Re: [TLS] draft-green-tls-static-dh-in-tls13-01

"Ackermann, Michael" <> Sat, 15 July 2017 16:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7916F127078 for <>; Sat, 15 Jul 2017 09:39:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.09
X-Spam-Status: No, score=-4.09 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)"
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id mbGWFl0dknlL for <>; Sat, 15 Jul 2017 09:39:10 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 575E8124D37 for <>; Sat, 15 Jul 2017 09:39:09 -0700 (PDT)
Received: from (ZixVPM []) by (Proprietary) with SMTP id 57DCA1C191B for <>; Sat, 15 Jul 2017 11:39:09 -0500 (CDT)
Received: from (unknown []) by (Proprietary) with SMTP id 4E50D1C1905; Sat, 15 Jul 2017 11:39:08 -0500 (CDT)
Received: from (unknown []) by IMSVA (Postfix) with ESMTP id ECF2EFE054; Sat, 15 Jul 2017 12:39:07 -0400 (EDT)
Received: from (unknown []) by IMSVA (Postfix) with ESMTP id A9E67FE055; Sat, 15 Jul 2017 12:39:07 -0400 (EDT)
Received: from (unknown []) by (Postfix) with ESMTPS; Sat, 15 Jul 2017 12:39:07 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1-bcbsm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=XS0zFYhUOxUU6fsj44vJvWDlb8rXSof1mGRx7XcTKVM=; b=4ycCgIc9LeCJhzhA07T+JbnPMPwQ3amEUISbnrkKyYevVVQ5W+1/y5StbHqYUBQ9BpTltWWayYHGCh89jEpKjltg3z6O+b1gtJekLSczomTcfvwHCEq52+GM4KVgAOFR84+Ic9Mx4COUdxpt6vIvHOCd17HmDlBpyysJaniVirU=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1240.13; Sat, 15 Jul 2017 16:39:05 +0000
Received: from ([]) by ([]) with mapi id 15.01.1240.022; Sat, 15 Jul 2017 16:39:05 +0000
From: "Ackermann, Michael" <>
To: Ted Lemon <>
CC: "Dobbins, Roland" <>, IETF TLS <>, "Matthew Green" <>
Thread-Topic: [TLS] draft-green-tls-static-dh-in-tls13-01
Date: Sat, 15 Jul 2017 16:39:04 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results:; dkim=none (message not signed) header.d=none;; dmarc=none action=none;
x-originating-ip: [2602:304:ce75:4b0:1414:401b:871e:f658]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR14MB1367; 20:4DzE/qV5NHCIMbn8kP4q44xtHCEe9WpBXM9y2TgMJDTkuLC1CXDsfxG2VfEULNGCnrayvsLAY6YRZLb8IgnvNxS21h1hzZqklVVXuesCLlVJexSI1wU2xngIPtBG8RRbrRBBieLC3NUtrovNLb1qPbtRzsj0e0LTcK5/teJZkcs=
x-ms-office365-filtering-correlation-id: 0f3ba92a-c211-4056-cf47-08d4cba001c1
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:CY4PR14MB1367;
x-ms-traffictypediagnostic: CY4PR14MB1367:
x-exchange-antispam-report-test: UriScan:(151999592597050)(125551606395959)(72170088055959)(26388249023172)(236129657087228)(48057245064654)(148574349560750)(21748063052155)(86572411397741)(209349559609743);
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(2017060910075)(5005006)(8121501046)(3002001)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(6041248)(20161123564025)(20161123562025)(20161123560025)(20161123555025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR14MB1367; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR14MB1367;
x-forefront-prvs: 0369E8196C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39450400003)(39830400002)(39410400002)(39400400002)(377454003)(24454002)(76104003)(43784003)(345774005)(99286003)(7736002)(2906002)(2900100001)(38730400002)(93886004)(110136004)(6436002)(39060400002)(236005)(9686003)(55016002)(6306002)(54896002)(54906002)(2950100002)(6916009)(6246003)(229853002)(80792005)(72206003)(19609705001)(8676002)(81166006)(50986999)(53546010)(76176999)(14454004)(478600001)(54356999)(8936002)(6116002)(790700001)(102836003)(189998001)(86362001)(5660300001)(3660700001)(77096006)(3280700002)(33656002)(4326008)(6506006)(230783001)(53936002)(25786009)(7696004)(74316002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR14MB1367;; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR14MB1368A2ED677C83E02D10432ED7A20CY4PR14MB1368namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jul 2017 16:39:04.8892 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 6f56d3fa-5682-4261-b169-bc0d615da17c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR14MB1367
X-VPM-GROUP-ID: 48ba760d-b317-4782-9ae7-4bf190bedf41
X-VPM-MSG-ID: b2568042-fcf6-4856-aa9a-f211cbbeb72b
Archived-At: <>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 15 Jul 2017 16:39:13 -0000

Thank you for your response which appears to be an objective attempt to

  1.  Understand what some of our issues are.
  2.  Try to suggest optimal solutions.   Both long and short term.

This type of positive/constructive attitude has been missing from the majority of the List exchanges on this topic.    I have found that frustrating.

I think the Enterprises involved want to find the best solutions possible and doing this proactively through IETF,  in as much a Standards based fashion as possible,  seems much better to us than waiting several years and then reacting with custom solutions,  as has occurred in the past.     I believe this is why Enterprises are making an attempt to work with IETF.      I hope the IETF wants this as well.

I have several responses to your suggestions below.   But rather than take up more list time and attempt to describe in writing some of the issues, I believe there would be with a couple of your suggestions,    I think it might be swifter and clearer to have you speak live (and draw pictures, etc.   ☺),  with a couple of the EDCO people.    I would gladly be one of these.

Just so you know where I personally come from.   I am a SPLUNK admin,  so I am a big Endpoint advocate.    However,  I know from this experience that Endpoint will NOT get us all that we need.      Hence my interest in this very important topic.

Please let me know what you think.

Thanks again


From: Ted Lemon []
Sent: Saturday, July 15, 2017 12:19 PM
To: Ackermann, Michael <>
Cc: Dobbins, Roland <>et>; IETF TLS <>rg>; Matthew Green <>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01

On Sat, Jul 15, 2017 at 5:36 PM, Ackermann, Michael <<>> wrote:
Your first sentence illustrates the disconnect between the Enterprise perspective and what many at IETF are saying.
That being the unencrypted stream is available to the endpoints.   IT IS NOT.     When you run a packet trace at the endpoint,  you will see encrypted payloads and will need the keys to decrypt.
So you can collect packet trace information at thousands or nodes,  or you can collect packet traces from network taps.   You still need the keys to derive meaningful diagnostic and monitoring information.

I agree that we have illustrated the disconnect here, in some sense.   However, from my perspective, what I see is that there is a problem: you need to be able to look inside the stream.   I think we agree that this is the problem.

There is a further problem: you have a set of tools that solves this problem in a particular way, and for the moment, you are stuck with those tools.   This is where I think the disconnect starts.   I am not disagreeing with you that, for the moment, you are stuck with these tools.m   But, I am disagreeing with you on the conclusion that this situation leads to.

To me, it leads to the conclusion that you need two things.   First, you need a plan for how to survive the situation you're stuck in right now.   Second, you need a plan for how you're going to approach this when next you upgrade your infrastructure.  If I were in your position, my plan for the first part would be to use TLS 1.2.   You already have what you want, and you control the endpoints.   If it ain't broke, why fix it?

What I think is urgent, though, is that you be planning for how you're going to handle this going forward.   There are a number of ways of doing it.   One way would be to keep an appropriately-scaled log of keys.  If you just need to look at active streams, it would be a rolling log, and your snooping device would, when asked to snoop a stream, get the key.   This is an improvement over TLS 1.2, because it increases accountability: you have to ask for a key to decrypt a particular conversation, so it is known that you decrypted that conversation.   Of course, if you are decrypting _every_ conversation, that's not so great.   Of course, key exfiltration is an attack surface, but so is the static key.   Better get that right.

The other thing you can do is to do proper tooling on your servers, so that you can access the raw stream.   This would require different tooling than you have now, but there's no technical barrier to doing it.

Now, it's possible that either of these solutions would be less secure than using a static key.   But I don't hear you arguing that.   You're still back on tactics: how do I do what I need to do with the tools I have.   The answer is, use TLS 1.2 until you upgrade.   Put the time in to shave off all the attack surfaces from your TLS 1.2 installations that TLS 1.3 shaves off--disable the deprecated algorithms, for example.  It's your site, you control the endpoints, this shouldn't be a problem.   But basically, just keep doing what you are doing for now.

Maybe this is a naive suggestion on my part, but what I haven't been hearing in this discussion is serious consideration of the tactical problem and the strategic problem.   What I've been hearing is "forget about strategy, we want tactics."

The information contained in this communication is highly confidential and is intended solely for the use of the individual(s) to whom this communication is directed. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. Please notify the sender, by electronic mail or telephone, of any unintended receipt and delete the original message without making any copies.
 Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association.