reaction, though I don't 
> object to
> that. This could be a case where it's overall better that those specific 
> devices
> suffer breakage, and hopefully then do get firmware updated to support
> TLS1.3 or TLS-without-extended-random-or-dual-ec
> at some point.

It's never better to break large numbers of things, if it can be avoided at 
low
cost.  The reaction isn't going to be "TLS 1.3 broke my printer, it's time to
upgrade my firmware.", it's going to be "TLS 1.3 broke my printer, which was
working perfectly fine.  TLS 1.3 is bad.  I wonder what else they got wrong.
People shouldn't use TLS 1.3."

-Tim