Re: [TLS] Industry Concerns about TLS 1.3

Watson Ladd <> Sun, 25 September 2016 21:35 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AF97812B03C for <>; Sun, 25 Sep 2016 14:35:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id TXyEV9nus4pC for <>; Sun, 25 Sep 2016 14:35:02 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4A27812B03A for <>; Sun, 25 Sep 2016 14:35:01 -0700 (PDT)
Received: by with SMTP id 192so30436329vkl.2 for <>; Sun, 25 Sep 2016 14:35:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Tb5eZ3hUFhgBxt75UpLZCosdmpNl1E+Y9MY3SbYYHMA=; b=vfN9y+xNYgSlvU89FjupQtFF7FR224d/KKYFQxG0vzakqcGh/5OyBQR38s3Ew/bC7A rd0tkyfJvwNmnzqobSuG9jSFg9dEAD8Gh7bfvwuH/vOdZdQhgg0qcG5etKjcxBlQ82T/ CihVgxsfFbrZz2pe0uhoyeWBLqCBynF8gzNzK39D/28nnHR4N4ktj56VnKOhKCmKD4o/ cPKHxxrf4IBg6pXf50W1Jk5E8310lyvBTYRCCDpJtSSZ3D16JTnDtDGDhKu8R8oEzXQy rrzEdA/65TnKT8+/+Q1Cw3FLiAW9AG+bTSESv8AKkL9lCsF86QBnYXMrs7sgEp6cgJkY awbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Tb5eZ3hUFhgBxt75UpLZCosdmpNl1E+Y9MY3SbYYHMA=; b=JKuIO2ghz8kXh07bXooY3BtrLe0D3L+fJlHGVqw6ZYJWFjWx3Tlln2B28q53eWTbmk oKU+LRleo876AdxXM54pLJgXnHhBZwh4pZ9I7g7d19BIzi0IB+fE44LBaJHKZxXv8f1E WqF92/KbdJyaqaVm0uZ+ISvrkwTR4VG3XrqS6VC+ROiRRGmPXXVRCTXFJVGqFbIEFNCE PtT8eDNELsbV4YYwZQhj9QEOzfv0MyUH0btF82uGMqWjB46h0ccC4YbSvFd43H3N1dDK NX1UlBVvyGfHlWA4DAdRpI/qAdy/zGOElA2tKpKk7N5k9uEwAHLo/KgPAak/Zv+AE1b5 DfcA==
X-Gm-Message-State: AA6/9RlpolxuukSljk3kyd6QNHboUSsz2gLkIuNpUx+u5NYNJZbsAX+sCd+wRDo7LGfbhuMFUP9eWx9Bizcu3g==
X-Received: by with SMTP id r12mr5518868vkf.44.1474839300323; Sun, 25 Sep 2016 14:35:00 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Sun, 25 Sep 2016 14:34:59 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <> <>
From: Watson Ladd <>
Date: Sun, 25 Sep 2016 14:34:59 -0700
Message-ID: <>
To: "Ackermann, Michael" <>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Cc: "" <>
Subject: Re: [TLS] Industry Concerns about TLS 1.3
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 25 Sep 2016 21:35:05 -0000

On Sun, Sep 25, 2016 at 2:20 PM, Ackermann, Michael
<> wrote:
> I understand your concern over what the nation-state actors are doing but it is not the same as what Enterprises do to manage their private servers, networks and clients.

It totally is. You record the traces, then use the private key to
decrypt them. The packets are stupid, they don't know the difference!

> Your final paragraph is quite a constructive question.   "What specifically would you have us do? What do you want in the protocol that enables your needs, but doesn't make it possible for everyone in the world to be surveilled?  Please, make some specific suggestions."
> My personal perspective would be, that the approach to achieving an answer to that important question, would start with:
> 1.  Gathering  protocol neutral requirements from all involved factions,  (with help and suggestions from people on the TLS list)

You know, you could have made those requirements known to us in this
email. How many months extra do you want us to take?

> 2.   Brainstorming session(s) with people on the TLS list as well potential users/operators, with objectives that include the design of a solution that meets (hopefully) all known requirements.

Let me point out that there was a rechartering debate in 2013 which
included lots of discussion about requirements, and about 16 drafts in
between then and now. What you want is to go back to the drawing board
because you weren't aware of what the IETF was discussing instead of
describing your requirements and what would meet them. Huge amounts of
protocol analysis will need to be redone as a result: might be good
for some people, but we're already far behind schedule and with lots
of unresolved issues.

> What I would like to see come out of the debate we seem to be currently involved in,  is the realization that significant operational/management  issues exist with TLS 1.3 and that the IETF is taking them seriously enough to at least begin dialogue intended to address these issues, and potentially work together to craft related solution(s).   In my view this issue is far too complex &  pervasive to believe that any one person or group's perspective would produce a viable overall solution.
> Again, let me restate,  I don't think anyone is saying that we MUST have RSA.    But, we, as the clients of the IETF TLS protocol, would like to work with you to assure we have workable, manageable  and affordable solutions,  that meets our needs as well as the needs of others.

You can use static ephemeral shares on the server side if you want. Is
that good enough? You can do what Brian Sniffen described above, and
you have 1.5 decades to shift or so.

> -----Original Message-----
> From: Salz, Rich []
> Sent: Saturday, September 24, 2016 10:10 PM
> To: Ackermann, Michael <>; Pawel Jakub Dawidek <>;
> Subject: RE: [TLS] Industry Concerns about TLS 1.3
>>   This lack of scope, depth and detail [in MITM infrastructures] are
>> what drove us to install the packet collection infrastructures
>> (debugging networks I think some are saying).
> At the risk of repeating myself and flogging this dead horse...  What you are doing is exactly what the nation-state actors are doing.  I bet that some even use that exact phrase of "packet collection infrastructure."
> I understand that if you want to use TLS 1.3, it is going to be expensive and/or inconvenient; you're going to have to educate regulators and get bespoke TLS endpoint solutions from vendors. Perhaps you can get the NSA's to stop collecting everyone's Internet traffic for future decoding?
> Less flippantly, what specifically would you have us do? What do you want in the protocol that enables your needs, but doesn't make it possible for everyone in the world to be surveilled?  Please, make some specific suggestions.
> The information contained in this communication is highly confidential and is intended solely for the use of the individual(s) to whom this communication is directed. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. Please notify the sender, by electronic mail or telephone, of any unintended receipt and delete the original message without making any copies.
>  Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association.
> _______________________________________________
> TLS mailing list

"Man is born free, but everywhere he is in chains".