Re: [TLS] TLS Impact on Network Security draft updated
Mark O <Mark.O@ncsc.gov.uk> Tue, 23 July 2019 20:27 UTC
Return-Path: <Mark.O@ncsc.gov.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18551120950 for <tls@ietfa.amsl.com>; Tue, 23 Jul 2019 13:27:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ncsc.gov.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mwFdIEOylK9d for <tls@ietfa.amsl.com>; Tue, 23 Jul 2019 13:27:49 -0700 (PDT)
Received: from GBR01-CWL-obe.outbound.protection.outlook.com (mail-eopbgr110137.outbound.protection.outlook.com [40.107.11.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95BBA1203C2 for <tls@ietf.org>; Tue, 23 Jul 2019 13:27:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RAQz5U7+aURWAPyZaTsibCWh78J32+aaQUaW76XgCHmHFjglWP1QfD+tBnD86uIqtWS5nvZGbLYjdo/ARLkxZE2uAhnMckMI3drUvsApFMWOkKLiZwaNkO4WOdusuZQug1b+R3Dofr94+49NcMdXDjPDk/94JTpDo4FTfPmSZHc5lHLRPXQJCOPOYxrTWKXqoeBJMyZQRdHLBajTnc0it9/gckK/dUd3m/KovRALzl1v7dOUrj0vPPsrQnglPyDo3y0smnVPN/CY1ypOhkGx6QHy32MSn/w5WU6ggZL8VfnBYB9uIFu7weEkp8zHvHGMsOxxCw/rZLmR0vCHSjEKMA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CdI4hfxYqBtHj10QTANto19cmYm2dSQc+jexa6gHiKE=; b=TpIOWHnuU2ryivtumcDFINCklonADWPd1DP2k7cC6TJoGdSO2OktPM9ap68vySzeg5CgNqpzoqU9UtF4y8+AYATBwcNXTH4DHPYwlpPZXK/jIFE66nQhLV8WyJxRGYu2dd7eh2pTD2bewNgju0zbGvg/7FDrqlAc42TOYstdhIw8VFYAPbxdX6hh1rpTC6/cXUuJmoPLVv5jx6Ii3NoW4clgyUFej7G8QvmIT+w3i2YUFlmHxaVXo/LWPC6Bvf4IFe6a6uWdToryR/kczpE58H1bum3b4g0g/H2R1s5ClECQPK6et/Z02hX+wtJY0qacjp1Xrn26MahNSM4Lv5rxcQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=ncsc.gov.uk;dmarc=pass action=none header.from=ncsc.gov.uk;dkim=pass header.d=ncsc.gov.uk;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ncsc.gov.uk; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CdI4hfxYqBtHj10QTANto19cmYm2dSQc+jexa6gHiKE=; b=MmAqfOrAFNsAq959cYbtXiqxjhrgxznvZE5GqfD1BKjxZQ66uLDI3ssUpkJLWs0MLzx2Ww5CmeP4DVfukZBwoIfqItHy4pPmIwuSr+CNFYQOtavEt5njErxdr93a/u86v2ceVA3bnQTwRCyUryTADD0s8j7vPoKycWVfxgga16w=
Received: from LNXP123MB2570.GBRP123.PROD.OUTLOOK.COM (20.176.159.147) by LNXP123MB2252.GBRP123.PROD.OUTLOOK.COM (20.179.128.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Tue, 23 Jul 2019 20:27:46 +0000
Received: from LNXP123MB2570.GBRP123.PROD.OUTLOOK.COM ([fe80::36:e9a5:cb51:4859]) by LNXP123MB2570.GBRP123.PROD.OUTLOOK.COM ([fe80::36:e9a5:cb51:4859%5]) with mapi id 15.20.2094.013; Tue, 23 Jul 2019 20:27:46 +0000
From: Mark O <Mark.O@ncsc.gov.uk>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: Re: [TLS] TLS Impact on Network Security draft updated
Thread-Index: AdVBlEsEpQQ4zuheRNyyIiMVYmF2vA==
Date: Tue, 23 Jul 2019 20:27:46 +0000
Message-ID: <LNXP123MB2570E01BA9FFF9412F565800D3C70@LNXP123MB2570.GBRP123.PROD.OUTLOOK.COM>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Mark.O@ncsc.gov.uk;
x-originating-ip: [51.141.26.231]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: aaf8a0db-054a-47bb-f0f7-08d70fac3939
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:LNXP123MB2252;
x-ms-traffictypediagnostic: LNXP123MB2252:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <LNXP123MB225212511D0DF4CEF3908304D3C70@LNXP123MB2252.GBRP123.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0107098B6C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(396003)(39850400004)(136003)(346002)(376002)(199004)(189003)(54164003)(476003)(86362001)(2420400007)(6436002)(66066001)(8936002)(14454004)(2906002)(790700001)(66446008)(64756008)(2351001)(6116002)(5640700003)(3846002)(66556008)(66476007)(76116006)(66946007)(1730700003)(256004)(52536014)(26005)(15650500001)(486006)(606006)(81156014)(81166006)(316002)(5660300002)(14444005)(966005)(71200400001)(25786009)(71190400001)(53936002)(2501003)(74316002)(33656002)(8676002)(99286004)(102836004)(55236004)(7110500001)(186003)(53546011)(68736007)(7736002)(54896002)(6306002)(55016002)(7696005)(229853002)(6916009)(236005)(478600001)(6246003)(6506007)(9686003); DIR:OUT; SFP:1102; SCL:1; SRVR:LNXP123MB2252; H:LNXP123MB2570.GBRP123.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ncsc.gov.uk does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: KfNTV3Br/qYo2AwPs+xwSVlPK+NnmztZNA9Xa/U13kami+yf5TUWqguazdqf/l4jJf8hCx067QQHck6O2kdrHfoMfH2qBGbLyCHS7xh6gi2XGFJQfSdtDyNCR9Q/845hf4aGQpS6e+Hld5bCykmbxKoGKG73mGCN+n13fAO3kuRJFFsqgIsZ09lGjLkIzpTLKLXHgRzRMJ9tfw56ioJ2KiW8lG/41xNoxx0z4MoKooDZppHd5Jfw1NTNkJFWCP7tEgYpUTsWxlnKHz64eNPGFz2ZF4Nef4f4Fr3V3RZpWda0i3NVQ0G/KMH/O2FDPJGXeIs9Po8ZP1rTQOCyERZHKBLx4YoRQbD3YZnqP/HYfjPRj+AUt/rDOkzZWQQGiwCGFZNJaT9mtQpztxADUiNDdBH+zp5DkeY1us38wM/MUpg=
Content-Type: multipart/alternative; boundary="_000_LNXP123MB2570E01BA9FFF9412F565800D3C70LNXP123MB2570GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: ncsc.gov.uk
X-MS-Exchange-CrossTenant-Network-Message-Id: aaf8a0db-054a-47bb-f0f7-08d70fac3939
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jul 2019 20:27:46.3995 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 14aa5744-ece1-474e-a2d7-34f46dda64a1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Mark38706@ncsc.gov.uk
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LNXP123MB2252
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/T0Oe-80sTAYR-eH5zFmKXEN4h_0>
Subject: Re: [TLS] TLS Impact on Network Security draft updated
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 20:27:51 -0000
I don’t have a preference for whether this draft should become a working group item, or become an AD-sponsored or individual submission, but in any case it contains important additions to the security considerations of RFC 8446. The use-cases it details are real-life scenarios where the introduction of TLS 1.3 in place of 1.2 has an impact on the security of systems (according to the threat model outlined in RFC 3552 and the additional non-ComSec threats that have been identified subsequent to the publication of RFC 3552); therefore they should be accurately and publicly recorded. -- Mark On Sun, Jul 21, 2019 at 6:51 AM Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com><mailto:ncamwing@cisco.com%3e>; wrote: > Hi, > > Thanks to all the feedback provided, we have updated the > https://tools.ietf.org/html/draft-camwinget-tls-use-cases-04 > > draft. At this point, we believe the draft is stable and would like to > request its publication as an informational draft. > > > > Warm regards, > > Nancy > > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org<mailto:TLS@ietf.org> > https://www.ietf.org/mailman/listinfo/tls This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk. All material is UK Crown Copyright ©
- [TLS] TLS Impact on Network Security draft updated Nancy Cam-Winget (ncamwing)
- Re: [TLS] TLS Impact on Network Security draft up… Eric Rescorla
- Re: [TLS] TLS Impact on Network Security draft up… Bret Jordan
- Re: [TLS] TLS Impact on Network Security draft up… Watson Ladd
- Re: [TLS] TLS Impact on Network Security draft up… Tony Arcieri
- Re: [TLS] TLS Impact on Network Security draft up… Viktor Dukhovni
- Re: [TLS] TLS Impact on Network Security draft up… Mark O
- Re: [TLS] TLS Impact on Network Security draft up… Ackermann, Michael
- Re: [TLS] TLS Impact on Network Security draft up… Flemming Andreasen
- Re: [TLS] TLS Impact on Network Security draft up… Sean Turner
- Re: [TLS] TLS Impact on Network Security draft up… Flemming Andreasen
- Re: [TLS] TLS Impact on Network Security draft up… Flemming Andreasen
- Re: [TLS] TLS Impact on Network Security draft up… Salz, Rich
- Re: [TLS] TLS Impact on Network Security draft up… Watson Ladd
- Re: [TLS] TLS Impact on Network Security draft up… Bret Jordan
- Re: [TLS] TLS Impact on Network Security draft up… Arnaud.Taddei.IETF
- Re: [TLS] TLS Impact on Network Security draft up… Ackermann, Michael
- Re: [TLS] TLS Impact on Network Security draft up… Dennis Jackson
- Re: [TLS] TLS Impact on Network Security draft up… Eric Rescorla
- Re: [TLS] TLS Impact on Network Security draft up… Filippo Valsorda
- Re: [TLS] TLS Impact on Network Security draft up… Bret Jordan
- Re: [TLS] TLS Impact on Network Security draft up… Watson Ladd
- Re: [TLS] TLS Impact on Network Security draft up… Dennis Jackson
- Re: [TLS] TLS Impact on Network Security draft up… Bret Jordan
- Re: [TLS] TLS Impact on Network Security draft up… Salz, Rich
- Re: [TLS] TLS Impact on Network Security draft up… Benjamin Kaduk
- Re: [TLS] TLS Impact on Network Security draft up… Ackermann, Michael
- Re: [TLS] TLS Impact on Network Security draft up… Watson Ladd
- Re: [TLS] TLS Impact on Network Security draft up… Dennis Jackson
- Re: [TLS] TLS Impact on Network Security draft up… Joseph Birr-Pixton
- Re: [TLS] TLS Impact on Network Security draft up… Benjamin Kaduk
- Re: [TLS] TLS Impact on Network Security draft up… Hubert Kario
- Re: [TLS] TLS Impact on Network Security draft up… Salz, Rich
- Re: [TLS] TLS Impact on Network Security draft up… Stephen Farrell
- [TLS] redirecting discussion (was Re: TLS Impact … Sean Turner
- Re: [TLS] TLS Impact on Network Security draft up… N6Ghost