Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00

Ted Lemon <mellon@fugue.com> Mon, 23 October 2017 16:38 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78E50137E0B for <tls@ietfa.amsl.com>; Mon, 23 Oct 2017 09:38:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PdQ3J744TuyU for <tls@ietfa.amsl.com>; Mon, 23 Oct 2017 09:38:15 -0700 (PDT)
Received: from mail-qt0-x22e.google.com (mail-qt0-x22e.google.com [IPv6:2607:f8b0:400d:c0d::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19E3413955E for <tls@ietf.org>; Mon, 23 Oct 2017 09:38:15 -0700 (PDT)
Received: by mail-qt0-x22e.google.com with SMTP id d9so20134811qtd.7 for <tls@ietf.org>; Mon, 23 Oct 2017 09:38:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=R/JqccJ+hsKNoUGTs6MbmoVKLniO/RTeNr4Pa9eO0nI=; b=zwI3Px9xlI7k0yQ4IAMABqEbydEpNvplqNd0+sZZOLxJFbV8u/4neX/q5LHrmr9dtp 6b9qBbSb9wdh8DA+2NL3kzdL+voQeotmu1sAOI9Z12hMZbcTcfNDDOnFdZ31qYrsh16J 3fIpad76JanEaM/blgDAxElttkCo52U08vOq3kG/m4lbNAZTFvSZYFwrxaef25aJgWnl A0qeAgJeRtQtTIf12XR8IOypsBVVTwv+U7mN0sxY3EwKgivKqrs2G2FlN+f4IJoalg27 6+8PaFJZXG20ika0JvAhkNMoZOXrau+q62yvkY9dFW8+2FYboO6kRSInkKBJ84Yc18jL dL+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=R/JqccJ+hsKNoUGTs6MbmoVKLniO/RTeNr4Pa9eO0nI=; b=V6LnO565jSAhqv8mf9s9TqxWiTx3hAYyYSzc8lhsGnjwxtOUtT/OnuOpqvN0RdZJtG d5tAtMVFuCizS7r6yuX8QiXHP8dLTHVPGZ1BQ4EWoCJPPKuT0hBp/xkMfDyNBEQgvDXI NdtxaoUGLb3RT7Cw3lR0TYL/gSEuf/hOp3GZr40KWvc8H5gKJgVrcqWnyz2kBrhNG6Nl SWkhjqZ5UtxxzCbTJ7XtG4xf4whs8u1eC0Rkp7wexE3d+c7Xwi8mghiyI7HoTZKzy/3c z4jtGuwoKSkECPXB8LpGwzAKBLTWLFQ1dyhHjMt/TX4ft7nZpIpKsu02TSfMGx1BU4jh FYTg==
X-Gm-Message-State: AMCzsaXZIlNe1XmvUm3K7PhyIWg8FWy4+zHDDMweHsqaFDHuE/oL2KGr ZkjUUk3UNR2yV3AL3Uo0voCOJA==
X-Google-Smtp-Source: ABhQp+RV8PqKGRrh3h1iWP9BZdd8KIYkBlnxxWdXWJgqrFKr3qRswFOkiZwD6fhNIsO1LLjIG8Hs9g==
X-Received: by 10.200.40.202 with SMTP id j10mr19852731qtj.301.1508776694267; Mon, 23 Oct 2017 09:38:14 -0700 (PDT)
Received: from cavall.lan (c-24-60-163-103.hsd1.ma.comcast.net. [24.60.163.103]) by smtp.gmail.com with ESMTPSA id u123sm4932807qkd.71.2017.10.23.09.38.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Oct 2017 09:38:13 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <5BC836DD-9FDB-4C13-8916-902EDBA83A1D@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_78B25B39-B100-49E3-8357-68B9F7140CA9"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Mon, 23 Oct 2017 12:38:12 -0400
In-Reply-To: <90235494-D1CA-4ABF-9AAC-4F8252927DCB@gmail.com>
Cc: IETF TLS <tls@ietf.org>
To: Ralph Droms <rdroms.ietf@gmail.com>
References: <56687FEC-508F-4457-83CC-7C379387240D@akamai.com> <c1c0d010293c449481f8751c3b85d6ae@venafi.com> <4167392E-07FB-46D5-9FBC-4773881BFD2C@akamai.com> <3d5a0c1aab3e4ceb85ff631f8365618f@venafi.com> <E84889BB-08B3-4A3A-AE3A-687874B16440@akamai.com> <CAPBBiVQvtQbD4j3ofpCmG63MEyRWF15VL90NOTjeNqUOiyo6xg@mail.gmail.com> <9013424B-4F6D-4185-9BFD-EC454FF80F22@akamai.com> <CY4PR14MB1368CBA562220D9A3604F0FFD7430@CY4PR14MB1368.namprd14.prod.outlook.com> <2741e833-c0d1-33ca-0ad3-b71122220bc5@cs.tcd.ie> <CY4PR14MB136835A3306DEEFCA89D3C2DD7430@CY4PR14MB1368.namprd14.prod.outlook.com> <20171020182725.7gim6dg3mrl67cuh@LK-Perkele-VII> <CAHOTMVJXiQqMGPfRy=z2=3D60L08BURrOxSAgGdH8_TCO6Hr8g@mail.gmail.com> <422F0052-D5C8-48ED-ACE6-05C9C2065AF9@vigilsec.com> <3D02BAA1-D71C-4D95-99B6-BB04EF7E6E38@fugue.com> <90235494-D1CA-4ABF-9AAC-4F8252927DCB@gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/F9hlWgaGPDpXSRJbUcnXEpyI7Jg>
Subject: Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Oct 2017 16:38:16 -0000

On Oct 23, 2017, at 12:25 PM, Ralph Droms <rdroms.ietf@gmail.com>; wrote:
> Is there running code that demonstrates the IPsec+IKE can be deployed and operated at scale in the sort of environment the enterprise network tips have described to us?

Is there running code that demonstrates that draft-rhrd-tls-tls13-visibility-00 can be deployed and operated at scale?   :)

In fact, when I went looking at the state of the art for IKE/IPsec after our conversation in Prague, I was pleasantly surprised at how usable it is.   I don't know if it currently scales up as you suggest, but it certainly can in principle.   This is why I'm suggesting that resources be spent doing that, rather than in limiting the ability of TLS 1.3 to address its use case, which is a different use case.