Re: [TLS] draft-green-tls-static-dh-in-tls13-01

Wartan Hachaturow <wartan.hachaturow@gmail.com> Sun, 16 July 2017 09:45 UTC

Return-Path: <wartan.hachaturow@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5332131761 for <tls@ietfa.amsl.com>; Sun, 16 Jul 2017 02:45:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0tgA1pB2mrda for <tls@ietfa.amsl.com>; Sun, 16 Jul 2017 02:45:32 -0700 (PDT)
Received: from mail-lf0-x22c.google.com (mail-lf0-x22c.google.com [IPv6:2a00:1450:4010:c07::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D538127058 for <tls@ietf.org>; Sun, 16 Jul 2017 02:45:32 -0700 (PDT)
Received: by mail-lf0-x22c.google.com with SMTP id t72so72279974lff.1 for <tls@ietf.org>; Sun, 16 Jul 2017 02:45:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=fw8JMM0I11OmmTnt/Hu8LCqnL1N21Mnfbak7mwYPoLY=; b=gZTMWn0K/jsByiP/iUUaDt8lQgINuz9/1rM2axPW0Hf+1C5YV4lSuiqQbbZ//cWgJj ujC/XpBeEsIYeSQhqEVlKowCj4BeU15hTE9t+R1kv0VH0dB7EVfNXQ3HWlYUQIsvbYL4 2pz05FAoXGPkEpNk+BZefvVfYo+KtVLVCK9H6TTsHbDMJjMXNGrGglxajEu+kxnbnr4z ET720XIVvU7IZlFxsJlLP/7NXvX+FLW8mvsJtXSn19zz1M2vEuZoLjg64SnvcczdDA8g jpSmhUymK/dyV0ryjVzE7Zi7nH51g36GYJdpOsWKYY8J0loLupRbLmZ/baCP+rNi/+Pw x5Yw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=fw8JMM0I11OmmTnt/Hu8LCqnL1N21Mnfbak7mwYPoLY=; b=LnNKGovT7W/DOsd69wOOMw0skfP+gJD9xYhJWGvrrwJ6A/8HR0j8CBzMwE74+zSYo4 iVjXlGBMEWVxOB4VpWHhB4DJBLBGiMSDIS5ljz2gakNvTSr8IBmzLZr54AxQgXYMDdaX 8I0F6jS9JMEel70rLuUCENDM1tqOWzSaFCn7Pa2Ysh0rSt+ZlPnTYXR4RY1tgJVpe/qn ZOKLOaL3Tb5yZHA4na+fQnFQZfpUVfNdgY+lH1YltqS1yXZ+TJtAV/rlevYIMPVrDijU H7trnD18w77cAEeq0T+HJ7MzzqzkLMyq7JqQrkZSF0nfhWYY16GHEOdw3sdfYP8Mt5YN j26w==
X-Gm-Message-State: AIVw110Jr0tDNXhbeyO9x7X6zjrCdPgoEW2ZTsPLn43Wf7ZNXUkRxkVv 2M2DwKZjfaaDnA==
X-Received: by 10.46.83.14 with SMTP id h14mr3477122ljb.102.1500198330757; Sun, 16 Jul 2017 02:45:30 -0700 (PDT)
Received: from localhost (95-161-3-159.broadband.spb.TiERA.org. [95.161.3.159]) by smtp.gmail.com with ESMTPSA id y10sm2982063lja.49.2017.07.16.02.45.29 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 16 Jul 2017 02:45:29 -0700 (PDT)
Date: Sun, 16 Jul 2017 12:44:04 +0300
From: Wartan Hachaturow <wartan.hachaturow@gmail.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Cc: "Dobbins, Roland" <rdobbins@arbor.net>, Matthew Green <matthewdgreen@gmail.com>, IETF TLS <tls@ietf.org>
Message-ID: <20170716094404.sybnpu24l22uuaxb@minsvyaz.ru>
References: <CAPCANN-xgf3auqy+pFfL6VO5GpEsCCHYkROAwiB1u=8a4yj+Fg@mail.gmail.com> <CAL02cgRJeauV9NQ2OrGK1ocQtg-M2tbWm2+5HUc4-Wc8KC3vxQ@mail.gmail.com> <71E07F32-230F-447C-B85B-9B3B4146D386@vigilsec.com> <39bad3e9-2e17-30f6-48a7-a035d449dce7@cs.tcd.ie> <CAJU8_nXBFkpncFDy4QFnd6hFpC7oOZn-F1-EuBC2vk3Y6QKq3A@mail.gmail.com> <f0554055-cdd3-a78c-8ab1-e84f9b624fda@cs.tcd.ie> <A0BEC2E3-8CF5-433D-BA77-E8474A2C922A@vigilsec.com> <87k23arzac.fsf@fifthhorseman.net> <D37DF005-4C6E-4EA8-9D9D-6016A04DF69E@arbor.net> <871spirljc.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <871spirljc.fsf@fifthhorseman.net>
User-Agent: NeoMutt/20170609 (1.8.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/8JLfUCJyHMnEaxmO-1WeinZCsUU>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Jul 2017 09:45:33 -0000

On Sat, Jul 15, 2017 at 01:23:35PM +0200, Daniel Kahn Gillmor wrote:

> > Not to mention the security & troubleshooting applications which
> > require insight into the cryptostream on the wire.
> 
> I asked for examples of regulations that specifically require plaintext
> from the network.

Some countries has got that kind of requirements in the lawful
interception context, in the sense that monitoring is explicitly
required to be fully passive. However, this mostly means "network
equipment that supports some kind of encryption on the link should
be able to pass the traffic in plaintext for monitoring purposes".

-- 
Regards, Wartan.