Re: [TLS] draft-green-tls-static-dh-in-tls13-01

"Ackermann, Michael" <> Sun, 16 July 2017 10:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DF0DC12EBF9 for <>; Sun, 16 Jul 2017 03:38:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.092
X-Spam-Status: No, score=-4.092 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)"
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5Fej4jQ1_ZJ1 for <>; Sun, 16 Jul 2017 03:38:04 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 02EAB129B62 for <>; Sun, 16 Jul 2017 03:38:03 -0700 (PDT)
Received: from (ZixVPM []) by (Proprietary) with SMTP id 214DB1C1886 for <>; Sun, 16 Jul 2017 05:38:03 -0500 (CDT)
Received: from (unknown []) by (Proprietary) with SMTP id D9B051C183A; Sun, 16 Jul 2017 05:38:01 -0500 (CDT)
Received: from (unknown []) by IMSVA (Postfix) with ESMTP id A535B92057; Sun, 16 Jul 2017 06:38:01 -0400 (EDT)
Received: from (unknown []) by IMSVA (Postfix) with ESMTP id 8023192053; Sun, 16 Jul 2017 06:38:01 -0400 (EDT)
Received: from (unknown []) by (Postfix) with ESMTPS; Sun, 16 Jul 2017 06:38:01 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1-bcbsm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=sA++iKV5mXjC6hgCVRuDK+IPnO3p8jfQFIcdB9Yc+G8=; b=7Xa0YLAanJ9QyjXi6jfJIQMIfN/lNYZbahfCZIIhtLj9YLKrNxb+ZT+7Z7w3EMppF9DYyOuEH9TBe77jgdOkWbTx90fe8FIj2jPiDkSGYFcwZ57+pHsePExdPh9kMzI2hqxotPI2DbdXlpbsjv7m76FzzFaaM2AlQh3FsOWp+HA=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1240.13; Sun, 16 Jul 2017 10:38:00 +0000
Received: from ([]) by ([]) with mapi id 15.01.1240.023; Sun, 16 Jul 2017 10:37:59 +0000
From: "Ackermann, Michael" <>
To: Stephen Farrell <>, =?iso-8859-1?Q?Colm_MacC=E1rthaigh?= <>, "Salz, Rich" <>
CC: "" <>, Matthew Green <>
Thread-Topic: [TLS] draft-green-tls-static-dh-in-tls13-01
Date: Sun, 16 Jul 2017 10:37:59 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results:; dkim=none (message not signed) header.d=none;; dmarc=none action=none;
x-originating-ip: []
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR14MB1366; 20:R0IbPxxUv9QL7EjnqX+MbdxT2OxYesmPI08kVILbnIin9YtbMnfQI5obQrqMQo/+sLKZYPMVyCPkDN+LJwI5+81kAfCBs0PypcJob9TOqlErTDcajWI9vP1Wamp7RSgGebOs8ZXRBEZRXsAzvM4XdyXEOZgIahji09yLej/BdeU=
x-ms-office365-filtering-correlation-id: 878f6f74-596d-4ab9-2fac-08d4cc36baaf
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:CY4PR14MB1366;
x-ms-traffictypediagnostic: CY4PR14MB1366:
x-exchange-antispam-report-test: UriScan:(236129657087228)(247924648384137);
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(2017060910075)(5005006)(8121501046)(10201501046)(3002001)(100000703101)(100105400095)(93006095)(93001095)(6041248)(20161123558100)(20161123560025)(20161123555025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR14MB1366; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR14MB1366;
x-forefront-prvs: 03706074BC
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39450400003)(39400400002)(39830400002)(39410400002)(13464003)(377454003)(24454002)(54906002)(55016002)(99286003)(9686003)(102836003)(6116002)(4326008)(3846002)(50986999)(54356999)(25786009)(39060400002)(38730400002)(6246003)(230783001)(93886004)(189998001)(66066001)(53936002)(76176999)(6436002)(7736002)(2950100002)(33656002)(2900100001)(7696004)(3280700002)(6506006)(3660700001)(77096006)(229853002)(478600001)(8936002)(74316002)(86362001)(5660300001)(53546010)(14454004)(81166006)(8676002)(72206003)(80792005)(305945005)(2906002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR14MB1366;; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jul 2017 10:37:59.7104 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 6f56d3fa-5682-4261-b169-bc0d615da17c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR14MB1366
X-VPM-GROUP-ID: 9744a140-ae6c-42ce-90e1-230ca6b71d64
X-VPM-MSG-ID: 260a293e-2c2a-43d7-87a5-d30869ca3b27
Archived-At: <>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 16 Jul 2017 10:38:06 -0000

It seems that us Enterprise folks have not been clear.  
Every Enterprise I know has invested HEAVILY in infrastructures that tap, transport and process terabytes of packet trace or .pcap data every day.      
This is huge and omnipresent in all large Enterprise environments.  
AND IT WORKS!   For a number of critical functions.  

The above is why Enterprises are interested in this issue and this Draft.  

I hope this is clear? 

-----Original Message-----
From: TLS [] On Behalf Of Stephen Farrell
Sent: Saturday, July 15, 2017 8:39 PM
To: Colm MacCárthaigh <>et>; Salz, Rich <>
Cc:; Matthew Green <>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01

On 15/07/17 23:55, Colm MacCárthaigh wrote:
> So far responses on the mailing list have been saying "Don't use pcap, 
> instead run proxies".
Sorry, but that is incorrect. Some list participants have said "we need pcap" and others have said that "no, we do not need to use packet capture." And others, myself included, consider that there is dearth of evidence.

The only reason to point that out is that it's one amongst a pile of statements from the proponents of drafgreen, that make assumptions that are pretty clearly counter-factual.


The information contained in this communication is highly confidential and is intended solely for the use of the individual(s) to whom this communication is directed. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. Please notify the sender, by electronic mail or telephone, of any unintended receipt and delete the original message without making any copies.
 Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association.