Re: [TLS] Industry Concerns about TLS 1.3

Adam Caudill <> Fri, 23 September 2016 22:19 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CA42312B5B2 for <>; Fri, 23 Sep 2016 15:19:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id i0kYVByAHvtY for <>; Fri, 23 Sep 2016 15:19:22 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400c:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E088812B3E8 for <>; Fri, 23 Sep 2016 15:19:21 -0700 (PDT)
Received: by with SMTP id 192so3113591vkl.2 for <>; Fri, 23 Sep 2016 15:19:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=subject:mime-version:from:in-reply-to:date:cc:message-id:references :to; bh=zz9rPs3kKNT/zNSlx5ZAc3lezH830mUKOwjORR9Vwfw=; b=Gnhhem+u0v30mAAAhio+/u5Lk/00UrXUw6ZmIPagmP/2ax6PQw6mLT+7Z8XFxRmPPw Xgh33jjqxknyGTT/5zjrd4U/NqdJXcabw940bLEXUPQD3av5BhOzbTUP/qNmkF9B2k/T byNUXzophWPfp1oF6r9brI/ca5AykGi+pzanY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:subject:mime-version:from:in-reply-to:date:cc :message-id:references:to; bh=zz9rPs3kKNT/zNSlx5ZAc3lezH830mUKOwjORR9Vwfw=; b=XhSX7gR1xUgq1pHjN1/NXR04HG5+WCbR3r8XZ1+J4j+77s2zYRab5th9xW65C0nvaI 5SGbri1utBofpTnBvEgi1xl+f2mP8lA4VNULRw/BHT7cr0vUwDcpk4LNPP1TQzpwE06x 1ov1pN7ACZvd2uvAU/qRukQfSgvZQAxGGy0I57ozlhITHBvTQJn8cmcp5dbT5VJklThv iS0XSresqZO1p87iBiZUN2wAedu5RtThTBpf1TXFFlEnfdCZK4Sy+rymbMVOqultimud rCieRSJVN5EDfPl2co3Z9HACNHJpbluohH9lb6kD5vUReGbTHehv3P5ljENicLUUq+oZ /GTQ==
X-Gm-Message-State: AA6/9RntnBrDkmnJkzjm2hTf4ITKR9MaTnsfEUaFI0o5cjHsaPXFB6D2dqgdruq6pzfZTA==
X-Received: by with SMTP id s189mr496430vkb.168.1474669161002; Fri, 23 Sep 2016 15:19:21 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id r1sm127704vkf.28.2016. (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 23 Sep 2016 15:19:19 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
Content-Type: multipart/signed; boundary="Apple-Mail=_EE63164F-976C-4B0A-BB3A-807FB12D053E"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail
From: Adam Caudill <>
In-Reply-To: <>
Date: Fri, 23 Sep 2016 18:19:18 -0400
Message-Id: <>
References: <> <> <> <> <> <> <> <> <> <> <> <>
To: BITS Security <>
X-Mailer: Apple Mail (2.3112)
Archived-At: <>
Cc: "" <>
Subject: Re: [TLS] Industry Concerns about TLS 1.3
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 23 Sep 2016 22:19:24 -0000


You are requesting a major design change at the last minute, to restore a problematic feature that was removed due to its negative security impact. You should understand from the beginning that this is an extreme request. Moreso, you should understand that others in your industry have no problem complying with US and international regulations, while using PFS cipher suites.

I am personally aware of two of the largest financial organizations in the US that actually require PFS suites for all internal and external applications, and use endpoint security applications to handle this issue. It may not be as convenient as what you are doing now, but it is a problem that has already been solved, and solved effectively.

Before claiming that the IETF is eliminating your choice, you may want to take a closer look at how those your industry have already dealt with this. There are effective solutions that have already been mentioned, that don’t involve reducing the security of every TLS user around the globe.

Personally, I agree completely with Kenny’s response - the answer is simply no. It’s too large of a change, it has too large of a security impact, and there are established solutions to address your issues.

Adam Caudill

> On Sep 23, 2016, at 5:34 PM, BITS Security <> wrote:
>> you can keep using TLS1.2 in your internal network, can't you?
> There are both public and private sector regulators arcing towards being more prescriptive in this area.  It is possible, if not likely, in the not too distant future that my member companies will not have the choice to "downgrade" to "obsolete" TLS versions.
> Note: the standards track document says it "Obsoletes: RFC 5246" which is TLS 1.2.  That's a signal that may prove difficult to divert in this rapidly evolving threat and regulatory environment.
> - Andrew