Re: [TLS] chairs - please shutdown wiretapping discussion...

"Ackermann, Michael" <MAckermann@bcbsm.com> Mon, 10 July 2017 20:21 UTC

Return-Path: <mackermann@bcbsm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCDD31318A3 for <tls@ietfa.amsl.com>; Mon, 10 Jul 2017 13:21:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.092
X-Spam-Level:
X-Spam-Status: No, score=-4.092 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=bcbsm.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mGH-RXNO5jnN for <tls@ietfa.amsl.com>; Mon, 10 Jul 2017 13:21:01 -0700 (PDT)
Received: from mx.z120.zixworks.com (bcbsm.zixworks.com [199.30.235.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E01112F258 for <tls@ietf.org>; Mon, 10 Jul 2017 13:21:01 -0700 (PDT)
Received: from 127.0.0.1 (ZixVPM [127.0.0.1]) by Outbound.z120.zixworks.com (Proprietary) with SMTP id BB2C11C18FB for <tls@ietf.org>; Mon, 10 Jul 2017 15:21:00 -0500 (CDT)
Received: from imsva2.bcbsm.com (unknown [12.107.172.81]) by mx.z120.zixworks.com (Proprietary) with SMTP id 0AC081C184F; Mon, 10 Jul 2017 15:21:00 -0500 (CDT)
Received: from imsva2.bcbsm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CACF2FE055; Mon, 10 Jul 2017 16:20:59 -0400 (EDT)
Received: from imsva2.bcbsm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 95B29FE048; Mon, 10 Jul 2017 16:20:59 -0400 (EDT)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (unknown [216.32.180.51]) by imsva2.bcbsm.com (Postfix) with ESMTPS; Mon, 10 Jul 2017 16:20:59 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bcbsm.onmicrosoft.com; s=selector1-bcbsm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=mQUItYaYpgnh7QMdy04ZOGdc8gswlJpmzaGbrQn6GFg=; b=5yBEpoVaxa7z1oVJC3O+qoXfq52lvfVoKe5+LIwy/krdzPQjBCUi5dsRR7i5JYKr6WsOxj44DKXACNtHCM+9AV9Ij9Y4Zy7nD4OWPSPUBm0g9nseMqtTKVhBYy4eD9HkxyXfuBaV6QGX45isC46GTr2kUzvSagEeHehKaCBgPys=
Received: from CY4PR14MB1368.namprd14.prod.outlook.com (10.172.158.148) by CY4PR14MB1365.namprd14.prod.outlook.com (10.172.158.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1240.13; Mon, 10 Jul 2017 20:20:58 +0000
Received: from CY4PR14MB1368.namprd14.prod.outlook.com ([10.172.158.148]) by CY4PR14MB1368.namprd14.prod.outlook.com ([10.172.158.148]) with mapi id 15.01.1240.020; Mon, 10 Jul 2017 20:20:58 +0000
From: "Ackermann, Michael" <MAckermann@bcbsm.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "Polk, Tim (Fed)" <william.polk@nist.gov>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] chairs - please shutdown wiretapping discussion...
Thread-Index: AQHS+YQI7m7fVGNOTUGFuL/08f/fM6JNIUiQgABTlgCAAAqIoA==
Date: Mon, 10 Jul 2017 20:20:57 +0000
Message-ID: <CY4PR14MB1368BA01881DD9495FE86DF0D7A90@CY4PR14MB1368.namprd14.prod.outlook.com>
References: <E9640B43-B3AD-48D7-910D-F284030B5466@nist.gov> <CY4PR14MB13688370E0544C9B84BB52A3D7A90@CY4PR14MB1368.namprd14.prod.outlook.com> <9693fc25-6444-e066-94aa-47094700f188@cs.tcd.ie>
In-Reply-To: <9693fc25-6444-e066-94aa-47094700f188@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: cs.tcd.ie; dkim=none (message not signed) header.d=none;cs.tcd.ie; dmarc=none action=none header.from=bcbsm.com;
x-originating-ip: [165.225.39.61]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR14MB1365; 20:k2+XoAX1QhNpm6GsraKdo8rs1d4GRFBxEbZcS/NLri/T0vCsgXgf+Oijds4NW9E8kHLEcjqzv+A8eomVJDbI9ZNmpcr9h8YmT5PWD8gGBRFHT7NfDGSlx2DugFKqeEuebZWGqWhi2uTGW7mM690cFok2ojniQn5EkHiJhrtDguM=
x-ms-office365-filtering-correlation-id: 3a1761b8-06a1-4c1e-7836-08d4c7d12cf5
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:CY4PR14MB1365;
x-ms-traffictypediagnostic: CY4PR14MB1365:
x-microsoft-antispam-prvs: <CY4PR14MB13653A401DF21A810C2877E8D7A90@CY4PR14MB1365.namprd14.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(32856632585715)(158342451672863)(65766998875637)(236129657087228)(86572411397741)(247924648384137);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(2017060910075)(5005006)(8121501046)(3002001)(100000703101)(100105400095)(10201501046)(93006095)(93001095)(6041248)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123564025)(20161123555025)(20161123558100)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR14MB1365; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR14MB1365;
x-forefront-prvs: 03648EFF89
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39840400002)(39410400002)(39450400003)(39400400002)(377454003)(13464003)(24454002)(86362001)(9686003)(99286003)(189998001)(55016002)(72206003)(8656002)(6246003)(8676002)(53936002)(50986999)(478600001)(6436002)(76176999)(66066001)(54356999)(2900100001)(6116002)(6506006)(8936002)(305945005)(102836003)(3846002)(74316002)(33656002)(80792005)(81166006)(77096006)(5660300001)(2501003)(2906002)(3280700002)(7736002)(38730400002)(229853002)(14454004)(3660700001)(2950100002)(7696004)(53546010)(25786009); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR14MB1365; H:CY4PR14MB1368.namprd14.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: bcbsm.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jul 2017 20:20:57.9937 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 6f56d3fa-5682-4261-b169-bc0d615da17c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR14MB1365
X-TM-AS-GCONF: 00
X-VPM-HOST: vmvpm01.z120.zixworks.com
X-VPM-GROUP-ID: 1c99a0c3-2607-4e47-ba65-d32be585f9a8
X-VPM-MSG-ID: c7ad081f-25e0-4a52-b27a-c4e148248454
X-VPM-ENC-REGIME: Plaintext
X-VPM-IS-HYBRID: 0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/PB1ui4tqAFluk18Lvgx3B34TNCs>
Subject: Re: [TLS] chairs - please shutdown wiretapping discussion...
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jul 2017 20:21:05 -0000

Then we read 2804 differently.     When I read 2804,  the contained discourses on what is and is not wiretapping,  clearly says to me,  that what Enterprises do within their networks,  is NOT wiretapping according to 2804 (or to me for that matter).  

We (and many others in this discussion),  have different perspectives.   Perhaps this is a contributing reason the Chairs determined it should continue.     I sincerely hope this will lead to some mutually acceptable dialogue and related solutions.  



-----Original Message-----
From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] 
Sent: Monday, July 10, 2017 3:37 PM
To: Ackermann, Michael <MAckermann@bcbsm.com>;; Polk, Tim (Fed) <william.polk@nist.gov>;; tls@ietf.org
Subject: Re: [TLS] chairs - please shutdown wiretapping discussion...



On 10/07/17 16:30, Ackermann, Michael wrote:
> Given the above scenario,  I do not understand how this can be construed as "Wiretapping".    2804 seems to make this clear.

TLS is much more widely used that you seem to imagine.

Please see the comments to the effect that there is no way to control to location of the wiretap/TLS-decrypter in the protocol.

If that's not obvious, I don't know how to explain it further.

See also text in 2804 wrt tools being used for more than initially envisaged.

And if coercion of a server to comply with a wiretap scheme like this stills fanciful to you, please check out the history of lavabit - had there been a standard wiretap API as envisaged here it's pretty certain that would have been the device of choice in a case like that.
While it's easy enough to envisage many other abuses that could be based on this wiretap scheme, that one is a good match and a real one.

> Such critical colloquy,  with significant long term impact,  should 
> not be prematurely terminated,  IMHO

"Premature" is nonsense, this debate has gone on too long already.

S.




The information contained in this communication is highly confidential and is intended solely for the use of the individual(s) to whom this communication is directed. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. Please notify the sender, by electronic mail or telephone, of any unintended receipt and delete the original message without making any copies.
 
 Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association.