Re: [TLS] draft-green-tls-static-dh-in-tls13-01

"Dobbins, Roland" <rdobbins@arbor.net> Mon, 17 July 2017 12:57 UTC

Return-Path: <rdobbins@arbor.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E497412EB8C for <tls@ietfa.amsl.com>; Mon, 17 Jul 2017 05:57:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.91
X-Spam-Level:
X-Spam-Status: No, score=-2.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=thescout.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jdfqnhv3bWm9 for <tls@ietfa.amsl.com>; Mon, 17 Jul 2017 05:57:03 -0700 (PDT)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0138.outbound.protection.outlook.com [104.47.32.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0EA2E131B5E for <tls@ietf.org>; Mon, 17 Jul 2017 05:57:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thescout.onmicrosoft.com; s=selector1-arbor-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=aOdjcvUqui3m8LLV8qeP9dhgMf8htbAcJKWKvQQEm6A=; b=WLl9UO57ZIO3Rd9JXvVbcfsWbmVpMK6HuXDkEz6DuLs/NFgwwyErflZCyBqhjpIaOoktx8tLxHEE0v+pXDV853OUprGX0sfLGrbU6Hl8U6EOHGwe1j6w/H7fgJBhYA+/kKsC25Gm6LyYCruKtf3VEpx0iPCHCrNc8RWAz0ycawU=
Received: from DM2PR0101MB1039.prod.exchangelabs.com (10.160.129.156) by DM2PR0101MB1040.prod.exchangelabs.com (10.160.129.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1261.13; Mon, 17 Jul 2017 12:57:01 +0000
Received: from DM2PR0101MB1039.prod.exchangelabs.com ([fe80::810f:2255:5d85:2fc7]) by DM2PR0101MB1039.prod.exchangelabs.com ([fe80::810f:2255:5d85:2fc7%17]) with mapi id 15.01.1261.022; Mon, 17 Jul 2017 12:57:01 +0000
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: Tom Ritter <tom@ritter.vg>
CC: Matthew Green <matthewdgreen@gmail.com>, dkg <dkg@fifthhorseman.net>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] draft-green-tls-static-dh-in-tls13-01
Thread-Index: AQHS/LbQetAoAc0WMUGwvSG+0rIljKJUZVeAgAAD9wCAABgasIAA+jYAgALZoYD//5/OgIAACeFK
Date: Mon, 17 Jul 2017 12:57:01 +0000
Message-ID: <3A53E183-BD69-4A31-A2DB-ABA7838082B5@arbor.net>
References: <CAPCANN-xgf3auqy+pFfL6VO5GpEsCCHYkROAwiB1u=8a4yj+Fg@mail.gmail.com> <CAOjisRxxN9QjCqmDpkBOsEhEc7XCpM9Hk9QSSAO65XDPNegy0w@mail.gmail.com> <CABtrr-XbJMYQ+FTQQiSw2gmDVjnpuhgJb3GTWXvLkNewwuJmUg@mail.gmail.com> <8b502340b84f48e99814ae0f16b6b3ef@usma1ex-dag1mb1.msg.corp.akamai.com> <87o9smrzxh.fsf@fifthhorseman.net> <FD5D1E4D-23CE-4483-B717-ECD249AC76FA@arbor.net> <87pod1qqh5.fsf@fifthhorseman.net> <BF5045B6-D282-41D6-A979-DB9A2B51679A@arbor.net>, <CA+cU71k6bucRAQtQg_tZP0D4AHnRLVikSydb+6n1mF3LGyBuWg@mail.gmail.com>
In-Reply-To: <CA+cU71k6bucRAQtQg_tZP0D4AHnRLVikSydb+6n1mF3LGyBuWg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ritter.vg; dkim=none (message not signed) header.d=none;ritter.vg; dmarc=none action=none header.from=arbor.net;
x-originating-ip: [88.208.89.131]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM2PR0101MB1040; 7:nuIWzwM/8X6kl+t22Hq673QPps4+8s5QSdxZ6keNIBDFc6cmnSCg46e5eXe7YHTKZdPYHEPYuPfodQDxwIo4WMjHPA3Kqr0aFvHAl5Gq8UuhaiIe4rGavMXcX9DpCcsoR4fUuNIgUWxnI02NHxISU3lPOCOmVFIQKGhio5HFI47CfwoFZHEl9tJQsqWSVQkEByWe8XE816P0LVFjjM1+8iBMVXSbC2ZXOSou42dQf13TooB2WsS3BebxMA7SRZ2A027Hj0aIlEq9VccdHGItfFQYbcQ/qPohaev4uXdY6+QQY9b95dWIhy9Av+EgnvEFVfnh5+hdsPb8uM0B7EhJTsSe+1wleq5KHq5syj8aoxy1Fhp6eNBTCeEhPWgYcVnw1do9cE4b907UOVIOJ/88K/g3BXRw9YDJ1RilGCbjL0oUmPtm4EA3xqYqCW1qcXMzOEMckkL5Uvp8wsRzAjMIr1ONRLZ6dCnnlr7BEeNLn5H4OFcO+KKNkZSeM744UkjEdClmavLOh0iBMNAj+hefHXHdDOXqz+t/mCopCcnV+S+Q8mUXsRmpD/si3aYcGMPnIeiyGfzja4CNzYVCOniFtCMh60t8c8DF6e9gSWDgKUnGarwNxv7rJiIIA1NPZw3ZmlS3Q0tLcELS4pOB6gEBZhMN+oYiYZOswnluY650y3Q96xDxn9m9/I6gB6+BEaigFcHsp6/XGQ3+uyk1JdX2a2n8l9IgSYHLBh7xquSXUn15gFqpM8UD8sAG+x0dE66Xj9VV8q/NWLBUSho/A0DZWvO34hmI77SFMcYT+lmMAUc=
x-ms-office365-filtering-correlation-id: c409b91b-ec83-46c5-bf53-08d4cd13511a
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DM2PR0101MB1040;
x-ms-traffictypediagnostic: DM2PR0101MB1040:
x-exchange-antispam-report-test: UriScan:(236129657087228)(50300203121483);
x-microsoft-antispam-prvs: <DM2PR0101MB10406DC2B289A876533E38E9CAA00@DM2PR0101MB1040.prod.exchangelabs.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(2017060910075)(93006095)(93001095)(10201501046)(3002001)(100000703101)(100105400095)(6041248)(20161123560025)(20161123558100)(20161123555025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM2PR0101MB1040; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM2PR0101MB1040;
x-forefront-prvs: 0371762FE7
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(39410400002)(39850400002)(39400400002)(39840400002)(39450400003)(24454002)(3846002)(5660300001)(86362001)(54356999)(3280700002)(38730400002)(33656002)(4326008)(3660700001)(478600001)(102836003)(6116002)(2906002)(7736002)(50986999)(76176999)(230783001)(39060400002)(6246003)(110136004)(93886004)(229853002)(6486002)(53546010)(6506006)(53936002)(83716003)(14454004)(189998001)(81166006)(236005)(25786009)(6512007)(66066001)(54896002)(8676002)(36756003)(2900100001)(2950100002)(6916009)(82746002)(5250100002)(8936002)(99286003)(6436002)(54906002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0101MB1040; H:DM2PR0101MB1039.prod.exchangelabs.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_3A53E183BD694A31A2DBABA7838082B5arbornet_"
MIME-Version: 1.0
X-OriginatorOrg: arbor.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jul 2017 12:57:01.3612 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 54f11205-d4aa-4809-bd36-0b542199c5b2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0101MB1040
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/IRLRxnOHe5L7bI6RNK8bw1m8DPA>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jul 2017 12:57:05 -0000

On Jul 17, 2017, at 14:21, Tom Ritter <tom@ritter.vg<mailto:tom@ritter.vg>> wrote:

It should be visible on the outside on the connection, so middle boxes that don't break TLS can see that TLS is being broken.

With the caveat that the details of how it's actually implemented are key (pardon the pun), I think the feasibility of something along these lines should be considered.

  -----------------------------------
Roland Dobbins <rdobbins@arbor.net<mailto:rdobbins@arbor.net>>