Re: [TLS] Industry Concerns about TLS 1.3
Xiaoyin Liu <xiaoyin.l@outlook.com> Thu, 22 September 2016 21:34 UTC
Return-Path: <xiaoyin.l@outlook.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6F2312BB5E for <tls@ietfa.amsl.com>; Thu, 22 Sep 2016 14:34:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.999
X-Spam-Level:
X-Spam-Status: No, score=-0.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HK_RANDOM_ENVFROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=outlook.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U4sGhXFebRmo for <tls@ietfa.amsl.com>; Thu, 22 Sep 2016 14:34:08 -0700 (PDT)
Received: from BAY004-OMC3S22.hotmail.com (bay004-omc3s22.hotmail.com [65.54.190.160]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A1CA12B975 for <tls@ietf.org>; Thu, 22 Sep 2016 14:34:08 -0700 (PDT)
Received: from NAM04-BN3-obe.outbound.protection.outlook.com ([65.54.190.187]) by BAY004-OMC3S22.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Thu, 22 Sep 2016 14:34:07 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=6WJQjG+qKDyFkkN6bznFuoyEHZxMkqxc5Ll9JSMfQeI=; b=Jf1qajMetHaF495+01oY5St7wrPkkw3U709mTqCEvZsCymQI/Mlp5YjUO5PB4iwrtS/Ry0/GqEywE0D6kzGilmGoPLJugi+EIeq3q3z0Xfw7FhhKtVtpHCd/7PceS6p7FUp58OQNbnh6UzBIDgVI9LJn/HJutZxs/ioLNewc2UT8xyrX/dwcHJb82CDh9qUKcRlFySSj8mhcZ4hhog8/HO9FgJLJIpB/eLsQSLpxtwifjnTzRywQcc/HH1Ah5kuxEU5ceArPQen+6K5Xygljt5Xok0RVXqkHK/l9u/v1VEuzbowdyhge3iTfYeJEHj0hMOsBrrYJ9u47tGj71+2AAw==
Received: from BN3NAM04FT040.eop-NAM04.prod.protection.outlook.com (10.152.92.60) by BN3NAM04HT254.eop-NAM04.prod.protection.outlook.com (10.152.92.236) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.629.5; Thu, 22 Sep 2016 21:34:05 +0000
Received: from CY1PR15MB0778.namprd15.prod.outlook.com (10.152.92.60) by BN3NAM04FT040.mail.protection.outlook.com (10.152.93.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.629.5 via Frontend Transport; Thu, 22 Sep 2016 21:34:04 +0000
Received: from CY1PR15MB0778.namprd15.prod.outlook.com ([10.169.22.10]) by CY1PR15MB0778.namprd15.prod.outlook.com ([10.169.22.10]) with mapi id 15.01.0629.006; Thu, 22 Sep 2016 21:34:04 +0000
From: Xiaoyin Liu <xiaoyin.l@outlook.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>, Yuhong Bao <YuhongBao_386@hotmail.com>, BITS Security <BITSSecurity@fsroundtable.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: Industry Concerns about TLS 1.3
Thread-Index: AdIU8WqWM9WBapZoQzyfqxiOaK25fQADrwVgAANQF6AAAZ+zuwAAddLAAAC/7gE=
Date: Thu, 22 Sep 2016 21:34:04 +0000
Message-ID: <CY1PR15MB0778F36EDBBD93D58668DCC2FFC90@CY1PR15MB0778.namprd15.prod.outlook.com>
References: <DM5PR11MB1419B782D2BEF0E0A35E420DF4C90@DM5PR11MB1419.namprd11.prod.outlook.com> <CO1PR07MB283F2C414B6478E993675DEC3C90@CO1PR07MB283.namprd07.prod.outlook.com>, <DM5PR11MB141945F673C6CC6B03BAF12EF4C90@DM5PR11MB1419.namprd11.prod.outlook.com> <CO1PR07MB283718031327958C2ABF036C3C90@CO1PR07MB283.namprd07.prod.outlook.com>, <CY1PR0301MB08422E368638582183159D088CC90@CY1PR0301MB0842.namprd03.prod.outlook.com>
In-Reply-To: <CY1PR0301MB08422E368638582183159D088CC90@CY1PR0301MB0842.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=softfail (sender IP is 10.152.92.60) smtp.mailfrom=outlook.com; microsoft.com; dkim=none (message not signed) header.d=none;microsoft.com; dmarc=fail action=none header.from=outlook.com;
received-spf: SoftFail (protection.outlook.com: domain of transitioning outlook.com discourages use of 10.152.92.60 as permitted sender)
x-tmn: [hBXyXTlQCIwgkr8pVAyH+WRiHhkN/ShV]
x-eopattributedmessage: 0
x-microsoft-exchange-diagnostics: 1; BN3NAM04HT254; 6:7DlEbGjcWSYdWzNtGgLNfXdS4Zgy7AIJ7I0/2HaPAkHR1JC2wenvbPrUw0slp/RM5giir7YU9mAkwzdPB/Ia9rjCS9srht+4qA1W/q9S+n2/ME9/n3OTJbMr+GR5Pap78MQ1Ynb0Ug8mv+0OCKSXeeUFBgGSt9/5/GwnF6qX2PxJd/n1U8znTOO3OziQFBt3FZUcfOVRwLzX8CcSZ77N0lUIfa9qqcGzyI7ghPtqTdPGIdqOOz03B6hBO2I7DFJspBUl38fF525icDCSMcVPV1L/5vFfSgqgKgH1dIjyBMg=; 5:8hikptB7uBDzumzxqmX+IpYKBqeYHZLd1Wz8wu7LH3ecMrhw/kbmRpwROARX6w+nczZ6k0KOyCuGSeLjoNrb3aSqstvGeHDlZ8NznvpBlJYC4s4G9CGZ10owawk3AaPSFfenl3h874ANi3KEXEJN5w==; 24:zT8krepxt7mSrepCkF+uEnNqsWq/oG8Y0uBGsvSQC0EXa5wk/z6N0yIEO5mX9Vr/SaUkKcaw3MxN8G+k7wl4k2gy63fyPeBa6FzBAiNH/Zg=; 7:m2EUo51pjYzc3nLCsN8iZy7HlQZ/Zv/v8pSo2MDJjJJVsOLG2EZ02MlVgeIK5Wi/wZyzNqOCxnvgqPwcV8aOsP1AYVTGbXTQWlVzXuIBLDwlopHtYhuTbd1p9lWpk7SDd7p21zp4k2Q19DJVxJfmV3TISK4I4iPhziQCAl+YQxcDKJLyGxbKJycJWFlK9ejr6QnwZIg3orYJfrWjvApjUEt2pjfnGmda1yQWI09XbcQKJtdK4HQZMcYj3+lOUYwplCNkpoHm8BdsyPqHHAO++1EoBEFrAVcB9Uf6Ichi5ZDUnQqN7lcX44Zp1fmzvtz/
x-forefront-antispam-report: EFV:NLI; SFV:NSPM; SFS:(10019020)(98900003); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3NAM04HT254; H:CY1PR15MB0778.namprd15.prod.outlook.com; FPR:; SPF:None; LANG:en;
x-ms-office365-filtering-correlation-id: 965e8740-6eb1-4a7f-a886-08d3e3302d60
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(1601124038)(1603103081)(1601125047); SRVR:BN3NAM04HT254;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(432015012)(82015046); SRVR:BN3NAM04HT254; BCL:0; PCL:0; RULEID:; SRVR:BN3NAM04HT254;
x-forefront-prvs: 0073BFEF03
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY1PR15MB0778F36EDBBD93D58668DCC2FFC90CY1PR15MB0778namp_"
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Sep 2016 21:34:04.7045 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3NAM04HT254
X-OriginalArrivalTime: 22 Sep 2016 21:34:07.0912 (UTC) FILETIME=[0CBB1A80:01D21519]
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Mw-VPhnlYCcSe2S_8iZ0y38XnVI>
Subject: Re: [TLS] Industry Concerns about TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Sep 2016 21:34:11 -0000
I created a feature request on Microsoft Edge UserVoice: https://wpdev.uservoice.com/forums/257854-microsoft-edge-developer/suggestions/16310230-ssl-key-logging-aka-sslkeylogfile Best, Xiaoyin ________________________________ From: TLS <tls-bounces@ietf.org> on behalf of Andrei Popov <Andrei.Popov@microsoft.com> Sent: Thursday, September 22, 2016 5:22 PM To: Yuhong Bao; BITS Security; tls@ietf.org Subject: Re: [TLS] Industry Concerns about TLS 1.3 Hi Andrew, > Unfortunately, Microsoft does not allow this functionality, which is a problem in a TLS 1.3 only environment. The best approach would be for Microsoft customers to make a feature request through their support channel. Cheers, Andrei From: Yuhong Bao [mailto:YuhongBao_386@hotmail.com] Sent: Thursday, September 22, 2016 1:58 PM To: BITS Security <BITSSecurity@fsroundtable.org>; tls@ietf.org; Andrei Popov <Andrei.Popov@microsoft.com> Subject: Re: Industry Concerns about TLS 1.3 Adding Andrei Popov. ________________________________ From: BITS Security <BITSSecurity@fsroundtable.org<mailto:BITSSecurity@fsroundtable.org>> Sent: Thursday, September 22, 2016 1:13:45 PM To: Yuhong Bao; tls@ietf.org<mailto:tls@ietf.org> Subject: RE: Industry Concerns about TLS 1.3 Yuhong-Thank you for the response. Our thinking here is that enterprises who use content delivery networks will have the end-user session hidden from them. The session from the end user to the edge of the content delivery network will be a different session than the one from the enterprise sees. The IP's and ports will be different, the TCP layer activity like retransmissions will be different, and because of caching the application layer will be somewhat different. There will be times when we need packet level data from the End User and TLS decryption of this packet level data for troubleshooting. With TLS 1.2 we can ask the end user to take a Wireshark trace and then decrypt it with the RSA private key. With TLS 1.3 we will have to rely on the SSLKEYLOGFILE feature in Firefox and Chrome, so we want it to be available. Unfortunately, Microsoft does not allow this functionality, which is a problem in a TLS 1.3 only environment. -Andrew From: Yuhong Bao [mailto:YuhongBao_386@hotmail.com] Sent: Thursday, September 22, 2016 2:36 PM To: BITS Security <BITSSecurity@fsroundtable.org<mailto:BITSSecurity@fsroundtable.org>>; tls@ietf.org<mailto:tls@ietf.org> Subject: Re: Industry Concerns about TLS 1.3 This also reminds me of https://bugzilla.mozilla.org/show_bug.cgi?id=1188657 ________________________________________ From: TLS <tls-bounces@ietf.org<mailto:tls-bounces@ietf.org>> on behalf of BITS Security <BITSSecurity@fsroundtable.org<mailto:BITSSecurity@fsroundtable.org>> Sent: Thursday, September 22, 2016 10:19:48 AM To: tls@ietf.org<mailto:tls@ietf.org> Subject: [TLS] Industry Concerns about TLS 1.3 To: IETF TLS 1.3 Working Group Members My name is Andrew Kennedy and I work at BITS, the technology policy division of the Financial Services Roundtable (http://www.fsroundtable.org/bits) My organization represents approximately 100 of the top 150 US-based financial services companies including banks, insurance, consumer finance, and asset management firms. I manage the Technology Cybersecurity Program, a CISO-driven forum to investigate emerging technologies; integrate capabilities into member operations; and advocate member, sector, cross-sector, and private-public collaboration. While I am aware and on the whole supportive of the significant contributions to internet security this important working group has made in the last few years I recently learned of a proposed change that would affect many of my organization's member institutions: the deprecation of RSA key exchange. Deprecation of the RSA key exchange in TLS 1.3 will cause significant problems for financial institutions, almost all of whom are running TLS internally and have significant, security-critical investments in out-of-band TLS decryption. Like many enterprises, financial institutions depend upon the ability to decrypt TLS traffic to implement data loss protection, intrusion detection and prevention, malware detection, packet capture and analysis, and DDoS mitigation. Unlike some other businesses, financial institutions also rely upon TLS traffic decryption to implement fraud monitoring and surveillance of supervised employees. The products which support these capabilities will need to be replaced or substantially redesigned at significant cost and loss of scalability to continue to support the functionality financial institutions and their regulators require. The impact on supervision will be particularly severe. Financial institutions are required by law to store communications of certain employees (including broker/dealers) in a form that ensures that they can be retrieved and read in case an investigation into improper behavior is initiated. The regulations which require retention of supervised employee communications initially focused on physical and electronic mail, but now extend to many other forms of communication including instant message, social media, and collaboration applications. All of these communications channels are protected using TLS. The impact on network diagnostics and troubleshooting will also be serious. TLS decryption of network packet traces is required when troubleshooting difficult problems in order to follow a transaction through multiple layers of infrastructure and isolate the fault domain. The pervasive visibility offered by out-of-band TLS decryption can't be replaced by MITM infrastructure or by endpoint diagnostics. The result of losing this TLS visibility will be unacceptable outage times as support groups resort to guesswork on difficult problems. Although TLS 1.3 has been designed to meet the evolving security needs of the Internet, it is vital to recognize that TLS is also being run extensively inside the firewall by private enterprises, particularly those that are heavily regulated. Furthermore, as more applications move off of the desktop and into web browsers and mobile applications, dependence on TLS is increasing. Eventually, either security vulnerabilities in TLS 1.2, deprecation of TLS 1.2 by major browser vendors, or changes to regulatory standards will force these enterprises - including financial institutions - to upgrade to TLS 1.3. It is vital to financial institutions and to their customers and regulators that these institutions be able to maintain both security and regulatory compliance during and after the transition from TLS 1.2 to TLS 1.3. At the current time viable TLS 1.3-compliant solutions to problems like DLP, NIDS/NIPS, PCAP, DDoS mitigation, malware detection, and monitoring of regulated employee communications appear to be immature or nonexistent. There are serious cost, scalability, and security concerns with all of the currently proposed alternatives to the existing out-of-band TLS decryption architecture: - End point monitoring: This technique does not replace the pervasive network visibility that private enterprises will lose without the RSA key exchange. Ensuring that every endpoint has a monitoring agent installed and functioning at all times is vastly more complex than ensuring that a network traffic inspection appliance is present and functioning. In the case of monitoring of supervised employee communications, moving the monitoring function to the endpoint raises new security concerns focusing on deliberate circumvention - because in the supervision use case the threat vector is the possessor of the endpoint. - Exporting of ephemeral keys: This solution has scalability and security problems on large, busy servers where it is not possible to know ahead of time which session is going to be the important one. - Man-in-the-middle: This solution adds significant latency, key management complexity, and production risk at each of the needed monitoring layers. Until the critical concerns surrounding enterprise security, employee supervision, and network troubleshooting are addressed as effectively as internet MITM and surveillance threats have been, we, on behalf of our members, are asking the TLS 1.3 Working Group to delay Last Call until a workable and scalable solution is identified and vetted, and ultimately adopted into the standard by the TLS 1.3 Working Group. Sincerely, Andrew Kennedy Senior Program Manager, BITS _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls
- [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Yuhong Bao
- Re: [TLS] Industry Concerns about TLS 1.3 Watson Ladd
- Re: [TLS] Industry Concerns about TLS 1.3 Paterson, Kenny
- Re: [TLS] Industry Concerns about TLS 1.3 Kyle Rose
- Re: [TLS] Industry Concerns about TLS 1.3 Salz, Rich
- Re: [TLS] Industry Concerns about TLS 1.3 Dave Garrett
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Yoav Nir
- Re: [TLS] Industry Concerns about TLS 1.3 Yuhong Bao
- Re: [TLS] Industry Concerns about TLS 1.3 Andrei Popov
- Re: [TLS] Industry Concerns about TLS 1.3 Xiaoyin Liu
- Re: [TLS] Industry Concerns about TLS 1.3 Hugo Krawczyk
- Re: [TLS] Industry Concerns about TLS 1.3 Colm MacCárthaigh
- Re: [TLS] Industry Concerns about TLS 1.3 Hugo Krawczyk
- Re: [TLS] Industry Concerns about TLS 1.3 Ryan Carboni
- Re: [TLS] Industry Concerns about TLS 1.3 Colm MacCárthaigh
- Re: [TLS] Industry Concerns about TLS 1.3 Geoffrey Keating
- Re: [TLS] Industry Concerns about TLS 1.3 Eric Rescorla
- Re: [TLS] Industry Concerns about TLS 1.3 Thijs van Dijk
- Re: [TLS] Industry Concerns about TLS 1.3 Stephen Farrell
- [TLS] debugging tools [was: Industry Concerns abo… Nikos Mavrogiannopoulos
- Re: [TLS] debugging tools [was: Industry Concerns… Stephen Farrell
- Re: [TLS] debugging tools [was: Industry Concerns… Hubert Kario
- Re: [TLS] Industry Concerns about TLS 1.3 nalini.elkins
- Re: [TLS] Industry Concerns about TLS 1.3 Ackermann, Michael
- Re: [TLS] Industry Concerns about TLS 1.3 Jeffrey Walton
- Re: [TLS] Industry Concerns about TLS 1.3 Dan Brown
- Re: [TLS] Industry Concerns about TLS 1.3 Ackermann, Michael
- Re: [TLS] Industry Concerns about TLS 1.3 Watson Ladd
- Re: [TLS] Industry Concerns about TLS 1.3 Ackermann, Michael
- Re: [TLS] Industry Concerns about TLS 1.3 nalini.elkins
- Re: [TLS] Industry Concerns about TLS 1.3 Eric Rescorla
- Re: [TLS] Industry Concerns about TLS 1.3 Salz, Rich
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Jeffrey Walton
- Re: [TLS] Industry Concerns about TLS 1.3 Yaron Sheffer
- Re: [TLS] Industry Concerns about TLS 1.3 Tony Arcieri
- Re: [TLS] Industry Concerns about TLS 1.3 Ilari Liusvaara
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Yoav Nir
- Re: [TLS] Industry Concerns about TLS 1.3 Eric Rescorla
- Re: [TLS] Industry Concerns about TLS 1.3 Salz, Rich
- Re: [TLS] Industry Concerns about TLS 1.3 Xiaoyin Liu
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Stephen Farrell
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Watson Ladd
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Jeffrey Walton
- Re: [TLS] Industry Concerns about TLS 1.3 Adam Caudill
- Re: [TLS] Industry Concerns about TLS 1.3 Peter Bowen
- Re: [TLS] Industry Concerns about TLS 1.3 Bill Frantz
- Re: [TLS] Industry Concerns about TLS 1.3 Salz, Rich
- Re: [TLS] Industry Concerns about TLS 1.3 Salz, Rich
- Re: [TLS] Industry Concerns about TLS 1.3 Pawel Jakub Dawidek
- Re: [TLS] Industry Concerns about TLS 1.3 Ackermann, Michael
- Re: [TLS] Industry Concerns about TLS 1.3 Ilari Liusvaara
- Re: [TLS] Industry Concerns about TLS 1.3 Salz, Rich
- Re: [TLS] Industry Concerns about TLS 1.3 Brian Sniffen
- Re: [TLS] Industry Concerns about TLS 1.3 Ackermann, Michael
- Re: [TLS] Industry Concerns about TLS 1.3 Watson Ladd
- Re: [TLS] Industry Concerns about TLS 1.3 Hovav Shacham
- Re: [TLS] Industry Concerns about TLS 1.3 Martin Rex
- Re: [TLS] Industry Concerns about TLS 1.3 Pascal Urien
- Re: [TLS] Industry Concerns about TLS 1.3 Salz, Rich
- Re: [TLS] Industry Concerns about TLS 1.3 Martin Rex
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Xiaoyin Liu
- Re: [TLS] Industry Concerns about TLS 1.3 Andrei Popov
- Re: [TLS] Industry Concerns about TLS 1.3 Geoffrey Keating
- Re: [TLS] Industry Concerns about TLS 1.3 Viktor Dukhovni
- Re: [TLS] Industry Concerns about TLS 1.3 Eric Rescorla
- Re: [TLS] Industry Concerns about TLS 1.3 Viktor Dukhovni
- Re: [TLS] Industry Concerns about TLS 1.3 Judson Wilson
- Re: [TLS] Industry Concerns about TLS 1.3 Peter Gutmann
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Seth David Schoen
- Re: [TLS] Industry Concerns about TLS 1.3 Ilari Liusvaara
- Re: [TLS] Industry Concerns about TLS 1.3 Yoav Nir
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Michał Staruch
- Re: [TLS] Industry Concerns about TLS 1.3 Watson Ladd
- Re: [TLS] Industry Concerns about TLS 1.3 Tony Arcieri
- Re: [TLS] Industry Concerns about TLS 1.3 Ronald del Rosario
- Re: [TLS] Industry Concerns about TLS 1.3 Seth David Schoen
- Re: [TLS] Industry Concerns about TLS 1.3 Stephen Farrell
- Re: [TLS] Industry Concerns about TLS 1.3 Hannes Tschofenig
- Re: [TLS] Industry Concerns about TLS 1.3 Martin Rex
- Re: [TLS] Industry Concerns about TLS 1.3 Joachim Strömbergson
- Re: [TLS] Industry Concerns about TLS 1.3 Martin Rex
- Re: [TLS] Industry Concerns about TLS 1.3 Martin Rex
- Re: [TLS] Industry Concerns about TLS 1.3 Dan Brown
- Re: [TLS] Industry Concerns about TLS 1.3 Jeffrey Walton
- Re: [TLS] Industry Concerns about TLS 1.3 Yoav Nir
- Re: [TLS] Industry Concerns about TLS 1.3 Dan Brown
- Re: [TLS] Industry Concerns about TLS 1.3 Bill Frantz
- Re: [TLS] Industry Concerns about TLS 1.3 Melinda Shore
- Re: [TLS] Industry Concerns about TLS 1.3 Tony Arcieri
- Re: [TLS] Industry Concerns about TLS 1.3 Melinda Shore
- Re: [TLS] Industry Concerns about TLS 1.3 Tony Arcieri
- Re: [TLS] Industry Concerns about TLS 1.3 Bill Frantz
- Re: [TLS] Industry Concerns about TLS 1.3 Ryan Carboni
- Re: [TLS] Industry Concerns about TLS 1.3 Hannes Tschofenig
- Re: [TLS] Industry Concerns about TLS 1.3 Hubert Kario
- Re: [TLS] Industry Concerns about TLS 1.3 Peter Gutmann
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Jeffrey Walton
- Re: [TLS] Industry Concerns about TLS 1.3 Watson Ladd
- Re: [TLS] Industry Concerns about TLS 1.3 Tony Arcieri
- Re: [TLS] debugging tools [was: Industry Concerns… Florian Weimer
- Re: [TLS] Industry Concerns about TLS 1.3 Florian Weimer
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Sean Turner
- Re: [TLS] Industry Concerns about TLS 1.3 Ryan Carboni