Re: [TLS] chairs - please shutdown wiretapping discussion...

Stephen Farrell <> Wed, 12 July 2017 20:16 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1B8911316A5 for <>; Wed, 12 Jul 2017 13:16:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id TVvxsZOSZG-g for <>; Wed, 12 Jul 2017 13:16:12 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D00E012EC3A for <>; Wed, 12 Jul 2017 13:16:11 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 08D35BE5F; Wed, 12 Jul 2017 21:16:10 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6IvBb-J7nzHL; Wed, 12 Jul 2017 21:16:08 +0100 (IST)
Received: from [] ( []) by (Postfix) with ESMTPSA id 40425BE58; Wed, 12 Jul 2017 21:16:08 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=mail; t=1499890568; bh=nAvwvuwnE7fYR0Ye/fqXN7lTgfuElN4O8030QSe0VrE=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=EJQloBBioYr2yOmSc3N+cHVpAiZQ6RhmrizbX0YnIVM6n5BQ+t9FtIpBDOt6VP88P hJmoAcs1jc0rVfka78nccBTFXymofo6bamMv2572FMyBQHeQEHbvJsT9zeHmoombbq jGNhYfEXspJwuxvUOWsu2YsRqBri9usHSfR1SwjM=
To: Kathleen Moriarty <>
Cc: Kyle Rose <>, "Polk, Tim (Fed)" <>, IETF TLS <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
From: Stephen Farrell <>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <>
Date: Wed, 12 Jul 2017 21:16:07 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="XIG1A16IvHqLRfNNpt97hjC8qqhIciENW"
Archived-At: <>
Subject: Re: [TLS] chairs - please shutdown wiretapping discussion...
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 12 Jul 2017 20:16:14 -0000

On 12/07/17 21:01, Kathleen Moriarty wrote:
> With no hat on...
> The difference with the WordPress & SMTP examples is that you know
> content will sit in plaintext on the servers, whereas with POTS, you
> need to wiretap to get the voice content. You only expect the log
> that the call transpired to exist with the service provider.

Sure POTS != the web or smtp, though 2804 specifically calls
out pen-traces as being covered, so we're not only dealing with
bulk call content.

But in any case the precise mechanisms used to get the pen-trace
equivalent or the bulk content to the wiretapper as cleartext isn't
really significant  - whether that be via a carload of tapes, a fat
pipe from the MTA or site to the wiretapper, or
via a few KB-per-DH-private if the wiretapper already has the bulk
ciphertext in hand. The crucial thing here is that the leak of the
DH private values is needed to enable that ciphertext to be rendered
as plain, and this proposed mechanism is how that part of the wiretap
service would be enabled, and that's why these examples fit the
2804 definition.

Put another way - it doesn't matter if a traditional POTs wiretap
is done via a conference call setup (frequently done) or by actually
recording to a tape device as was done in the past. And just the
same, it doesn't matter that the mail or web content is also
available as plaintext to the leaker of the DH private value. All
of those can be used to provide a wiretap service as per the 2804
definitions. (In fact a wiretap based on leaking DH private values
would be much more efficient for an entity that already has the
capability to capture packets are lots of places on the Internet,
but that's not that important in terms of whether the 2804 term
is right or not.)

Does that help?


> I'm still in a mode of listening to arguments,  but wanted to point
> this out in case better examples emerged.
> Thanks, Kathleen
>> What is also true is that the draft being discussed is entirely
>> clearly usable for wiretapping in some applications that use TLS
>> according to the definition in 2804.
>> S.
>>> Kyle
>> _______________________________________________ TLS mailing list