Re: [TLS] draft-green-tls-static-dh-in-tls13-01

"Dobbins, Roland" <rdobbins@arbor.net> Wed, 19 July 2017 17:43 UTC

Return-Path: <rdobbins@arbor.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC62012EBF4 for <tls@ietfa.amsl.com>; Wed, 19 Jul 2017 10:43:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.911
X-Spam-Level:
X-Spam-Status: No, score=-2.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=thescout.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JArM9tyAOVMe for <tls@ietfa.amsl.com>; Wed, 19 Jul 2017 10:43:43 -0700 (PDT)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0096.outbound.protection.outlook.com [104.47.34.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 036B0129461 for <tls@ietf.org>; Wed, 19 Jul 2017 10:43:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thescout.onmicrosoft.com; s=selector1-arbor-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=HG25VYj0J/CknLgr+aLzDTnMVJu7W7fUy3im/xrKguM=; b=dw+0AWAYO1JUbUEoY7IIJjctDQYBBXpyqyOqmx3de8gXWACY9kEQESFTXfSP8XKqcA1Rcf5dBlQxOEYnRunoLP1/+C1wnUmU/X+I87c2L+fYXJuCi+f4qF77p2BM9gJ0xncebsly+M3lDYslUbumdRhGXKyv1i46Mfnaoat2sLc=
Received: from DM2PR0101MB1039.prod.exchangelabs.com (10.160.129.156) by DM2PR0101MB1038.prod.exchangelabs.com (10.160.129.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1261.13; Wed, 19 Jul 2017 17:43:42 +0000
Received: from DM2PR0101MB1039.prod.exchangelabs.com ([fe80::810f:2255:5d85:2fc7]) by DM2PR0101MB1039.prod.exchangelabs.com ([fe80::810f:2255:5d85:2fc7%17]) with mapi id 15.01.1261.024; Wed, 19 Jul 2017 17:43:41 +0000
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] draft-green-tls-static-dh-in-tls13-01
Thread-Index: AQHS/ulnreU48MdBA0WwDcIvwebnRKJYYxaAgAB6VYCAAmD9gIAAGYsAgAAB3ICAAAJ0AIAABMBagAAGSICAAAgAnw==
Date: Wed, 19 Jul 2017 17:43:41 +0000
Message-ID: <5E90933D-3D9F-4166-808D-7ECE53D264F4@arbor.net>
References: <CAPCANN-xgf3auqy+pFfL6VO5GpEsCCHYkROAwiB1u=8a4yj+Fg@mail.gmail.com> <CAOjisRxxN9QjCqmDpkBOsEhEc7XCpM9Hk9QSSAO65XDPNegy0w@mail.gmail.com> <CABtrr-XbJMYQ+FTQQiSw2gmDVjnpuhgJb3GTWXvLkNewwuJmUg@mail.gmail.com> <72BACCE6-CCB9-4DE9-84E6-0F942E8C7093@gmail.com> <a0a7b2ed-8017-9a54-fec0-6156c31bbbfa@nomountain.net> <6AF150DF-D3C8-4A4A-9D56-617C56539A6E@arbor.net> <CAN2QdAGRTLyucM1-JPmDU17kQgAv0bPZNASh54v=XoCW+qj48A@mail.gmail.com> <CACsn0cnc0X5++cOvTNsboda8J42qg3VDquZ4Va-X-YDcggnbvA@mail.gmail.com> <7423703D-5277-4F78-A2ED-1B7E152E7B08@arbor.net> <CACsn0cmo0HXBj7MidTTwkgE+Hwed9SrEODSzN8oURzQHJTW1aQ@mail.gmail.com> <E5BF12C2-B79A-444B-B4C2-90D28B40CCAC@arbor.net> <CACsn0c=_OT8R6SSr0P3RvT7Qx+smfz1DAKjH9Gni+jM8Ue4v5A@mail.gmail.com> <CAAF6GDc9e9TGWVaOjdb83AFH=z2kt41Rje+r4Ureoc6KVgEUJg@mail.gmail.com> <B08F0D98-FAE9-494C-AA96-4CE89792B770@ll.mit.edu> <CAAF6GDdSnCggfsrSG68An348ngR+fcb+9nQcKvJJGFtxg8NzJw@mail.gmail.com> <FDC8499C-FA96-4992-B1F2-C90F6154856B@arbor.net>, <9A49F3C7-DEC7-4FEA-9017-B48DAC1D1446@ll.mit.edu>
In-Reply-To: <9A49F3C7-DEC7-4FEA-9017-B48DAC1D1446@ll.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ll.mit.edu; dkim=none (message not signed) header.d=none;ll.mit.edu; dmarc=none action=none header.from=arbor.net;
x-originating-ip: [88.208.89.131]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM2PR0101MB1038; 7:iRXgpz7ZvoLdYfxwgU1v3f+4HQRSLt+M0zrlZMfsOhzFr7TMaND1JPSj4QOVjxxCQWU5BFTidBZB3Pr8LePs6pwaHKnvIr+/DTBgL854aYEEBu+f0JrL/TFuOOMu5BF1k7BlPH8x+l0KLjcA7JVzIBGU6zpRPzZBnIfUy89vgS/gk924/mRX8zZ078+RMwHvaAQa8FcRIf/WB0sLii6ReLvZxqUZjbWXADZCSgOopBTP8rAzGb8B92FtJRRl5m4xu1m7/4dnQETgww3o5NnWRp1mfFhVUjGkmBSOpAPfOgz2SwNaYpixAuuxp7fvu4c7mXBBfumEo9NceDiZwe/4sdUzuyfiuMupQWryTV4C05hQlEAAhy6cVi/zltsxEIaMuu9CrNqjhsInFhxskfVn+EP9Vh6Z9cS1gBZCSQz/gzBvxIIx92gY1/m51zfMtF6K7bcWb2BoKVo3Hotkqn5PxPmIVf2I/e3CxI1Bo+4t/6JV/ahkWdvmkd6ax/uAdFqWJZVflUadtZdt+eMluJCDGROdbJV5ymP9gRpdFSQAI4+6T5DV5ivG3nX3TsTiW5C2Q0ZwhNUS/YKmpuwl3Mr1NEb9GTpEmKwF01iCo5XRewe0pC+brVr+Vu5GMvWgiW0wIbTL6pp68h2XbDQT7dF7LmolZFgzCAqYns9nu+9EIxz3ZUAUwn1L+pHfPD0jOvy0FyaY4KWUpMEum2zR8LLrvsAiprcDfE2ZiSDacxRrP4S2r8JzgUXONtBPLFx7h6GioG5u7oMYXko6avce/ErtpMVM14OvcWveXhSKJoq89XE=
x-ms-office365-filtering-correlation-id: de10aaf9-9efc-4653-6213-08d4cecdb22c
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DM2PR0101MB1038;
x-ms-traffictypediagnostic: DM2PR0101MB1038:
x-exchange-antispam-report-test: UriScan:(236129657087228)(192374486261705)(48057245064654);
x-microsoft-antispam-prvs: <DM2PR0101MB1038334DDC1C43091FDD3A84CAA60@DM2PR0101MB1038.prod.exchangelabs.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(2017060910075)(5005006)(8121501046)(3002001)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(6041248)(20161123555025)(20161123562025)(20161123564025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM2PR0101MB1038; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM2PR0101MB1038;
x-forefront-prvs: 0373D94D15
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39410400002)(39840400002)(39450400003)(39400400002)(39850400002)(24454002)(66066001)(99286003)(6436002)(2950100002)(189998001)(82746002)(2906002)(6512007)(83716003)(6916009)(6116002)(3846002)(86362001)(102836003)(6486002)(478600001)(33656002)(2900100001)(14454004)(305945005)(7736002)(6506006)(3660700001)(230783001)(93886004)(6246003)(2171002)(38730400002)(110136004)(4326008)(5660300001)(53936002)(8676002)(53546010)(5250100002)(81166006)(25786009)(54356999)(36756003)(76176999)(50986999)(3280700002)(229853002)(8936002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0101MB1038; H:DM2PR0101MB1039.prod.exchangelabs.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arbor.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jul 2017 17:43:41.6296 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 54f11205-d4aa-4809-bd36-0b542199c5b2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0101MB1038
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/PEphB0cyd6p1OmmeGjRAxgiPDHQ>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jul 2017 17:43:45 -0000


> On Jul 19, 2017, at 19:15, Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu> wrote:
> 
> My point is that if you own/control the endpoint, then it doesn’t matter from the architecture point of view

It absolutely matters from an operational perspective, which both informs and is informed by the architecture. 

And even though your overarching organization owns the endpoint, the 'you' who is responsible for troubleshooting and/or security analysis often does not.  

-----------------------------------
Roland Dobbins <rdobbins@arbor.net>