Re: [TLS] Four concerns (was Re: draft-rhrd-tls-tls13-visibility at IETF101)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 14 March 2018 22:21 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8D6012D77B for <tls@ietfa.amsl.com>; Wed, 14 Mar 2018 15:21:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BrU-D0NY-iei for <tls@ietfa.amsl.com>; Wed, 14 Mar 2018 15:21:19 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32FA81276AF for <tls@ietf.org>; Wed, 14 Mar 2018 15:21:19 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 5D63BBE4D; Wed, 14 Mar 2018 22:21:17 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WZZvlCh71TyT; Wed, 14 Mar 2018 22:21:15 +0000 (GMT)
Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 9658ABDF9; Wed, 14 Mar 2018 22:21:15 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1521066075; bh=7rH0sCUbO1sQtSCcFNhwDhGuoz0qJQt5JDVFA8bHZCY=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=0OuVMoxx1nACccbGmppBNeItjYQd1qc4NnG7VVRuAWMj7weFseoTSk/ZPj9RTTCga ORY+IMlZR9quANeW0pPIAl5esfs950pYaf6jVc1dJnEI0IJ0u1d2vR/2yjfaRNL8q6 aoXJ4jJZ2NgW9fZM0ssrxJ6Zd4VIEIcTvScTJZwg=
To: "Salz, Rich" <rsalz@akamai.com>, Hot Middlebox <hot.middlebox@gmail.com>
Cc: IETF TLS <tls@ietf.org>
References: <CABkgnnUiQsCtQ+u_-yAg90FkLOM96PunqoeyeOP-9AvJhpdtPw@mail.gmail.com> <99D1D595-F5FA-439B-A7EF-882F82EF587E@akamai.com> <CAEPpgVDXQRDDG5UwKxLvoYXBL7NFxtftjd=kFutgKxXd91mWaA@mail.gmail.com> <7B23C71A-22D2-4537-B60F-6F680021A2EE@akamai.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url=
Message-ID: <73564543-02f4-968e-0b2a-13d0885e1b07@cs.tcd.ie>
Date: Wed, 14 Mar 2018 22:21:15 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <7B23C71A-22D2-4537-B60F-6F680021A2EE@akamai.com>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Pc2nL91MeSSyO97ZeFqmnHzlK2H2DDTtV"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/PPszN0TqpLGY2mcC7T8Pp2S5-NU>
Subject: Re: [TLS] Four concerns (was Re: draft-rhrd-tls-tls13-visibility at IETF101)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Mar 2018 22:21:22 -0000

Hi Rich (and Tony Rutkowski == hot_middlebox I assume?)

On 14/03/18 22:17, Salz, Rich wrote:
>   *   The requirements for visibility exist in an array of regulated environments worldwide.  It is one of the presentation areas in the Hot Middlebox Workshop.  http://www.etsi.org/etsi-security-week-2018/middlebox-security?tab=1<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.etsi.org_etsi-2Dsecurity-2Dweek-2D2018_middlebox-2Dsecurity-3Ftab-3D1&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=Yz_0b8nsA9CDyOxIGLCsjdmfsbcx2aanAH-oeuvMpkk&s=NW0inE5_1gzb4brUZGMm47dZyrYtkYXtAXf7Ii6S8kk&e=>
> 
> Do you know if they require packet traces to be decoded, or if one of the nodes can just log the traffic?  Do they require this to be true for traffic over the public Internet or just within an enterprise?
> 
> 

I see no content at that URL. This seems to be another case of
claiming regulations exist but yet again being unable to point
to any such regulation that others can read. (And yes, we did
this before for PCI-DSS so let's not repeat that if there's no
new information offered.)

S.

> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>