Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00

Florian Weimer <> Tue, 17 October 2017 12:53 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C68F7132FB1 for <>; Tue, 17 Oct 2017 05:53:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.022
X-Spam-Status: No, score=-5.022 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id G_Tsp3cxC8zE for <>; Tue, 17 Oct 2017 05:53:17 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 71DDA134184 for <>; Tue, 17 Oct 2017 05:53:17 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AFA4465DA3; Tue, 17 Oct 2017 12:53:16 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 AFA4465DA3
Authentication-Results:; dmarc=none (p=none dis=none)
Authentication-Results:; spf=fail
Received: from ( []) by (Postfix) with ESMTPS id 9DE3977677; Tue, 17 Oct 2017 12:53:15 +0000 (UTC)
To: Stephen Farrell <>, Hubert Kario <>
References: <> <> <> <> <>
From: Florian Weimer <>
Message-ID: <>
Date: Tue, 17 Oct 2017 14:53:14 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.79 on
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 ( []); Tue, 17 Oct 2017 12:53:17 +0000 (UTC)
Archived-At: <>
Subject: Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 17 Oct 2017 12:53:19 -0000

On 10/13/2017 02:45 PM, Stephen Farrell wrote:
> So the problems with that are numerous but include:
> - there can be >1 carol, (and maybe all the carols also need to
>    "approve" of one another), if we were crazy enough to try do
>    this we'd have at least:
>        - corporate outbound snooper
>        - data-centre snooper (if you buy those supposed use-cases)
>        - government snooper(s) in places where they don't care about
>          doing that openly
>    ...port 80 would suddenly be quicker than 443 again;-(

And any authorized eavesdropper is not allowed to be able to infer if 
they are the only ones listening in.

I don't understand why this complicated approach is needed.  Why can't 
the server provide an OOB interface to look up sessions keys, or maybe 
export them proactively?  The proposed draft needs a protocol like this 
anyway because SSWrapDH1 keys need to be distributed, and periodic key 
regeneration is needed because it is the only way to implement 
revocation of access privileges without revealing the existence of other 
authorized parties.

I don't buy the argument that there are too many session keys for 
proactive export.  Obviously, you already have sufficient capacity to 
send these keys (or an equivalent) over the wire once, so sending 
another copy or two shouldn't be a problem.