Re: [TLS] chairs - please shutdown wiretapping discussion...

"Polk, Tim (Fed)" <william.polk@nist.gov> Mon, 10 July 2017 13:54 UTC

Return-Path: <william.polk@nist.gov>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABE47130A94 for <tls@ietfa.amsl.com>; Mon, 10 Jul 2017 06:54:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1mAX80wuAtSf for <tls@ietfa.amsl.com>; Mon, 10 Jul 2017 06:54:28 -0700 (PDT)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0099.outbound.protection.outlook.com [23.103.201.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5006131790 for <tls@ietf.org>; Mon, 10 Jul 2017 06:54:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=MTzSPOGjmtiFnqx2NQQW6vocqQ57DYHy0HhshBq0DY0=; b=G1JMdVeeEaujvDvX/p9HxReDED0eaLOOBrezxLggdoGHc9SYUHHwIORS5BP/hsPF2irFnmiNWTlLay/qMqP7lh34RkJYZ0MFqVl+wjmugVpzlDlNUcX9zDDXgV8hSiy8bahAFmeGzStOa0SfJum1Q+nXqE6/8Al7r5qzkF86coM=
Received: from DM2PR09MB0778.namprd09.prod.outlook.com (10.161.145.150) by DM2PR09MB0780.namprd09.prod.outlook.com (10.161.145.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1240.13; Mon, 10 Jul 2017 13:54:22 +0000
Received: from DM2PR09MB0778.namprd09.prod.outlook.com ([fe80::29fb:f7d4:8b2f:ea68]) by DM2PR09MB0778.namprd09.prod.outlook.com ([fe80::29fb:f7d4:8b2f:ea68%18]) with mapi id 15.01.1240.020; Mon, 10 Jul 2017 13:54:22 +0000
From: "Polk, Tim (Fed)" <william.polk@nist.gov>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] chairs - please shutdown wiretapping discussion...
Thread-Index: AQHS+YQIkhmcFWt6zaIizuL4wYEuLg==
Date: Mon, 10 Jul 2017 13:54:22 +0000
Message-ID: <E9640B43-B3AD-48D7-910D-F284030B5466@nist.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.23.0.170610
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.226.182]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM2PR09MB0780; 7:cqU4PXy9bQfVRvK5gCYO3NhIUl2eoN/EcDSjqPUWZ8vX2KeNfzd5eb56YikU95fMAoXlKqqK2kQNU1aPcLoXD7JWr3hP49oTEb+cxhElqRutWUbHKrIGYs3/KbZmtrZJeKzMPJYvHwiV0kEiBTfMTyak5Vfsf1RulbIcfXrTWAVDPsfkuzIBAftggc255W6vUsQHT+K1vkVmSuLgjqYgbRMXTqsX1L4MUqaLKRjQN4osAv9QmtS/czzAxMBUFg+oFGyJyYSY0tXFs9JF5Uk790+MYMueAxKVWvpCZWoVEBmn08ZRuOuGMjWfJv3W9oUB8OQ4/KxLX9l4NtoGwCQedyuJAIJABKNcVpqZwkysMfpMoQte9YLujIbmZxXgNdcpEHBrXwsLcIih99TWcR3A4jBpi559z0HFbtzKOsseUpdENVQNLfIVZwJd45DgnUtyrV76MCGJOoXlFjXHIqvxdNelinME8NeW/tfxhyWX+/WqOm5g3KyRgyTPu2HYvZdw0lfUo0w2KEw+vEu1J4yqAoJbE5A3b3BuEGwGRn9eDXLor6TFnlS6zsobhayoweuv0Ov0Rqvwp7YaEagU4P/1ed23v6LHhz8MSkH8Ipqq3MFC3dzxyOm3HOec520rZ5HphEIiKoZB8MTCgRmYK764Mb+GMva6uYbeLEuuvmsh7X6mXbZGiVdNeuxoF4pEp3xEpvBQqK4Xd7ICYw4cZ7cfQ7iuZi9eP67oPTO+20UPM4oG9FCfaz5RcIdTfSUS0PZRWQuTCM2L+nKtm4c9+2VADKHlM2O05JRZJMxAXWbGJbs=
x-ms-office365-filtering-correlation-id: 5d283f88-3e94-4fab-bbe1-08d4c79b2b5a
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(48565401081)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DM2PR09MB0780;
x-ms-traffictypediagnostic: DM2PR09MB0780:
x-microsoft-antispam-prvs: <DM2PR09MB0780D49C9CDCBCA454F5B41BE7A90@DM2PR09MB0780.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(151999592597050)(278178393323532)(26388249023172)(236129657087228)(192374486261705)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(2017060910075)(8121501046)(5005006)(10201501046)(3002001)(100000703101)(100105400095)(93006095)(93001095)(6055026)(6041248)(20161123558100)(20161123560025)(20161123564025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM2PR09MB0780; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM2PR09MB0780;
x-forefront-prvs: 03648EFF89
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39850400002)(39400400002)(39450400003)(39840400002)(39410400002)(6246003)(14454004)(2900100001)(5640700003)(53936002)(99286003)(2501003)(38730400002)(3660700001)(2906002)(54896002)(5250100002)(6916009)(3280700002)(110136004)(6512007)(6306002)(2351001)(6436002)(66066001)(36756003)(4001350100001)(478600001)(33656002)(6486002)(102836003)(25786009)(3846002)(50986999)(5660300001)(6116002)(229853002)(189998001)(561944003)(83506001)(8676002)(6506006)(83716003)(82746002)(1730700003)(81166006)(8936002)(54356999)(86362001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR09MB0780; H:DM2PR09MB0778.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_E9640B43B3AD48D7910DF284030B5466nistgov_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jul 2017 13:54:22.5588 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR09MB0780
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Sydj2J9BXQ7W-e2ulDoFrjGQ52A>
Subject: Re: [TLS] chairs - please shutdown wiretapping discussion...
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jul 2017 13:54:31 -0000

First, I do not see this as a “wiretapping discussion” based on my reading of 2804, although others may disagree.

Second, I believe that this discussion should go forward based on several points:

  1.  this proposal does not involve any changes to the bits on the wire specified in the TLS 1.3 document
  2.  this proposal offers significantly better security properties than current practice (central distribution of static RSA keys)
  3.  alternative solutions with significantly worse security properties are also feasible under TLS 1.3, and I would like to avoid them!

We should be in the business of developing pragmatic, interoperable solutions with appropriate security properties.  Balancing cryptographic security with other security requirements to achieve such solutions should be an acceptable path, and pursuing this work in the TLS working group gives the IETF the best opportunity to influence these solutions.