IETF Logo Mail Archive

Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00

"Salz, Rich" <rsalz@akamai.com> Tue, 24 October 2017 21:29 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C4BE13A5D2 for <tls@ietfa.amsl.com>; Tue, 24 Oct 2017 14:29:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vHZxzlhnpJm3 for <tls@ietfa.amsl.com>; Tue, 24 Oct 2017 14:29:13 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A505D138467 for <tls@ietf.org>; Tue, 24 Oct 2017 14:29:13 -0700 (PDT)
Received: from pps.filterd (m0050093.ppops.net [127.0.0.1]) by m0050093.ppops.net-00190b01. (8.16.0.21/8.16.0.21) with SMTP id v9OLRSvd014323; Tue, 24 Oct 2017 22:28:57 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=IeL83Q6/ajbgI5qeG54RCfq7OjbAT5I/NVVMRtAqDgM=; b=ZN72dJoWIV/XUBlf8dmD8CrnYD6nNG0PRMZvnaM0liprxyWWH/sR4C5mtONEn7qwZhWt UG67tqKJfUrmK06UAyoPEu3zrbk6+Lj/Cs+yvulcLqnFdu5PEFJIMHSzIRZOTJLcIIXG U7zoo2ep7crfKdg4sKG5H3RYouwXTM6besgLYPIDkhGSktBsX8KfdZXB46S5KWrOXdvR yF8S+8pRWmKAENltmwYh0HP+rNKZUFxleuaucnh5VMLdEx5R/iZE6rR6/5MiLr8Dsrkl wPvNTlroelARVPfiLoFgsdYHHyuW6alVRvaW68s8zq7pewifl+Uc0aGbA47P/ipql/3p og==
Received: from prod-mail-ppoint3 ([96.6.114.86]) by m0050093.ppops.net-00190b01. with ESMTP id 2dqwgkumn7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 Oct 2017 22:28:57 +0100
Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1]) by prod-mail-ppoint3.akamai.com (8.16.0.21/8.16.0.21) with SMTP id v9OLPhML004456; Tue, 24 Oct 2017 17:28:56 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.32]) by prod-mail-ppoint3.akamai.com with ESMTP id 2dr1jvm3yr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 24 Oct 2017 17:28:56 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb6.msg.corp.akamai.com (172.27.123.65) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 24 Oct 2017 17:28:54 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1263.000; Tue, 24 Oct 2017 17:28:55 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Ralph Droms <rdroms.ietf@gmail.com>
CC: "David A. Cooper" <david.cooper@nist.gov>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00
Thread-Index: AQHTTPr5Mz3yJYxp1UWiK0P85Z38q6LzpCgAgAABKgCAAAJqAIAABUSAgAABPYCAAACfAIAABaGAgAAAwACAAAe1gIAAClSA
Date: Tue, 24 Oct 2017 21:28:54 +0000
Message-ID: <9C46A5C1-27B8-45C0-A8E5-AA713597C7A9@akamai.com>
References: <cde0e322-797c-56e8-8c8d-655248ed7974@nist.gov> <FB95CAC8-C967-4724-90FB-B7E609DADF45@akamai.com> <8A5E441B-90B7-4DF4-BD45-7A33C165691B@gmail.com> <3BA34D7B-BB04-4A1F-B18A-B0AC25402C4B@gmail.com> <0f9073f5-271b-a741-1a1e-f20ebc506d61@nist.gov> <BC5ABCF3-E36D-47B0-8D9B-D554B29359CF@fugue.com> <88AB2AEF-D780-4A29-B9AE-6096CEBF2F7F@fugue.com> <fa2b0ed8-2688-682c-de95-4c3a6d7921a4@nist.gov> <DF6E4D08-B27F-4785-A8FC-D6A90F7A8096@fugue.com> <BC309B0A-6554-4C8F-8A73-A4607CC6EC43@gmail.com>
In-Reply-To: <BC309B0A-6554-4C8F-8A73-A4607CC6EC43@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.27.0.171010
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.33.119]
Content-Type: multipart/alternative; boundary="_000_9C46A5C127B845C0A8E5AA713597C7A9akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-10-24_11:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1710240292
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-10-24_11:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1710240293
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/9W2WQxfJdJUp08UOgg0RFxIMiSM>
Subject: Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2017 21:29:15 -0000

>  Enterprise network operators say that deploying these devices to provide the same visibility as the visibility extension would, at best, be highly complicated and expensive, if not altogether impossible.

Based on the contacts you’ve had, what’s their cost estimate for modifying the servers and monitoring infrastructure?  Zero?  Thousands per device?  Based on  the contacts you’ve had, how does the cost of modifications to support *this* draft, compare to the cost of modifying the server and monitoring infrastructure to report and use negotiation PFS session keys?

And hey, you’re an author.  Does your draft allow an intermediate such as a firewall to modify the traffic that passes through?

v2.23.0 | Report a Bug | By Email