Re: [TLS] TLS Impact on Network Security draft updated

Mark O <Mark.O@ncsc.gov.uk> Tue, 23 July 2019 20:27 UTC

Return-Path: <Mark.O@ncsc.gov.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18551120950 for <tls@ietfa.amsl.com>; Tue, 23 Jul 2019 13:27:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ncsc.gov.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mwFdIEOylK9d for <tls@ietfa.amsl.com>; Tue, 23 Jul 2019 13:27:49 -0700 (PDT)
Received: from GBR01-CWL-obe.outbound.protection.outlook.com (mail-eopbgr110137.outbound.protection.outlook.com [40.107.11.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95BBA1203C2 for <tls@ietf.org>; Tue, 23 Jul 2019 13:27:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RAQz5U7+aURWAPyZaTsibCWh78J32+aaQUaW76XgCHmHFjglWP1QfD+tBnD86uIqtWS5nvZGbLYjdo/ARLkxZE2uAhnMckMI3drUvsApFMWOkKLiZwaNkO4WOdusuZQug1b+R3Dofr94+49NcMdXDjPDk/94JTpDo4FTfPmSZHc5lHLRPXQJCOPOYxrTWKXqoeBJMyZQRdHLBajTnc0it9/gckK/dUd3m/KovRALzl1v7dOUrj0vPPsrQnglPyDo3y0smnVPN/CY1ypOhkGx6QHy32MSn/w5WU6ggZL8VfnBYB9uIFu7weEkp8zHvHGMsOxxCw/rZLmR0vCHSjEKMA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CdI4hfxYqBtHj10QTANto19cmYm2dSQc+jexa6gHiKE=; b=TpIOWHnuU2ryivtumcDFINCklonADWPd1DP2k7cC6TJoGdSO2OktPM9ap68vySzeg5CgNqpzoqU9UtF4y8+AYATBwcNXTH4DHPYwlpPZXK/jIFE66nQhLV8WyJxRGYu2dd7eh2pTD2bewNgju0zbGvg/7FDrqlAc42TOYstdhIw8VFYAPbxdX6hh1rpTC6/cXUuJmoPLVv5jx6Ii3NoW4clgyUFej7G8QvmIT+w3i2YUFlmHxaVXo/LWPC6Bvf4IFe6a6uWdToryR/kczpE58H1bum3b4g0g/H2R1s5ClECQPK6et/Z02hX+wtJY0qacjp1Xrn26MahNSM4Lv5rxcQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=ncsc.gov.uk;dmarc=pass action=none header.from=ncsc.gov.uk;dkim=pass header.d=ncsc.gov.uk;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ncsc.gov.uk; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CdI4hfxYqBtHj10QTANto19cmYm2dSQc+jexa6gHiKE=; b=MmAqfOrAFNsAq959cYbtXiqxjhrgxznvZE5GqfD1BKjxZQ66uLDI3ssUpkJLWs0MLzx2Ww5CmeP4DVfukZBwoIfqItHy4pPmIwuSr+CNFYQOtavEt5njErxdr93a/u86v2ceVA3bnQTwRCyUryTADD0s8j7vPoKycWVfxgga16w=
Received: from LNXP123MB2570.GBRP123.PROD.OUTLOOK.COM (20.176.159.147) by LNXP123MB2252.GBRP123.PROD.OUTLOOK.COM (20.179.128.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Tue, 23 Jul 2019 20:27:46 +0000
Received: from LNXP123MB2570.GBRP123.PROD.OUTLOOK.COM ([fe80::36:e9a5:cb51:4859]) by LNXP123MB2570.GBRP123.PROD.OUTLOOK.COM ([fe80::36:e9a5:cb51:4859%5]) with mapi id 15.20.2094.013; Tue, 23 Jul 2019 20:27:46 +0000
From: Mark O <Mark.O@ncsc.gov.uk>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: Re: [TLS] TLS Impact on Network Security draft updated
Thread-Index: AdVBlEsEpQQ4zuheRNyyIiMVYmF2vA==
Date: Tue, 23 Jul 2019 20:27:46 +0000
Message-ID: <LNXP123MB2570E01BA9FFF9412F565800D3C70@LNXP123MB2570.GBRP123.PROD.OUTLOOK.COM>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Mark.O@ncsc.gov.uk;
x-originating-ip: [51.141.26.231]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: aaf8a0db-054a-47bb-f0f7-08d70fac3939
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:LNXP123MB2252;
x-ms-traffictypediagnostic: LNXP123MB2252:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <LNXP123MB225212511D0DF4CEF3908304D3C70@LNXP123MB2252.GBRP123.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0107098B6C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(396003)(39850400004)(136003)(346002)(376002)(199004)(189003)(54164003)(476003)(86362001)(2420400007)(6436002)(66066001)(8936002)(14454004)(2906002)(790700001)(66446008)(64756008)(2351001)(6116002)(5640700003)(3846002)(66556008)(66476007)(76116006)(66946007)(1730700003)(256004)(52536014)(26005)(15650500001)(486006)(606006)(81156014)(81166006)(316002)(5660300002)(14444005)(966005)(71200400001)(25786009)(71190400001)(53936002)(2501003)(74316002)(33656002)(8676002)(99286004)(102836004)(55236004)(7110500001)(186003)(53546011)(68736007)(7736002)(54896002)(6306002)(55016002)(7696005)(229853002)(6916009)(236005)(478600001)(6246003)(6506007)(9686003); DIR:OUT; SFP:1102; SCL:1; SRVR:LNXP123MB2252; H:LNXP123MB2570.GBRP123.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ncsc.gov.uk does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: KfNTV3Br/qYo2AwPs+xwSVlPK+NnmztZNA9Xa/U13kami+yf5TUWqguazdqf/l4jJf8hCx067QQHck6O2kdrHfoMfH2qBGbLyCHS7xh6gi2XGFJQfSdtDyNCR9Q/845hf4aGQpS6e+Hld5bCykmbxKoGKG73mGCN+n13fAO3kuRJFFsqgIsZ09lGjLkIzpTLKLXHgRzRMJ9tfw56ioJ2KiW8lG/41xNoxx0z4MoKooDZppHd5Jfw1NTNkJFWCP7tEgYpUTsWxlnKHz64eNPGFz2ZF4Nef4f4Fr3V3RZpWda0i3NVQ0G/KMH/O2FDPJGXeIs9Po8ZP1rTQOCyERZHKBLx4YoRQbD3YZnqP/HYfjPRj+AUt/rDOkzZWQQGiwCGFZNJaT9mtQpztxADUiNDdBH+zp5DkeY1us38wM/MUpg=
Content-Type: multipart/alternative; boundary="_000_LNXP123MB2570E01BA9FFF9412F565800D3C70LNXP123MB2570GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: ncsc.gov.uk
X-MS-Exchange-CrossTenant-Network-Message-Id: aaf8a0db-054a-47bb-f0f7-08d70fac3939
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jul 2019 20:27:46.3995 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 14aa5744-ece1-474e-a2d7-34f46dda64a1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Mark38706@ncsc.gov.uk
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LNXP123MB2252
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/T0Oe-80sTAYR-eH5zFmKXEN4h_0>
Subject: Re: [TLS] TLS Impact on Network Security draft updated
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 20:27:51 -0000

I don’t have a preference for whether this draft should become a working group item, or become an AD-sponsored or individual submission​, but in any case it contains important additions to the security considerations of RFC 8446. The use-cases it details are real-life scenarios where the introduction of TLS 1.3 in place of 1.2 has an impact on the security of systems (according to the threat model outlined in RFC 3552 and the additional non-ComSec threats that have been identified subsequent to the publication of RFC 3552); therefore they should be accurately and publicly recorded.

-- Mark



On Sun, Jul 21, 2019 at 6:51 AM Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com><mailto:ncamwing@cisco.com%3e>; wrote:



> Hi,

>

> Thanks to all the feedback provided, we have updated the

> https://tools.ietf.org/html/draft-camwinget-tls-use-cases-04

>

> draft.  At this point, we believe the draft is stable and would like to

> request its publication as an informational draft.

>

>

>

> Warm regards,

>

>     Nancy

>

>

>

>

> _______________________________________________

> TLS mailing list

> TLS@ietf.org<mailto:TLS@ietf.org>

> https://www.ietf.org/mailman/listinfo/tls






This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk. All material is UK Crown Copyright ©