Re: [TLS] chairs - please shutdown wiretapping discussion...
Colm MacCárthaigh <colm@allcosts.net> Mon, 10 July 2017 16:42 UTC
Return-Path: <colm@allcosts.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA8381317DA for <tls@ietfa.amsl.com>; Mon, 10 Jul 2017 09:42:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=allcosts-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1V3x_tfe8zK4 for <tls@ietfa.amsl.com>; Mon, 10 Jul 2017 09:42:15 -0700 (PDT)
Received: from mail-yw0-x22e.google.com (mail-yw0-x22e.google.com [IPv6:2607:f8b0:4002:c05::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA29F1317D7 for <tls@ietf.org>; Mon, 10 Jul 2017 09:42:15 -0700 (PDT)
Received: by mail-yw0-x22e.google.com with SMTP id v193so38148505ywg.2 for <tls@ietf.org>; Mon, 10 Jul 2017 09:42:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=allcosts-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=JpCnTP4I++yxKyHC4OSIUNZL+P5qu39DdPapdwhveeM=; b=Xh9dyJ6RLpPeclzPs2Sgas0vbVMmPfGWtjmihiuxT9oZDdlRjffOOX/gcwVq6oxZNH e4iX9e66fyBmoUpN/3oV8NteYpUCnrTS4CQDVCsV64rov/xaquxdu9GzPtBtsJoxupTb 0B7ByQOER2BuKyBk378hN9Jw4JwA2abJOrYJ73sL2yOZYM2uksoKt9XywrJXUbO/G8s5 9XMRLaI295ci7oaeDKhmW8lKkTofjf2G1UXaZeAsA1cYHX//C8Uv5L5M1SsyVW6MYetH 8EwbKlF1s3Y/u/vA8FwgNtGxpH1M7G2Lxs4g5Ry2PkIqTncKohU6+CcAmzq+sCf/vXwX juog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=JpCnTP4I++yxKyHC4OSIUNZL+P5qu39DdPapdwhveeM=; b=JVFe/pzlFGRQ91xza9XOQsM/gDYqgdoFG8cSn+uyjsC5dXHOAyFfH0zK2eF5uACUdj 0hV6JZfTCtYBZ/AfwBuJ1ITKjsYWnu4xpHTCC2o6QnMV/RGQ5ARbDljsbNIbbZIo4Y7J JrKs3MpeAbDuGZ5Zr+vGmM1OFuHI4JUfG2jnBzeVrjo7m4YZOMzhSztizeK6I+qE758J b3/WtwyC0L+qyfEAu1MgW/djaTMuWqdJ/tItLa5PbzzfJiYBB4wt61QxDtqMdT7G3IVV L3X2inxlICKSh7C63CgzObarbaXTrTrfD1ZJWGBjb726phjmG09VtAODVLN5mtodl0mZ 12Kg==
X-Gm-Message-State: AIVw112Jc9Ltu94CNe/rqRhnnU9JpeUa9uw1gprXYjd44OA514bJ1C44 y7gYACpbrn1UhHKQjSmhRd1J4PDWyQ2c
X-Received: by 10.129.189.17 with SMTP id b17mr1570339ywi.182.1499704934948; Mon, 10 Jul 2017 09:42:14 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.27.4 with HTTP; Mon, 10 Jul 2017 09:42:14 -0700 (PDT)
In-Reply-To: <1499699684.2933.20.camel@redhat.com>
References: <E9640B43-B3AD-48D7-910D-F284030B5466@nist.gov> <1499699684.2933.20.camel@redhat.com>
From: Colm MacCárthaigh <colm@allcosts.net>
Date: Mon, 10 Jul 2017 09:42:14 -0700
Message-ID: <CAAF6GDe1RBgPbh1y-sVdPkN5FWV6NFuYxOgZJEEvZr+0O4vcWg@mail.gmail.com>
To: Nikos Mavrogiannopoulos <nmav@redhat.com>
Cc: "Polk, Tim (Fed)" <william.polk@nist.gov>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="089e08250514eacb1a0553f943cf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/7PyoPrHFh5F2RPazCZ9lWpQ7JZQ>
Subject: Re: [TLS] chairs - please shutdown wiretapping discussion...
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jul 2017 16:42:17 -0000
On Mon, Jul 10, 2017 at 8:14 AM, Nikos Mavrogiannopoulos <nmav@redhat.com> wrote: > Certainly, but that doesn't need to happen on this working group, nor > protocols which implement similar solutions need to be called TLS. > I'll belabor this point: rather than thinking about what these providers are owed, which is nothing, it is better to think about what is best for TLS overall. Selfishly, I have a strong preference to see TLS1.3 succeed and that within a matter of years, we no longer have to support TLS1.2 or earlier versions. If some networks and operators feel that they can't feasibly use TLS1.3, they're very likely to stay on the older versions. We could consider brinkmanship; and see who blinks first if we try to disable the older versions anyway, but that's a gambit that often makes hostages out of innocent users, and can end up serving to taint TLS1.3 with reliability issues and hold back its adoption. It's clear that there is a strong distaste here for the kind of MITM being talked about, and many wish not to give it any kind of stamp of approval within the standard; that that itself would also taint TLS1.3 with security concerns. Proxies are proposed as a work-around instead, as it avoids any changes to protocol. But this seems like cutting our noses off to spite our faces. Proxies tend to be always-on and render plaintext much more accessible than a tcpdump tap. Proxies are also inline, read-write, and subject to exploit in a worse way than a tcpdump tap (which can be network isolated). In real security terms, I absolutely buy that proxies would be worse for overall security and all of the properties that TLS is supposed to provide, in some environments. That would seem like a bizarre conclusion. -- Colm
- [TLS] chairs - please shutdown wiretapping discus… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Yaron Sheffer
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Paul Turner
- Re: [TLS] chairs - please shutdown wiretapping di… Tony Arcieri
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Tony Arcieri
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Yoav Nir
- Re: [TLS] chairs - please shutdown wiretapping di… Russ Housley
- Re: [TLS] chairs - please shutdown wiretapping di… Tony Arcieri
- Re: [TLS] chairs - please shutdown wiretapping di… Eric Mill
- Re: [TLS] chairs - please shutdown wiretapping di… Colm MacCárthaigh
- Re: [TLS] chairs - please shutdown wiretapping di… Dan Brown
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Sean Turner
- Re: [TLS] chairs - please shutdown wiretapping di… Polk, Tim (Fed)
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Nikos Mavrogiannopoulos
- Re: [TLS] chairs - please shutdown wiretapping di… Ackermann, Michael
- Re: [TLS] chairs - please shutdown wiretapping di… Colm MacCárthaigh
- Re: [TLS] chairs - please shutdown wiretapping di… Sean Turner
- Re: [TLS] chairs - please shutdown wiretapping di… Yoav Nir
- Re: [TLS] chairs - please shutdown wiretapping di… Nico Williams
- Re: [TLS] chairs - please shutdown wiretapping di… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Nico Williams
- Re: [TLS] chairs - please shutdown wiretapping di… Watson Ladd
- Re: [TLS] chairs - please shutdown wiretapping di… Ackermann, Michael
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Ackermann, Michael
- Re: [TLS] chairs - please shutdown wiretapping di… Sean Turner
- Re: [TLS] chairs - please shutdown wiretapping di… Russ Housley
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Russ Housley
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Russ Housley
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Eric Mill
- Re: [TLS] chairs - please shutdown wiretapping di… Jeffrey Walton
- Re: [TLS] chairs - please shutdown wiretapping di… Watson Ladd
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Ackermann, Michael
- Re: [TLS] chairs - please shutdown wiretapping di… Michael StJohns
- Re: [TLS] chairs - please shutdown wiretapping di… Christian Huitema
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Christian Huitema
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] chairs - please shutdown wiretapping di… Yoav Nir
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Yoav Nir
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Nico Williams
- Re: [TLS] chairs - please shutdown wiretapping di… Bill Frantz
- Re: [TLS] chairs - please shutdown wiretapping di… Timothy Jackson
- Re: [TLS] chairs - please shutdown wiretapping di… Kyle Rose
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Kyle Rose
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Richard Barnes
- Re: [TLS] chairs - please shutdown wiretapping di… Kyle Rose
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Ted Lemon
- Re: [TLS] chairs - please shutdown wiretapping di… Kyle Rose
- Re: [TLS] chairs - please shutdown wiretapping di… Ilari Liusvaara
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Kyle Rose
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Kyle Rose
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell
- Re: [TLS] chairs - please shutdown wiretapping di… Kathleen Moriarty
- Re: [TLS] chairs - please shutdown wiretapping di… Stephen Farrell