Re: [TLS] Rethink TLS 1.3

Peter Gutmann <> Sun, 30 November 2014 10:18 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id CCA591A0025 for <>; Sun, 30 Nov 2014 02:18:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id n9OXxzBtxKXO for <>; Sun, 30 Nov 2014 02:18:14 -0800 (PST)
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4706A1A0018 for <>; Sun, 30 Nov 2014 02:18:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=uoa; t=1417342696; x=1448878696; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=qaOsDHSLW2mbG2NwnpB7n9Bl4Gj/9xoD58+yKFsawis=; b=C+asbomM2ckqTJDrE0rJMBot20jtCXXeR3/IEw4I+tBHOn3LaQe4DkBF /cg/aOnWitUQXHoDWLdG7ZDXWN12kUg2/Vc1J4pu14Vy7PmV6eYGinNk+ cYLon1BNDZUpPEfO04pXJ2yjW4kRPdVZBb5/tjX/NI9ueNYSlEJBNTImZ 8=;
X-IronPort-AV: E=Sophos;i="5.04,630,1406548800"; d="scan'208";a="293897965"
X-Ironport-Source: - Outgoing - Outgoing
Received: from ([]) by with ESMTP/TLS/AES256-SHA; 30 Nov 2014 23:18:14 +1300
Received: from ([]) by ([]) with mapi id 14.03.0174.001; Sun, 30 Nov 2014 23:18:12 +1300
From: Peter Gutmann <>
To: "<>" <>
Thread-Topic: [TLS] Rethink TLS 1.3
Thread-Index: AdAMhvG8ymSj6ixETIW55pXOIHHnfg==
Date: Sun, 30 Nov 2014 10:18:11 +0000
Message-ID: <>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [TLS] Rethink TLS 1.3
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 30 Nov 2014 10:18:16 -0000

Nico Williams <> writes:

>That's changing the subject.  

It's not changing the subject, which as far as I was aware was "do we have a
threat model to evaluate TLS 1.3 against?".

>Where have I argued that the web security mode is great or even permitted by
>the Internet threat model.

What's the web security mode?  What's the Internet threat model (if it isn't
the Strawman Model I mentioned earlier), and why does it permit or not permit

>The web security model is... unlike anything produced by the IETF, and it
>wasn't produced by the IETF.  It's an alien as far as we're concerned here.

Given that HTTP 2.0 and to a lesser extent TLS 1.3 are being designed as if
the only thing that mattered is web browsers, they had better be useful with
or for or in the web security model, whatever that is.

What I want is a realistic, real-world threat model against which to evaluate
TLS 1.3.  Without a way to evaluate whether TLS 1.3 is fit for purpose, we're
just, to quote Linus, "a bunch of people wanking around with their opinions".