Re: [TLS] draft-green-tls-static-dh-in-tls13-01

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Wed, 19 July 2017 18:06 UTC

Return-Path: <prvs=8373673639=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46AF4131B9B for <tls@ietfa.amsl.com>; Wed, 19 Jul 2017 11:06:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.198
X-Spam-Level:
X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WSHF1Cddcrai for <tls@ietfa.amsl.com>; Wed, 19 Jul 2017 11:06:14 -0700 (PDT)
Received: from llmx2.ll.mit.edu (LLMX2.LL.MIT.EDU [129.55.12.48]) by ietfa.amsl.com (Postfix) with ESMTP id 6821B12785F for <tls@ietf.org>; Wed, 19 Jul 2017 11:06:12 -0700 (PDT)
Received: from LLE2K10-HUB01.mitll.ad.local (LLE2K10-HUB01.mitll.ad.local) by llmx2.ll.mit.edu (unknown) with ESMTP id v6JI6A1n018619; Wed, 19 Jul 2017 14:06:10 -0400
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: "Dobbins, Roland" <rdobbins@arbor.net>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] draft-green-tls-static-dh-in-tls13-01
Thread-Index: AQHS/ulwkltwWiCLAkez9/LKtukmkaJYpiSAgAAE/ICAAtZXgIAAGYoA//++zoCAAEWCAIAABMAA///DOoCAAFAQAP//vjeA
Date: Wed, 19 Jul 2017 18:06:09 +0000
Message-ID: <1CA52ED8-3119-41CD-AD51-EA5DC7B77ADD@ll.mit.edu>
References: <CAPCANN-xgf3auqy+pFfL6VO5GpEsCCHYkROAwiB1u=8a4yj+Fg@mail.gmail.com> <CAOjisRxxN9QjCqmDpkBOsEhEc7XCpM9Hk9QSSAO65XDPNegy0w@mail.gmail.com> <CABtrr-XbJMYQ+FTQQiSw2gmDVjnpuhgJb3GTWXvLkNewwuJmUg@mail.gmail.com> <72BACCE6-CCB9-4DE9-84E6-0F942E8C7093@gmail.com> <a0a7b2ed-8017-9a54-fec0-6156c31bbbfa@nomountain.net> <6AF150DF-D3C8-4A4A-9D56-617C56539A6E@arbor.net> <CAN2QdAGRTLyucM1-JPmDU17kQgAv0bPZNASh54v=XoCW+qj48A@mail.gmail.com> <CACsn0cnc0X5++cOvTNsboda8J42qg3VDquZ4Va-X-YDcggnbvA@mail.gmail.com> <7423703D-5277-4F78-A2ED-1B7E152E7B08@arbor.net> <CACsn0cmo0HXBj7MidTTwkgE+Hwed9SrEODSzN8oURzQHJTW1aQ@mail.gmail.com> <E5BF12C2-B79A-444B-B4C2-90D28B40CCAC@arbor.net> <CACsn0c=_OT8R6SSr0P3RvT7Qx+smfz1DAKjH9Gni+jM8Ue4v5A@mail.gmail.com> <CAAF6GDc9e9TGWVaOjdb83AFH=z2kt41Rje+r4Ureoc6KVgEUJg@mail.gmail.com> <B08F0D98-FAE9-494C-AA96-4CE89792B770@ll.mit.edu> <CAAF6GDdSnCggfsrSG68An348ngR+fcb+9nQcKvJJGFtxg8NzJw@mail.gmail.com> <FDC8499C-FA96-4992-B1F2-C90F6154856B@arbor.net> <9A49F3C7-DEC7-4FEA-9017-B48DAC1D1446@ll.mit.edu> <2FAFADF2-F791-406B-9519-EAB266AC2FCD@arbor.net>
In-Reply-To: <2FAFADF2-F791-406B-9519-EAB266AC2FCD@arbor.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.23.0.170610
x-originating-ip: [172.25.177.195]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha256; boundary="B_3583317969_1020197046"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-07-19_12:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1706020000 definitions=main-1707190284
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/9RnkIaZfEkpYhxwlc42-myKC1Sw>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jul 2017 18:06:16 -0000

    > Or are you simply trying to delay the inevitable?
    
    I'm open to any solution which meets the stated requirements & is deployable & usable on real-world
    production networks, without necessitating a total redesign of said networks & the complete social
    reorganization of the entities in question. 
    
    ;>

It’s not the networks that need to be “totally redesigned”, but the mechanism to do surveillance. And only for some kinds of traffic (that uses TLS 1.3).
And we are not talking about “complete” “social reorganization” of the entities (if you mean endpoints) – most of them already carry all that’s necessary (and more) to perform surveillance from inside the endpoint.
    
    There's some very constructive discussion taking place now about the relative merits of various approaches, & I'm following it quite keenly. 

So am I. ;>
    
    -----------------------------------
    Roland Dobbins <rdobbins@arbor.net>;