Re: [TLS] draft-green-tls-static-dh-in-tls13-01

"Salz, Rich" <rsalz@akamai.com> Sun, 16 July 2017 09:19 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF99712EC57 for <tls@ietfa.amsl.com>; Sun, 16 Jul 2017 02:19:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 76vrix_k4UU9 for <tls@ietfa.amsl.com>; Sun, 16 Jul 2017 02:19:16 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABD43127180 for <tls@ietf.org>; Sun, 16 Jul 2017 02:19:16 -0700 (PDT)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.0.21/8.16.0.21) with SMTP id v6G9Hb1T009148; Sun, 16 Jul 2017 10:19:06 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=jan2016.eng; bh=Igk8RpHVGH4B/T1O+IuNDxAURJUBpnZWiyVnVZ7Sz/Y=; b=OvYEj53B33MWEXjuHXzt0LoCrZxiisf5jjD2tzPNPk3mot+NVJGgC/9SosXyCutWtbbW JqS7CJDLU8PKKucQ9FNF88JpR1wL2FU4Bk28/dT5LZyPzkITUToAMzxF/jQLngEWA+j2 cxGQwnBAS7KibOeHaHbB5hzrgT9RKewOhWNCtWSXyqtkwSxUKmwqem77myVmvF1FjPv4 us/ru5/aFz52XPqBNw0J3uwnobT90cq3smRXH2n3j+yqxbG8s0ioOTdS3yYkjOiX7E7X NPVkpLm/RatEUjQuVZ0oIrPtouWNcpE3inPInIz/h+Dugdl2XP168iyBs8vs5Mx7Vuwl 4g==
Received: from prod-mail-ppoint2 (a184-51-33-19.deploy.static.akamaitechnologies.com [184.51.33.19] (may be forged)) by m0050102.ppops.net-00190b01. with ESMTP id 2bq84d44n2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 16 Jul 2017 10:19:06 +0100
Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.17/8.16.0.17) with SMTP id v6G9G7pl014090; Sun, 16 Jul 2017 05:19:06 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.32]) by prod-mail-ppoint2.akamai.com with ESMTP id 2bqecuhwvd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sun, 16 Jul 2017 05:19:06 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb4.msg.corp.akamai.com (172.27.123.104) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Sun, 16 Jul 2017 05:19:05 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1263.000; Sun, 16 Jul 2017 05:19:05 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Colm MacCárthaigh <colm@allcosts.net>, Ted Lemon <mellon@fugue.com>
CC: Matthew Green <matthewdgreen@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] draft-green-tls-static-dh-in-tls13-01
Thread-Index: AQHS9u8P86lPDndxlUiqCEzu895UtqJKs/sAgAkO1gCAAK3pYIAARzIAgAC+W4D//9gbEIAAga+AgAAdCICAAEOKgIAAN5MA///LkJCAAEZ9AIAAAROAgAACPID//71PwA==
Date: Sun, 16 Jul 2017 09:19:04 +0000
Message-ID: <a5ba6836cab6417c949d536f2a2542bb@usma1ex-dag1mb1.msg.corp.akamai.com>
References: <CAPCANN-xgf3auqy+pFfL6VO5GpEsCCHYkROAwiB1u=8a4yj+Fg@mail.gmail.com> <CAOjisRxxN9QjCqmDpkBOsEhEc7XCpM9Hk9QSSAO65XDPNegy0w@mail.gmail.com> <CABtrr-XbJMYQ+FTQQiSw2gmDVjnpuhgJb3GTWXvLkNewwuJmUg@mail.gmail.com> <8b502340b84f48e99814ae0f16b6b3ef@usma1ex-dag1mb1.msg.corp.akamai.com> <87o9smrzxh.fsf@fifthhorseman.net> <CAAF6GDc7e4k5ze3JpS3oOWeixDnyg8CK30iBCEZj-GWzZFv_zg@mail.gmail.com> <54cdd1077ba3414bbacd6dc1fcad4327@usma1ex-dag1mb1.msg.corp.akamai.com> <CAAF6GDeSv+T1ww5_nr6NPgg9k44j7y04tJWC=KeaJF7Gtt+TVQ@mail.gmail.com> <9bd78bb6-1640-68f6-e501-7377dd92172f@cs.tcd.ie> <CAAF6GDeGKEBnUZZFXX0y0a2J2+sVg8VaHh-4H9bhN0Zzk-x9uA@mail.gmail.com> <6707e55d-63d3-01e2-4e98-5cc0644e29e0@cs.tcd.ie> <35f4c84c6505493d8035c0eaf8bf6047@usma1ex-dag1mb1.msg.corp.akamai.com> <CAAF6GDcq6_ML3yHSQTy-t5irYLS10VVzk_R+7nAUKqQpgcCkrQ@mail.gmail.com> <CAPt1N1m_Zi_2faa8KHcXnic4QjXCEDkwnf=RTbo-Crvh6nMC+g@mail.gmail.com> <CAAF6GDfmoFwQSHEF79AmSDBE6W6FwCu2=n-SU7sHipfsfVTeUg@mail.gmail.com>
In-Reply-To: <CAAF6GDfmoFwQSHEF79AmSDBE6W6FwCu2=n-SU7sHipfsfVTeUg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.152.147]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-07-16_06:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1706020000 definitions=main-1707160153
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-07-16_06:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1706020000 definitions=main-1707160154
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/RF_wpA-6e3hZkXfyPbb3NY-KH8Q>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Jul 2017 09:19:18 -0000

> The main one I'm concerned about is me having to support non-TLS1.3 clients ;-) 1RTT key exchange is worth it alone.

The key point here is Within the enterprise.

The amount of work one development team has to do, compared to the world, doesn't matter.