Re: [TLS] Industry Concerns about TLS 1.3

Hannes Tschofenig <hannes.tschofenig@gmx.net> Thu, 29 September 2016 07:48 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85C8212B122 for <tls@ietfa.amsl.com>; Thu, 29 Sep 2016 00:48:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.917
X-Spam-Level:
X-Spam-Status: No, score=-4.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-2.316, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mxU2fRJThB7F for <tls@ietfa.amsl.com>; Thu, 29 Sep 2016 00:48:22 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5D2612B0DA for <tls@ietf.org>; Thu, 29 Sep 2016 00:48:21 -0700 (PDT)
Received: from [192.168.91.133] ([80.92.122.18]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0MB2G8-1bfeBq41wq-00A2CR; Thu, 29 Sep 2016 09:48:19 +0200
To: Ryan Carboni <ryacko@gmail.com>, "tls@ietf.org" <tls@ietf.org>
References: <CAO7N=i0zWKgT9OfFDxypN7gKpQJDF+2biWEu34fQFoyB3H9gzg@mail.gmail.com>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <e66dba55-5983-5cff-51b6-d6ff102e0d59@gmx.net>
Date: Thu, 29 Sep 2016 09:48:16 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <CAO7N=i0zWKgT9OfFDxypN7gKpQJDF+2biWEu34fQFoyB3H9gzg@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="LJpoeLoStaj6jLNFsIDHDsQLMhDnn7s5O"
X-Provags-ID: V03:K0:kneJ0VIjpIGNpaWNBQt3jUvdZzbWJvB1/hl41bFSri2d13xFiZr PaY0G4NgaReD8mgoBQGRas41xPopt8Eg9tEjAYEFj13AM20hDeGaHBx8MlFgZBeLuEmHcF9 B3K9BsAL+qog6q/sWmTbAR/e7NOFmJZxsFolmkAwvUqAJ7/YMf0qxClORFEAl2aHGikf2Dt vP1HeFLVLNif1+u+krAzw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:IIGC/oVxu68=:z4S8j5fEPGvY1psdxKQENL 4I/fk7hMo+2hmPIqhHZD6kF4AOG5t+/q/7yli99LuD3j+isx0NViDqxVbIjlWB4sUgeYL0hfP D5ulVtSnKMf0NoialWP/+NaJwvf2xofFnhA9sZ9WB67WEUrLZSI9+zOv+u3u0mu8khhVHnxwR IM/wiRRKHtw7nMOnw0lI3SJuGBDqwnZhztOkH+zjVI2iAlGXGzlKWEfjHRH6SfLW1uqAs9JbR G05keBq77gkDQUMRoPeeV6vCHhIOhhcaHoUOtevcT4p3kc8VRILmjEGb/T7GgeFEiWGhA3O+8 9lj9nILzNBxgPPhQO0QrAEkeCzV5zRyTQObIYlaH90z0UUMHIGCoZDe+qIab60eohxRZVZiS3 VSV/6Il+k3e3J4FH/bkZtA9ewVUABd8ilLdHVhMHE2NMCf6kzY93r5uFkGoYPonuS310kBFJR +ZRQzFJ88o7dgolMMgOp0a7FTdMiFINChCvO1JzhtwUVP+UrCVV42snt0f6hIRnrc9DHROqfP 8Adq6huAwhtEr1nlIvhhIDwrXBmwV4LzvVEBkMARSKuqTlawZgDBL6MWVJgMJ6QNcZd+sIlZx 3nW6W1wRfKuHDc/mKKRDWZcAMo1HjXpVYwCb94v3XsSS+05UlrbF6CzdWzGWBvWyJQfdjNQ4L 9hiwHLkfKiGrWlxWechFMFZ0JIJ7fClxEi/WZRap/RZDIJIzqO0Jusj3wyf1TmB4Wtk6YwdMN BW8P0nmg3ZeXJtZWzTWCIqC7tX+4EfPo5zxsXSmXM4VRBj2c/RsxSVvhLGI=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/HfzLs8Pp7sDLBwFR1gtv8xYZagA>
Subject: Re: [TLS] Industry Concerns about TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2016 07:48:25 -0000

Hi Ryan,

people working in the security field know what features TLS provides and
those are highly valued since otherwise it wouldn't be used so widely.

I prefer to finalize the work on TLS 1.3 as planned. There are various
groups successfully working on their implementations and I am looking
forward to a well-attended Hackathon at the next IETF meeting.

Ciao
Hannes


On 09/29/2016 09:01 AM, Ryan Carboni wrote:
> I've never quite understood what TLS was supposed to be protecting
> against, and whether or not it has done so successfully, or has the
> potential to do so successfully.
> 
> Well, I don't think anyone here even knows how to protect a mailing list
> from multi-billion dollar threat actors so...???
> 
> Let me quote RFC 3526: 
> "The
>    strengths of the groups defined here are always estimates and there
>    are as many methods to estimate them as there are cryptographers."
> 
> But whatever. You people aren't even willing to do what the Germans
> did... twice.
> 
> Personally I think TLS should be scrapped, replaced with a protocol
> without negotiation, replace PKI with trusted notaries
> ( https://en.wikipedia.org/wiki/Convergence_(SSL) ), etc.
> 
> But, no one has been able to program anything correctly, not even
> certificate authorities: 
> 
> https://www.schrauger.com/the-story-of-how-wosign-gave-me-an-ssl-certificate-for-github-com
> 
> I'm not paying you people anyway. At least the protocol is theoretically
> secure.
> 
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>