Re: [TLS] datacenter TLS decryption as a three-party protocol

Kyle Rose <krose@krose.org> Wed, 19 July 2017 14:12 UTC

Return-Path: <krose@krose.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 245A7131CFA for <tls@ietfa.amsl.com>; Wed, 19 Jul 2017 07:12:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.739
X-Spam-Level:
X-Spam-Status: No, score=-1.739 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=krose.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zfj7MIuqf3b7 for <tls@ietfa.amsl.com>; Wed, 19 Jul 2017 07:12:20 -0700 (PDT)
Received: from mail-qt0-x22d.google.com (mail-qt0-x22d.google.com [IPv6:2607:f8b0:400d:c0d::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 697EB131C93 for <tls@ietf.org>; Wed, 19 Jul 2017 07:12:20 -0700 (PDT)
Received: by mail-qt0-x22d.google.com with SMTP id m7so2393018qtm.4 for <tls@ietf.org>; Wed, 19 Jul 2017 07:12:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=eD+HU8pAlm7uKzo2QLirD6nQURvGPXE5xIz47nb9xi8=; b=MwA8e6Qt1T3MOlwD2jwYz6qvLDJk/LMdLywWgQShsgz6lFnOZx/xVscDzKwfpq/CZu wLZldm8n9Y8G3X3IiogA2GgXnbGSXV7Y05TsUaCqfeyT/tPhJhRRoPy93OVXcvY0kpyT 81myX4SjSuff8tixT+e66dauj2XfG7TEkPmKc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=eD+HU8pAlm7uKzo2QLirD6nQURvGPXE5xIz47nb9xi8=; b=e8/kCOvVu0kguk44Ccsut8TM0r6gFJxW4mDMpJA+gNqgbh+Bz9s00xjjK8YtcPSZiq eevDvdMT3IrUnW6EKPD5FXS3RMaH4ockn0KR3Rly3HkPm0oHJATLzduOadxvPlwAkWHc SzepBA4+irQO/TFgHaNPwjrt8tqBbKXsqcC/v8yK8+RIaR8y6LuD3YhbgJcNYxGLt8mA ffb3e+DERgHJAxRweCHTChxJaE74kUI7CsaLzsxquGFsCbRFLt4wKVhd9d/XeoSPlbsL zm+Ki5jv+oMe9kuQCls3nq+zow0xGK5ktUa9ER7veZao95m+u5zcPyaFFOE0DaYKSW4j 2X2A==
X-Gm-Message-State: AIVw113JEyM3FaD+1GFKq+MQ4zkXHYD+r+ersEIxXUmgAoNIkvaBS9M3 0Wp1b85OfjFqgaGiQv1zj2/Vp+IimvNa
X-Received: by 10.233.216.1 with SMTP id u1mr333561qkf.10.1500473539302; Wed, 19 Jul 2017 07:12:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.55.128.194 with HTTP; Wed, 19 Jul 2017 07:12:18 -0700 (PDT)
X-Originating-IP: [2001:67c:1232:144:dcb8:7855:d332:9475]
In-Reply-To: <CAPt1N1=FDGmAt2=Apyq++gF20BGV1GRyN9NMuGxjZOPGDU_MRQ@mail.gmail.com>
References: <81de2a21-610e-c2b3-d3ff-2fc598170369@akamai.com> <CAPt1N1mwYyTJVP1AyW0Zu3WBS6SCePAuR97-NQByTQh5Sg6eTA@mail.gmail.com> <CAJU8_nVfKi7iAFxTvVgYVd8G3V-mqMxMXE-03QoXxLSzMcmoHg@mail.gmail.com> <CAPt1N1=FDGmAt2=Apyq++gF20BGV1GRyN9NMuGxjZOPGDU_MRQ@mail.gmail.com>
From: Kyle Rose <krose@krose.org>
Date: Wed, 19 Jul 2017 16:12:18 +0200
Message-ID: <CAJU8_nUdkvE4OOKgfQcCUq8j-VaSL-CTjFU8aWrjmBjvxojCbw@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Cc: Benjamin Kaduk <bkaduk@akamai.com>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c043d4e4e240d0554ac38f4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/GxkM8WpX09j5UnL5VXXR2v66sM8>
Subject: Re: [TLS] datacenter TLS decryption as a three-party protocol
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jul 2017 14:12:22 -0000

On Wed, Jul 19, 2017 at 4:02 PM, Ted Lemon <mellon@fugue.com> wrote:

> Bear in mind that what we (or at least I) want out of not publishing a
> spec is that this technology not be present by default in TLS
> implementations.   If someone wants to maintain a set of patches, there's
> not much we can do about it, and I don't honestly care *because* there
> isn't much that we can do about it.   What I do not want to see is *the
> IETF* recommending this solution.
>
> It would be very nice if the people who are hot on a solution to this
> problem were willing to do the work to do the three-way protocol.   But the
> purpose of pointing out that that is the right solution is to say "if you
> want to solve this problem in the IETF, here is what we could do that might
> get IETF consensus."
>

Agreed. <req:newsletter-subscribe />