Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Sun, 22 October 2017 21:15 UTC

Return-Path: <prvs=14681568e5=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34DE913B56F for <tls@ietfa.amsl.com>; Sun, 22 Oct 2017 14:15:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zQjIOkCdOTSu for <tls@ietfa.amsl.com>; Sun, 22 Oct 2017 14:15:47 -0700 (PDT)
Received: from llmx2.ll.mit.edu (LLMX2.LL.MIT.EDU [129.55.12.48]) by ietfa.amsl.com (Postfix) with ESMTP id 348A813B56E for <tls@ietf.org>; Sun, 22 Oct 2017 14:15:46 -0700 (PDT)
Received: from LLE2K10-HUB02.mitll.ad.local (LLE2K10-HUB02.mitll.ad.local) by llmx2.ll.mit.edu (unknown) with ESMTP id v9MLFjXR028516; Sun, 22 Oct 2017 17:15:45 -0400
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Steve Fenter <steven.fenter58@gmail.com>
CC: "Salz, Rich" <rsalz@akamai.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00
Thread-Index: AQHTO713gKFaj/ze3UaJfDxWNuaqP6LqPDwAgAFTKoCAAAWQgIAAANiAgAABFgCAAAA7gIAAAPWAgAADKICAAALZAIAABTaAgAACs4CAAAEIAIAABEYAgAAZuoCAAAV4gIAAVLoAgAD/VwCAACX8gIAABAIAgAAHdgCAAASKgIADZUkAgAAHkgA=
Date: Sun, 22 Oct 2017 21:15:43 +0000
Message-ID: <159BA7CB-06B7-4632-90C8-814492067219@ll.mit.edu>
References: <7E6C8F1F-D341-456B-9A48-79FA7FEC0BC1@gmail.com> <a599d6ad-54db-e525-17d6-6ea882880021@akamai.com> <71e75d23f4544735a9731c4ec3dc7048@venafi.com> <3D2E3E26-B2B9-4B04-9704-0BBEE2E2A8F7@akamai.com> <000501d348e5$1f273450$5d759cf0$@equio.com> <70837127-37AB-4132-9535-4A0EB072BA41@akamai.com> <e8417cc424fe4bf3b240416dfffd807a@venafi.com> <B11A4F30-2F87-4310-A2F0-397582E78E1D@akamai.com> <fd12a8a8c29e4c7f9e9192e1a1d972d6@venafi.com> <D2CAAA44-339E-4B41-BCE0-865C76B50E2F@akamai.com> <d76828f02fc34287a961eba21901247b@venafi.com> <56687FEC-508F-4457-83CC-7C379387240D@akamai.com> <c1c0d010293c449481f8751c3b85d6ae@venafi.com> <4167392E-07FB-46D5-9FBC-4773881BFD2C@akamai.com> <3d5a0c1aab3e4ceb85ff631f8365618f@venafi.com> <E84889BB-08B3-4A3A-AE3A-687874B16440@akamai.com> <CAPBBiVQvtQbD4j3ofpCmG63MEyRWF15VL90NOTjeNqUOiyo6xg@mail.gmail.com> <9013424B-4F6D-4185-9BFD-EC454FF80F22@akamai.com> <CY4PR14MB1368CBA562220D9A3604F0FFD7430@CY4PR14MB1368.namprd14.prod.outlook.com> <2741e833-c0d1-33ca-0ad3-b71122220bc5@cs.tcd.ie> <CY4PR14MB136835A3306DEEFCA89D3C2DD7430@CY4PR14MB1368.namprd14.prod.outlook.com> <31F5A73E-F37E-40D8-AA7D-8BB861692FED@akamai.com> <13592ABB-BA71-4DF9-BEE4-1E0C3ED50598@gmail.com>
In-Reply-To: <13592ABB-BA71-4DF9-BEE4-1E0C3ED50598@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Content-Type: multipart/signed; boundary="Apple-Mail-5520275E-E01E-4178-9920-492BDD3349F9"; protocol="application/pkcs7-signature"; micalg=sha1
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-10-22_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1710220309
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Gl-bzzCjPFoN8Q4uz7MR21HXcFQ>
Subject: Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Oct 2017 21:15:49 -0000

First they have to go through this vulnerability search dance with TLS-1.1 and achieve a reasonably complete move to TLS-1.2.

Regards,
Uri

Sent from my iPhone

> On Oct 22, 2017, at 16:49, Steve Fenter <steven.fenter58@gmail.com>; wrote:
> 
> The main problem with not addressing the TLS visibility issue now is that no one knows when a vulnerability will be discovered in TLS 1.2 that forces enterprises to upgrade to TLS 1.3. We've had guarantees that TLS 1.2 and the RSA key exchange are going to be fine for 5 to 10 years, but nobody knows that, particularly in today's security environment. I've also learned that getting a solution in place through the IETF is a multi-year process, and then vendor adoption time has to be added on top of that.  Enterprises don't want to be caught in a position where a vulnerability is forcing us to upgrade, and we are starting at ground zero on a multi-year process to restore TLS visibility. We have to get out in front of this problem so we're not caught unprepared.
> 
> Sent from my iPad
> 
>> On Oct 20, 2017, at 11:57 AM, "Salz, Rich" <rsalz@akamai.com>; wrote:
>> 
>> 
>> 
>>   So it sounds like we are in agreement that continuing to use TLS 1.2 is not a viable long term  alternative.  
>> 
>> 
>> Long-term is a subjective term, and using it can lead to misunderstandings.
>> 
>> Based on current and previous actions around SSL and TLS versions, you can use TLS 1.2 for at least five, likely at least 10, years.
>> 
>> 
>> 
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls