Re: [TLS] draft-green-tls-static-dh-in-tls13-01

"Roland Dobbins" <rdobbins@arbor.net> Mon, 17 July 2017 16:45 UTC

Return-Path: <rdobbins@arbor.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21A1D131B4E for <tls@ietfa.amsl.com>; Mon, 17 Jul 2017 09:45:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.701
X-Spam-Level:
X-Spam-Status: No, score=-4.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=thescout.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TsWqZNtLq5JW for <tls@ietfa.amsl.com>; Mon, 17 Jul 2017 09:45:25 -0700 (PDT)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0127.outbound.protection.outlook.com [104.47.32.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6829B131B33 for <tls@ietf.org>; Mon, 17 Jul 2017 09:45:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thescout.onmicrosoft.com; s=selector1-arbor-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=0QTvgAcprkmixI/sQiXQEqkfoh7Dp0aOSufQKIGmabc=; b=g0Gr/MIDbBMJVL99Kx9FH8C+q5wXxC9lDZqNA/vVfjomMh5DCD8npbnqtqVhcYynVuZZN4NznlqZwB4jQT0jjOYkBFnl9jTkUsBfFGfR2de4MLIi3Bks3mDRyjjUjcRzAxsE6op9YMSHk72ZSLsbFJ7ue2A4s2UJnReJeUIC88Q=
Authentication-Results: akamai.com; dkim=none (message not signed) header.d=none;akamai.com; dmarc=none action=none header.from=arbor.net;
Received: from [172.16.1.3] (88.208.89.131) by DM2PR0101MB1038.prod.exchangelabs.com (2a01:111:e400:3c19::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1261.13; Mon, 17 Jul 2017 16:45:23 +0000
From: "Roland Dobbins" <rdobbins@arbor.net>
To: "Benjamin Kaduk" <bkaduk@akamai.com>
Cc: "Yoav Nir" <ynir.ietf@gmail.com>, "tls@ietf.org" <tls@ietf.org>, "Matthew Green" <matthewdgreen@gmail.com>
Date: Mon, 17 Jul 2017 18:45:11 +0200
Message-ID: <92CF1858-7589-457B-BD1A-C9F22B7FDB0A@arbor.net>
In-Reply-To: <8013b86e-fbaf-cbd2-8680-fae37b71ec39@akamai.com>
References: <CAPCANN-xgf3auqy+pFfL6VO5GpEsCCHYkROAwiB1u=8a4yj+Fg@mail.gmail.com> <87o9smrzxh.fsf@fifthhorseman.net> <CAAF6GDc7e4k5ze3JpS3oOWeixDnyg8CK30iBCEZj-GWzZFv_zg@mail.gmail.com> <54cdd1077ba3414bbacd6dc1fcad4327@usma1ex-dag1mb1.msg.corp.akamai.com> <CAAF6GDeSv+T1ww5_nr6NPgg9k44j7y04tJWC=KeaJF7Gtt+TVQ@mail.gmail.com> <9bd78bb6-1640-68f6-e501-7377dd92172f@cs.tcd.ie> <CAAF6GDeGKEBnUZZFXX0y0a2J2+sVg8VaHh-4H9bhN0Zzk-x9uA@mail.gmail.com> <6707e55d-63d3-01e2-4e98-5cc0644e29e0@cs.tcd.ie> <35f4c84c6505493d8035c0eaf8bf6047@usma1ex-dag1mb1.msg.corp.akamai.com> <CAAF6GDcq6_ML3yHSQTy-t5irYLS10VVzk_R+7nAUKqQpgcCkrQ@mail.gmail.com> <CAPt1N1m_Zi_2faa8KHcXnic4QjXCEDkwnf=RTbo-Crvh6nMC+g@mail.gmail.com> <CAAF6GDfmoFwQSHEF79AmSDBE6W6FwCu2=n-SU7sHipfsfVTeUg@mail.gmail.com> <a5ba6836cab6417c949d536f2a2542bb@usma1ex-dag1mb1.msg.corp.akamai.com> <52C47C57-DFCB-4378-8C7C-6D8A5AFF3075@arbor.net> <09C9DBF3-75F3-4B59-8522-7ED0D0BA3AD5@gmail.com> <8013b86e-fbaf-cbd2-8680-fae37b71ec39@akamai.com>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed
X-Mailer: MailMate (1.9.6r5347)
X-Originating-IP: [88.208.89.131]
X-ClientProxiedBy: VI1PR0802CA0028.eurprd08.prod.outlook.com (2603:10a6:800:a9::14) To DM2PR0101MB1038.prod.exchangelabs.com (2a01:111:e400:3c19::27)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 83a52ae2-bc11-4a10-d4e4-08d4cd33387d
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(300000503095)(300135400095)(201703131423075)(201703031133081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DM2PR0101MB1038;
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0101MB1038; 3:zEeE/TDZCX/EXgE6P62STjsGXWNr+OVPTecAH0iTmunJfFZMmf1q59Bs0o3Qb0WlEMvdvWFAyvaqp+cgeBhDj7BKKdK/+W6elUXzU/IWPwAyNbTmekYCsRbRjOvIFRBO90E91QnvHageGN40MWwsbXAVKF18Uk1KZ1q+O6DVcw30yv7dVTW7Fp3gdTUWQdDy1gxq1JsATNw7e7Q0OZHi7Lp85cfW4165uMabqjYal7pr5iACy6CE08PnWOOfZY64sKWTgXEFGodxiqsDgKC16Pfv5YVFxdEFsjm6GcxPBfQzk73hWbblEmDiZM+7dn1xcO5BAKkZcjLjYpBQ4Sjm7V5lT0CpNEPac1vTelsYbrv+SRi/jWqNtYmMB/y1fhLwX0pEKpr0VWYioPbYByJI7E4otz/x28ngKf0XDEHq2/TdyCQp1/9ZhCOx6fWVECjCJsvoqbx/CLTUIGLWzyz8Xc6QLA15Mqi9Ne9At/eAgjXHROcUjci3w2/h3cox6FY4gNcLXLTZ734ZpLROG7WwMZ2b6IFZyJiKg0oDYlSR4vHhoB1yXGlWVXEBsjQhy35KzNp69ckY2ebgmaLAAhgg57g9is2iKfbW1RzElu1vQEeQteaChzjJc52esSPmtJa6Znu2Nxe8LFx8czFRwywHfJfq41/yFh3DJic0xao6y4vZ6jPZlF1gunspdrbs2WXsCy0zEqZmDvonsqElSbwkL4OErLN7JIEPEmO6DzyyeNg=
X-MS-TrafficTypeDiagnostic: DM2PR0101MB1038:
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0101MB1038; 25:/ZEV+wBsNV1hEotdB65IGcQT3HZCXgL9palSOL2IQMe6fgerI3bwlPShVxTeOHVm/hZmPqtaoSxPn5Hq/A59Q5af2pUkG/RX+7T/FT3f5qycrQHszl5DP2+DVsZAxb0pN7ov0BvpPYTSsXSM6/CioFt5wdEvK3sGhMe5wcekHXQr/6hShyy+if/ErRGV6sDkrSRs2d8rFxumzdW5/m8VIWVM+Em1DCOIYt2HOXXQJJELaRmEw67HBwWT9F6/SVwL586U5GtnvorHZGjFVFcGuw7rMkx8VcDQQo85ZUbwiBiLe8zSWb71RxDGGi4EJU80p7j4YkrsYIKVw5jfHfXxsIgb9qUymE0kt5nPEHoP68xLrCGZYnoK5igGCgSP9uy6usZZLy4vOa2y81jSmtqwSN8prFzzji7ii6hD4Ka+eQyiFO+FxojMeEkX1jH6yFN1PB1hONnlkTu3GQ/hweIiYyVGVmx67de6vqByG7EdC9ZM60lFvVXdB6dNs3WX4MgAeyRTw6otaWk8cDx445Yy7ra26m1MuEBpTg0bp39d6Sa6LcIy7yhZUcQ54DN82frwqouymrkGrQXVl41XgNV5ngT5IvvT8NzZczKFxalfqEAp+iXWheoQhAvP9U051gr9Na5FqpC8tBi0spLMysWDQ2cluz9hDKaTI9WFGJGUSgSLB94StX7c2+ZqDoDxGAU3fJ/nQhAwW6UUYTry2u1tozP/UzpTEjopY357zd64ZjrQG8EnFEfPZJg/7rSwUzsjtnhzeB1ZWe0ZlF9fvXjA4ru1qs80nTEc3k1O3PAuV8eANQuLCsXOFb8x92hLA2T2QTad2/q570rmFcqakOdbH6FkXWQ+rmZ1hBR8a5DH9FDUPMn+6FTUwAAkcGhzMBaEfFOmwnN34znr8TyQffM5KOfykRgIXvWnvQtVX2Lof+I=
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0101MB1038; 31:akpNGdmEiKzcSFk58PGsKozRdk3aYFQthvp1CmN42HYfLAA9jLpTGS3+qYX0iMyb/aeeRos3OSyr5vHm6wj7+vH8xcTF2ePfhmBHJFMkBrNeanILSkS4T5+KlE2lwk3td8IiW2khtsiid2oFBJ8fVhH84jCkqxW5fnAEO/Oo4P2RXHvCrqKzj7h4ayhxkUiSiLNK1dSHqibpQdZ1mRMiRm2Awdzgxfwe9j1/gL98opKlnp/GEHbZZDCZajeCWRcKY/WV8j0iLZlyDTVMQ7whdiIufo4XsVJSocEcwlkREbFf2k1hg+wloVrf0zsYDmmHVJhGLKvwJo5n+0+uX1DlydfZiE9Eknpck19vXCBBnB/nR6/7buwYC1/Zwx3R4tk1qOdMQNqvXIzBH7p6LAY/Wc0G2E8kK+0CN1TATzh83GP+4OfRgR+2LznwjIEnRojzo8hH+Noip/kMAaG+udYVBA0cuSk51xpy4/x7RAESxQnNyb0AvkxksOgrGAwxWsQ1GyNlGl41AXI7YT57H1t8+cKwnC6rRaPloG55CFwaijJhz6D/SIt9v2DNSbiuD/L1UwAiGkD8aV2Kb96K3CcdA5W/CaA+MBUVKnYIwp+98TXIgfHZaSvTlutU4zgeqd7mpho4w2ZsulzqG38FP2Vti3OtXM3uLuFYVw8j8NqapJFCDEJ/BDP0xCEfBortwgmPqhykPec+9S5P3tYpebKTbQ==
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0101MB1038; 20:c7Q1qMtWYgdUaFKEH46ubZbjL4pE5Mte0Aigc1PAMCYLN/BquxTCSVyEN7as1d6u1Dl+dKJmo0/6x4amt1VmMWDeEIVQrIhmhnjEQ6cwQezmVImBmXTVpWqO7NPbR3AaweVYxlcCAxXP8izbWoKzFt9hNd7xcEs7kEi3jwQht4TAYNEeBkGwvEv9XaP8nlLpTNPtjx4Bchs0Uer4nDL+XWos93f24xGf5t8yMePn1rMmEfyVDXf7drNXPACseCvuIoGIbLE8DO5LFznPp1HCOakG9MUbP6NIbDbX+WwgdGLcydpzqkJCOoe0xUrvjnqPA9P0zWpK8V/CpZa7SkuzEwK3FRaHtZQEAKWwNcIs4jpdJ/24AoqvKrbBY0uF2n0AAjZ1Ty8svtQP26xjL+I3iYVZzu2WEfDm429yQxkvsLQCV2PNSzzScdgUODhPOCf21GPysnoQthlQjDGKnEC3n6iNafz9vYlF1jdvK0SXZ+KqUj6F7e9QSu75vE3zEvtr
X-Exchange-Antispam-Report-Test: UriScan:(236129657087228)(192374486261705);
X-Microsoft-Antispam-PRVS: <DM2PR0101MB1038F5120E09A1FF23FC7F99CAA00@DM2PR0101MB1038.prod.exchangelabs.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(2017060910075)(5005006)(10201501046)(93006095)(93001095)(100000703101)(100105400095)(3002001)(6041248)(20161123564025)(20161123562025)(20161123555025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM2PR0101MB1038; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM2PR0101MB1038;
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR0101MB1038; 4:DV30OZhqQIg0weVyShvkZJNT7E3DTifOQylRcveb?= =?us-ascii?Q?mwrKZVoYKIz3JqEo33vEifxXfsax8EeYcMrEc64TF2HT5znlrbIAwlHk52a+?= =?us-ascii?Q?QN+TBNpon/O+SnIL1BnlpE37M0vGwtf6WryBazkxdodQRG6G0AlsXN7ozlRA?= =?us-ascii?Q?Zm/MYZaiiIW7oDJiWRt5LwvzPo9MVb6MasQy4UVbC8RODhZASnZrUx4C3oqK?= =?us-ascii?Q?9ZzYvf3uLhxGhlAVot8Wvt6HSWXvAJ6I62NzSi638KvTM4KUowV6uYrmgnTs?= =?us-ascii?Q?eO2bs+ECQTXLqpo/H6TVIky1zr9zCv9J8KjSxW+GPEevX6rcrVlahUkmAlMG?= =?us-ascii?Q?9LcOQLy7TX3amCQ3xOUFB2Ev0X+7BQQiUy7o4fnkgI9Otsifdbe5iQEfexZd?= =?us-ascii?Q?NTlqS+f7cZCQ4C0tVzkHLdKeUEncpkKvOrbOfdwq2D4DCCo2xXU9LcKk35MS?= =?us-ascii?Q?9sriyHLNDXmUkHihG3glCm2eWMNVxnTtH5Lw+EdB8cEPW8Zd9KraVtglqhSm?= =?us-ascii?Q?8DZoVUklkXIiEFClDEzaY8R8jgkj48xQVcstUR/io/jV3PkT8wRSHCcIvWFn?= =?us-ascii?Q?Dj5zcSKw52oQx0mBwLWH8fcn8n9VF7YSlUt8ZP5/PfTELvUl2f8wmOLoOtaX?= =?us-ascii?Q?xEy1O17PTIaD84EH2ZXYbSb8CS6NuOou3I2BPspDQCm9vOZ52bciZyrN8Omt?= =?us-ascii?Q?KqPjd5gO/O8zdy6DpjtCQstKI8Ol0zL/RIQVKwDki5Jh2iMjLn7YU/z9zJjg?= =?us-ascii?Q?U+LSY/66fMHOSMYo5WynfmlUrYRxTFSzZHJqKInZahCuK+2Yj3ULvg/GLabE?= =?us-ascii?Q?xrqfQD3z0cil8fzZpYNKEWrxkRsgDYfhZOUanxQArjFVyx2k0kL/Cb1DxKun?= =?us-ascii?Q?nhLOpdt3JKMfiqv37Dpb/Jtt1WdhSAOmh/+RGWr+Ca+MQA9PCatUOyUxCfNV?= =?us-ascii?Q?N0aNsEGGScaUH2rrxBWrDK+KRFB7OXHJR5rCMome6jgoazq/G+5MZw8t6jFp?= =?us-ascii?Q?sGN6PZpJdc4ZjiPDYkAey2CBwKNseWyGCZir6e/nH8J04kKOIed0/zyHp2UU?= =?us-ascii?Q?MTFfWW3oZuePxavWuN1xxAb6cQ+7yA6TX0QEcTBy8JYjuPCmoLcUZsH8oo8O?= =?us-ascii?Q?z9lSaMrCgyQqOMXldnhx37leKQs3m/9ZGsyUuld0mE9U+wB6icbDaK4cOlgd?= =?us-ascii?Q?ybAUl5glGZ7KPyscJ1qeNsUblRAd1eXm8ymga1rJzfrMlP4WHRTMFOM0PNxJ?= =?us-ascii?Q?PKFR/WdpolnfgVEx2N8=3D?=
X-Forefront-PRVS: 0371762FE7
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(7370300001)(6049001)(6009001)(39450400003)(39840400002)(39850400002)(39400400002)(39410400002)(24454002)(77096006)(6486002)(54906002)(8676002)(229853002)(478600001)(6116002)(50986999)(53546010)(76176999)(3846002)(81166006)(38730400002)(110136004)(6246003)(42186005)(36756003)(6916009)(2950100002)(6666003)(33656002)(5003940100001)(93886004)(50226002)(53936002)(5660300001)(66066001)(2906002)(83716003)(189998001)(4326008)(7350300001)(47776003)(230783001)(50466002)(82746002)(86362001)(7736002)(25786009)(305945005); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0101MB1038; H:[172.16.1.3]; FPR:; SPF:None; MLV:sfv; LANG:en;
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR0101MB1038; 23:J6jK6GPdYdNlpMSS46WIaSm+knjfl/7TGK/OhVe?= =?us-ascii?Q?f5wreaJhP+7nomshJbediRdBUyF5Zr+CkOVvaUbJXtg9/zJXjK/JHohtRA0D?= =?us-ascii?Q?kVvACEn6ugr8NWIFeOX61t9JemPJLlwn7Orlb9oRLheoMxK4YY+UTSWhVJFw?= =?us-ascii?Q?ZLxCGLQRUrhzhvCvX/2z8f998Ldlqe6Bj06q71TM8URc/mp7Kiz23+DzxhtA?= =?us-ascii?Q?vKRaq9JMcgoYMizRH46QW/DH5wlfHFj/gVYGCNvQ2qbEeL+dneGY8RTiJR9u?= =?us-ascii?Q?y1rIoUU+x4hOSYbJR+P8b8vSlFKU2BafnxJgfoTV75MRf1VklxQGcVhxhMpU?= =?us-ascii?Q?rpdfMBqimvfQY7aQKm5qjRpsk27iGq7pkHO6QexzF26W2lbq2vL37Qyq6IYq?= =?us-ascii?Q?U9pNDZE2V5vcrUbNLLnGjuHurh/8oToyXSiQO5x0jarnMzGbboM8YW+6vytq?= =?us-ascii?Q?aw4tCleOpj7ElS9TnOcQFn2qzhFYYFzPwnjUMkw3U/0fIxfr7YP3ypLs+FjX?= =?us-ascii?Q?hMuFRhdESL2C6tHmy+2vTUXtKkfdzef0eTllJc7gwV99CkqIrPIr/9WhX1Yw?= =?us-ascii?Q?Mp0b+FPGWMYdFyLhKZkF53HZtD+E3uoj7BKwFCjduOnr8Ptx+9SpQkq2NapH?= =?us-ascii?Q?YymzM8T9p/fAUDzLn1uNM7k/BN+8ptWL1Dsz6VH00kmfnKj262AXNU/DuHkG?= =?us-ascii?Q?lvl2M97szCGPPEnpjOWiij8gzK0oB/Y564WDxsTFU71f/tB2JWklupBVwbd2?= =?us-ascii?Q?5dZB/W1rOKelFltB/e2pQvcs0y4Y7vfhFQERo/ypAR1k69PfWHgVBKsZL1v/?= =?us-ascii?Q?4PQHpm6pB00orj/V6PcDdtV2iQT+8yjhkYOuT+rvoAaDT5XrBpulkmj3Cfv6?= =?us-ascii?Q?ZsEEvwWRpPpOniVfI15z7yy1W9lV8Q/QC4Vwrd2sG4KJJ1HMwJ631fXWeVi2?= =?us-ascii?Q?gLg5NcpNL8Y/Bq2v9o20t1jA3HPVnxuLrrUsFXrVyiLdPZ2Uh5rE8U4+4DaI?= =?us-ascii?Q?cTxlzbrUrVHw8Jyn33gZNMWNNga+5M2ztBpIAbalCpKlw/0TqOkRy1KV5/En?= =?us-ascii?Q?iRQKz4gOOCFAV9wDDm0Z4+WcydJIE3tZks6ThQZXAljoJG9eqVhXy7VnATmH?= =?us-ascii?Q?W3xAM0V6pfwYYlIJPBGh/9Pb4IELq9AOrAgjBTkrZBwauN6gnCu82vbOh/5c?= =?us-ascii?Q?IhC2eoddcm/bO+YDuOj6pHJHVAYIy/qqvJxLF0mPJ27EfnDRYTTesOkFLwWY?= =?us-ascii?Q?VLTuZ0WzAMvH58RzkfA4=3D?=
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR0101MB1038; 6:NHwUXLAjdIxZIAoAN3C3pzotyHWiDUqHfbDTvtGu?= =?us-ascii?Q?SMGvKhFfqfE4f0wvDXiD2QhSYPHjPvESzI6RyzOinyPoDalbKEoG8hj+eg6f?= =?us-ascii?Q?A+nwPauXyJJprr2RpMld86Gon+jZFD2f1HHB8U8dHIVBIoYDHMAHwaYWo2kY?= =?us-ascii?Q?n/xZUeISpA8RivowYQ3NP9p2gfSOHfBMjLD0u/LZtWkP1xdWK11NsTMYomfz?= =?us-ascii?Q?8F/7aYgX2wMb+eRVLS0HuxT9YBAFBBOjYjDOX7XjWYH8qoiCr+xhdWgNxAE1?= =?us-ascii?Q?Y9BYQWabBvdVsCQ1XiXFlLnVarY4UcIN6nD3giJfsqrizwN+2r3YTYC/fpVj?= =?us-ascii?Q?HXMX0cIE4nM5g7rujVMFQt5XEdU4HVLjC631TPPaDVt6yYJqtPpPN9cTbLlh?= =?us-ascii?Q?rsxuz2X8CQnie9eHGdoreSjWNKjR0VP9+H/Vp938Zc5QsevtB2fAUJ+L1RCs?= =?us-ascii?Q?cD1+L9c9dF9lIQmtpSBmMu7gf/c/RLdaE8D83aFHlJKCNm+WUQ2gUJSjPtjq?= =?us-ascii?Q?97pMjXq/xmGw1fQhufVyU+vimA1yCMc2CbyG7/XX/DuLhbtaVLoxcNfNohvy?= =?us-ascii?Q?uvqIg6el9RRHNJfH0bwafYBAdRsgsvnkXrcWLyKmWqtVucULgtG90GcNdmr9?= =?us-ascii?Q?n5RlTPJohNrIAYM/Jf/9EixUpc9aDJJbxh/FjBxy0GRRC6pwPEEh491n4yQQ?= =?us-ascii?Q?aPICzdKn3aIoYnlG8DoVt+/vaq7O9e2MR6sKNvVvmrIYUK47HLmIC0wclANY?= =?us-ascii?Q?4ZNPCgozbTMLnS8ZZ+KkxIJ+y9J4bi/Y+GtL0HnvqqE0UOISWJV6aF7L2OYg?= =?us-ascii?Q?sMVlBIP0DhliZxB2B66dXdFpKelCx2b/NH6ANOL0YBYB54w0o/CUDqCCrd9l?= =?us-ascii?Q?qqR3EQsmQHzmfsvKaJzVBggo26d41xL3s4zUJDWCewN0uZfX6mPMrZt5K70c?= =?us-ascii?Q?CMt333IVsUlKwra8Cs08+9vfe6OQfzO355WzRfaB5IW/GiZPGwmlTNCfdYxp?= =?us-ascii?Q?jM4=3D?=
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0101MB1038; 5:LKFdLMAUcG3m/ygkyXgCeBOsaxVs/P2C4QI9T8aYIIV6rILugtMgnYati+esraB84jVgqqG0vws+r6/WAJltFgSGp/3xPuJcTmWJDVHzdITBXYNSa3dRDU4QhA3UmIXuzHntCTz5StmuV9xjgcEyTDT/CskVOj5j4VGYkbFJDfoM7mrxkIO8+yz0UgHBwpAX+9nTvJnRjHnCdxzZTyDzGs2cUEQLFQTeUdLRly9O/1lSRswC4G7E38WgLUQdoWf20X6lYbDtIPJun56cVuA9358XprIYhl1ZAK/woOesncqD/EHIHJqyZSfvMkwfXAHGNFExAkEO7J2g0CqPrpq3aku1use/Vt9RGnlUrYWmvYtRydjpRGXr5ElaFZKtC+8Q9Zfi1lymonhnTfIHXI5mZzxikVDC/DIgcI3nHMm4qQ75QMS4IEXopSZz6c4Y3M9FU4zwaOy6nAJ4wfFBipOKWQNwpW+EuDPXCHQ/zB1FhW2dgpuoMo9A7mphXKCMNaJ5; 24:j/VEKXgjjN4HlDfMl+66Mf/+wkYfLrHduNPlRd5Q0UUkO/wu6W8WuD4fbc/FTXZJ0xMrCxZ2orZChdDA4oezwyhijBFbA0r9QF19RpdAZtk=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0101MB1038; 7:YD5bufZwAUCwYOEheDJIPIUnMPN7J6/PfhnvaUsB1jyM9ctRvg3ubzh6M2F56qrrra4vpq2bwphKQJ4t+/9MOk/AAreP4UU3oYyZI06FXJZIK8D71Iz35tvjW8LAsO9qqFzNsCZ3qrEgZXpnQAVBO7v4lWJknb++PyFCKGdvZLDSh0FIhif2F6d4DbstfPXYg9OSYYBlnZ5ddIuwTH7Wo93CeMMAnV5F/kfT0OCqhm6JxU7MQ9r+GqW2rStn++JhxnRUFKfnBBaWliZ7ftDbH8Ch2RQqfbZepm3O86dWrlIAGAoAd8h8wLF94xVDeUiuyPINugvy39HV+hoXja+OhsmfryB9JUlRES+YIFGG8zNkjCtSYvAzHTakDNCngHzx0dm5+PA1pR2Iuj28gPiGTIUCacp4gzBACQVFw3JQV/7LMooRxZsVX0YSjxV2mLQ1c+z+ottc0Yzs7b5IeCiq1PfXCCHSIvJIadkPhzmFG+2d3zx7Iz/SJd2ZDdo4FkxMktwQfvmP6jq+Ofz8Ielm72wJQOtFcHq3O0EUvitTvt/O/ur9/Ts66j6tkZtbtcfdYkgVrJofXM2j0HeHCB4UO4wKyecrZ5tlPfb8j2pklNvRmPAqKh8X8oDsx+fGhSZf6BdfOKWfKSClyzdkrLgzSr5e7qzlsu5/+rI9jutzS33YUAwf8QZVguhqLg3FXMTkPmR1TR0suqWYHnCQNw1X1ylZsf6bh4HOGBssp+L1D/m9zJ/0VouglbamTaNKdEdTzvb8lAVI7ViJ8mrdmGhJQuUIRNFUrQ3ia5nlkeas624=
X-OriginatorOrg: arbor.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Jul 2017 16:45:23.1491 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0101MB1038
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/IEYWz7w5xDFaDYwKFZwTV8LvmEQ>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jul 2017 16:45:27 -0000

On 17 Jul 2017, at 18:35, Benjamin Kaduk wrote:


> it could easily be enabled accidentally on the Internet, or coercively 
> required
> of certain entities, e.g., by national security letter, once 
> enablement
> is just a configuration setting (as opposed to writing code)

Yes, concur.

> So, in order to have something that is verifiably opt-in by both
> parties, it seems like it would have to be a ClientHello/ServerHello
> extension (included in the transcript for the generated traffic keys)
> where both sides commit that they are willing to exfiltrate keys to a
> given named entity(ies) (whether that's by raw public key, certificate
> name, etc., is quite flexible).

I agree that the extension approach is something which is worthy of 
exploration.

-----------------------------------
Roland Dobbins <rdobbins@arbor.net>;