Re: [TLS] TLS@IETF101 Agenda Posted
George Palmer <gl@bitwiseshift.net> Tue, 13 March 2018 17:30 UTC
Return-Path: <gl@bitwiseshift.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FFD412741D for <tls@ietfa.amsl.com>; Tue, 13 Mar 2018 10:30:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=bitwiseshift.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qypxqAXs7W6a for <tls@ietfa.amsl.com>; Tue, 13 Mar 2018 10:30:48 -0700 (PDT)
Received: from mail-wr0-x230.google.com (mail-wr0-x230.google.com [IPv6:2a00:1450:400c:c0c::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D47B31200E5 for <tls@ietf.org>; Tue, 13 Mar 2018 10:30:47 -0700 (PDT)
Received: by mail-wr0-x230.google.com with SMTP id d10so1182893wrf.3 for <tls@ietf.org>; Tue, 13 Mar 2018 10:30:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bitwiseshift.net; s=20170811; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=umv7HARkDDayyHgy3K6ao/080vGTaAjnW07AUn32fuE=; b=F9AyUvqmH/2R6+/4rKKqUJgSH3YUapk/HWTyolUUsT4cvWEq0V8jFnhC/OPSkTN5ap T8iAua5dEeaNhgiZ8eiGj9MmbgM28HGzeaGMeA1XS2rpRuulXKhSltdHuZ7ILxIPx/zy 2JBmfiPkmDXp4e40Rw1yB/DtA8jx+uGQTAD3ZeMw2ySP/Y5o6t0q7m8vk3ZriEF3BI+y GcfcS921WApHPRNpKurFCS6tPbIkQzGD2CtZ2074yEB3VrIwxoXRzxvFPr6KFGarP29I /sUd5Q9h0gfE6TPkrBU4xQ2cdYiXjNibAXFCza4SMtdcCo++u3TfjOA/U0AL7geBXuhn SI9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=umv7HARkDDayyHgy3K6ao/080vGTaAjnW07AUn32fuE=; b=TEm7twAoCU8Uq3+ptHmpaeWYhCeCTrTE1rTxkcuGphhusCBHsiz97bmonIWfmw9uiC Bxz2IkFjegcmszGE11aOLhR/aH3ezHXQJIZtZeDmW7CxMq1SVuk8XKjqymW81Bwtgc+R SQ/8LB0OI2LOSV/50HnbaDBxMTqTt7k5b+per4JOxTa8GcpBHVkRAMD2xOzcT15N58JT Ij4ZVtYRnjeec7MlOTNpWuNK7KczVlt6ZXpk5K3akJWSK8w5qV8BWCfAY5PkOCw/YPBh w34OcbSza3z4aYFDEcSMVYg5T2HrnkkP4F/wSVEfzrqNAmon7T3AZLobRnmwQcswHlnE c5MQ==
X-Gm-Message-State: AElRT7FKjipHtNbBL9GPyR0kdwotqKZ/z/8uoaYErci4W6yoPVudDuET GkTK2WYEKKw0/kCBZbW/i6Lkl9tdeWfVziyIwo1s+gNVzrwNgwtZ3Ovjhg7oCObmzS38HPeQt0s cFbERhYN8lfXJ2daBOPbGj5ClKTVaERlcAO0yagB0O6bfev9Qm1REpA==
X-Google-Smtp-Source: AG47ELuzXUN2XqtJaYI+rWqYEx8Ql/4UNRih41bCcELwjRM4PdO5/gitcnDjT8hn33oTAR8uUd8N7A==
X-Received: by 10.80.211.19 with SMTP id g19mr1683221edh.15.1520962246045; Tue, 13 Mar 2018 10:30:46 -0700 (PDT)
Received: from [10.14.31.41] ([89.191.217.234]) by smtp.gmail.com with ESMTPSA id 93sm521666edi.19.2018.03.13.10.30.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Mar 2018 10:30:45 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail-6B19B307-F480-4B3A-B2A0-69B8587F1302"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (1.0)
From: George Palmer <gl@bitwiseshift.net>
X-Mailer: iPhone Mail (15D100)
In-Reply-To: <CABcZeBNpMekXPRYiLe3oGCjhuu3X+9zuLVnbiz1TnhymVWAMgQ@mail.gmail.com>
Date: Tue, 13 Mar 2018 17:30:44 +0000
Cc: nalini elkins <nalini.elkins@e-dco.com>, "<tls@ietf.org>" <tls@ietf.org>
Content-Transfer-Encoding: 7bit
Message-Id: <0FE675D1-3300-418D-A5D6-A8A7344CB96A@bitwiseshift.net>
References: <6140B7A6-A1C7-44BC-9C65-9BE0D5E1B580@sn3rd.com> <986797a7-81b0-7874-5f39-afe83c86635b@cs.tcd.ie> <CAOgPGoBYc7O+qmjM-ptkRkE6mRsOYgc5O7Wu9pm3drFp3TVa6Q@mail.gmail.com> <d7dfdc1a-2c96-fd88-df1b-3167fe0f804b@cs.tcd.ie> <CAHbuEH7E8MhFcMt2GSngSrGxN=6bU6LD49foPC-mdoUZboH_0Q@mail.gmail.com> <1a024320-c674-6f75-ccc4-d27b75e3d017@nomountain.net> <2ed0gc.p5dcxd.31eoyz-qmf@mercury.scss.tcd.ie> <d7ec110f-2a0b-cf97-94a3-eeb5594d8c24@cs.tcd.ie> <CAAF6GDcaG7nousyQ6wotEg4dW8PFuXi=riH2702eZZn2fwfLQw@mail.gmail.com> <CAPsNn2XCNtqZaQM6Bg8uoMZRJE+qQakEwvw8Cn9fBm-5H+Xn_A@mail.gmail.com> <CABcZeBNpMekXPRYiLe3oGCjhuu3X+9zuLVnbiz1TnhymVWAMgQ@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/7h02ZbcXjQmh4Q_k0aNDd-KUhys>
Subject: Re: [TLS] TLS@IETF101 Agenda Posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Mar 2018 17:30:50 -0000
+1 > On 13 Mar 2018, at 17:23, Eric Rescorla <ekr@rtfm.com> wrote: > > > >> On Tue, Mar 13, 2018 at 8:58 AM, nalini elkins <nalini.elkins@e-dco.com> wrote: >> Stephen (and TLS group) >> >> We need to look at the bigger picture. >> >> The TLS working group has been concentrating on making the Internet secure for the individual user. We feel that there is also an underlying motivation to help the underdog and protect the political dissident. These are all laudable goals. >> >> But, the Internet is much more than that. The Internet is the underpinnings of much of the business community which is utilized by consumers (end users). Making a change which makes businesses less secure because crucial functions cannot be done will lead to enormous chaos and disruption. Many businesses are likely to not want to adopt TLS1.3 or seek unique DIY type alternatives. In fact, we have already heard of some planning to block TLS 1.3 traffic just for this reason. > > As a break from the meta-discussion about whether this topic should be > on the agenda, I'd like to make a technical point. There are two > separate settings where TLS 1.3 makes inspection more difficult: > > 1. Cases where the inspecting entity controls the server and does > passive inspection: TLS 1.3 mandates PFS and so designs > which involve having a copy of the server's RSA key won't work > > 2. Cases where the inspecting entity controls the client and does > MITM: TLS 1.3 encrypts the certificate and so conditional > inspection based on the server cert doesn't work (though see [0] > for some of the reasons this is problematic.) > > The two drafts under discussion here only apply to case #1 and not to > case #2. However, for case #1, because you control the server, there's > no need to look at blocking TLS 1.3, you merely need to not enable it > on your server, so this framing is a bit confusing. > > > -Ekr > > [0] https://www.imperialviolet.org/2018/03/10/tls13.html > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] TLS@IETF101 Agenda Posted Sean Turner
- Re: [TLS] TLS@IETF101 Agenda Posted Stephen Farrell
- Re: [TLS] TLS@IETF101 Agenda Posted Artyom Gavrichenkov
- Re: [TLS] TLS@IETF101 Agenda Posted Joseph Salowey
- Re: [TLS] TLS@IETF101 Agenda Posted Darin Pettis
- Re: [TLS] TLS@IETF101 Agenda Posted Artyom Gavrichenkov
- Re: [TLS] TLS@IETF101 Agenda Posted Stephen Farrell
- Re: [TLS] TLS@IETF101 Agenda Posted Kathleen Moriarty
- Re: [TLS] TLS@IETF101 Agenda Posted Stephen Farrell
- Re: [TLS] TLS@IETF101 Agenda Posted Melinda Shore
- Re: [TLS] TLS@IETF101 Agenda Posted stephen.farrell
- Re: [TLS] TLS@IETF101 Agenda Posted Stephen Farrell
- [TLS] draft-rhrd-tls-tls13-visibility at IETF101 Jim Reid
- Re: [TLS] TLS@IETF101 Agenda Posted Colm MacCárthaigh
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Salz, Rich
- Re: [TLS] TLS@IETF101 Agenda Posted Joseph Salowey
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Joseph Salowey
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Artyom Gavrichenkov
- Re: [TLS] TLS@IETF101 Agenda Posted Salz, Rich
- Re: [TLS] TLS@IETF101 Agenda Posted Melinda Shore
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Ackermann, Michael
- Re: [TLS] TLS@IETF101 Agenda Posted Salz, Rich
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Richard Barnes
- Re: [TLS] draft-rhrd-tls-tls13-visibility at IETF… Melinda Shore
- Re: [TLS] TLS@IETF101 Agenda Posted Eric Rescorla
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted George Palmer
- Re: [TLS] TLS@IETF101 Agenda Posted Artyom Gavrichenkov
- Re: [TLS] TLS@IETF101 Agenda Posted Sean Turner
- Re: [TLS] TLS@IETF101 Agenda Posted Salz, Rich
- Re: [TLS] TLS@IETF101 Agenda Posted Ted Lemon
- Re: [TLS] TLS@IETF101 Agenda Posted Artyom Gavrichenkov
- Re: [TLS] TLS@IETF101 Agenda Posted Artyom Gavrichenkov
- Re: [TLS] TLS@IETF101 Agenda Posted Andrei Popov
- Re: [TLS] draft-rhrd-tls-tls13-visibility at IETF… Kathleen Moriarty
- Re: [TLS] draft-rhrd-tls-tls13-visibility at IETF… Melinda Shore
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Ackermann, Michael
- Re: [TLS] draft-rhrd-tls-tls13-visibility at IETF… Kathleen Moriarty
- Re: [TLS] TLS@IETF101 Agenda Posted Ted Lemon
- Re: [TLS] TLS@IETF101 Agenda Posted Stan Kalisch
- Re: [TLS] draft-rhrd-tls-tls13-visibility at IETF… Russ Housley
- Re: [TLS] TLS@IETF101 Agenda Posted Ackermann, Michael
- Re: [TLS] TLS@IETF101 Agenda Posted Darin Pettis
- Re: [TLS] TLS@IETF101 Agenda Posted Russ Housley
- Re: [TLS] TLS@IETF101 Agenda Posted Andrei Popov
- Re: [TLS] TLS@IETF101 Agenda Posted Stephen Farrell
- Re: [TLS] TLS@IETF101 Agenda Posted Salz, Rich
- Re: [TLS] TLS@IETF101 Agenda Posted Russ Housley
- Re: [TLS] TLS@IETF101 Agenda Posted Andrei Popov
- Re: [TLS] TLS@IETF101 Agenda Posted Ted Lemon
- Re: [TLS] TLS@IETF101 Agenda Posted Salz, Rich
- Re: [TLS] TLS@IETF101 Agenda Posted Ted Lemon
- Re: [TLS] TLS@IETF101 Agenda Posted Salz, Rich
- Re: [TLS] draft-rhrd-tls-tls13-visibility at IETF… Stephen Farrell
- Re: [TLS] TLS@IETF101 Agenda Posted Artyom Gavrichenkov
- Re: [TLS] TLS@IETF101 Agenda Posted Stan Kalisch
- Re: [TLS] TLS@IETF101 Agenda Posted Russ Housley
- Re: [TLS] draft-rhrd-tls-tls13-visibility at IETF… Russ Housley
- Re: [TLS] TLS@IETF101 Agenda Posted Kathleen Moriarty
- Re: [TLS] TLS@IETF101 Agenda Posted Russ Housley
- Re: [TLS] draft-rhrd-tls-tls13-visibility at IETF… Stan Kalisch
- Re: [TLS] draft-rhrd-tls-tls13-visibility at IETF… Stephen Farrell
- Re: [TLS] draft-rhrd-tls-tls13-visibility at IETF… Ted Lemon
- Re: [TLS] TLS@IETF101 Agenda Posted Ted Lemon
- Re: [TLS] TLS@IETF101 Agenda Posted Hubert Kario
- Re: [TLS] TLS@IETF101 Agenda Posted Kathleen Moriarty
- Re: [TLS] TLS@IETF101 Agenda Posted Russ Housley
- Re: [TLS] TLS@IETF101 Agenda Posted Ted Lemon
- Re: [TLS] TLS@IETF101 Agenda Posted Hubert Kario
- Re: [TLS] TLS@IETF101 Agenda Posted Salz, Rich
- Re: [TLS] TLS@IETF101 Agenda Posted Peter Bowen
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Ryan Sleevi
- Re: [TLS] TLS@IETF101 Agenda Posted Stephen Farrell
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Ryan Sleevi
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Salz, Rich
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Stephen Farrell
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Andrei Popov
- Re: [TLS] TLS@IETF101 Agenda Posted Stephen Farrell
- Re: [TLS] TLS@IETF101 Agenda Posted Artyom Gavrichenkov
- Re: [TLS] TLS@IETF101 Agenda Posted Stephen Farrell
- Re: [TLS] TLS@IETF101 Agenda Posted Ralph Droms
- Re: [TLS] TLS@IETF101 Agenda Posted Artyom Gavrichenkov
- Re: [TLS] TLS@IETF101 Agenda Posted Ralph Droms
- Re: [TLS] TLS@IETF101 Agenda Posted Salz, Rich
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Ted Lemon
- Re: [TLS] TLS@IETF101 Agenda Posted Stan Kalisch
- Re: [TLS] TLS@IETF101 Agenda Posted Russ Housley
- Re: [TLS] TLS@IETF101 Agenda Posted Andrei Popov
- Re: [TLS] TLS@IETF101 Agenda Posted Russ Housley
- Re: [TLS] TLS@IETF101 Agenda Posted Stephen Farrell