Re: [TLS] draft-green-tls-static-dh-in-tls13-01

"Dobbins, Roland" <rdobbins@arbor.net> Sat, 15 July 2017 10:00 UTC

Return-Path: <rdobbins@arbor.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5316129B43 for <tls@ietfa.amsl.com>; Sat, 15 Jul 2017 03:00:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=thescout.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JNXF2tHF815Z for <tls@ietfa.amsl.com>; Sat, 15 Jul 2017 03:00:39 -0700 (PDT)
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-bn3nam01on0111.outbound.protection.outlook.com [104.47.33.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAFD7129B2C for <tls@ietf.org>; Sat, 15 Jul 2017 03:00:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thescout.onmicrosoft.com; s=selector1-arbor-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=9jLgqx+WbtOWSmtwAdFHD78Z2yU72KpSL1rUfNg93Vc=; b=azI0CNLIjOesYyxtZMCsSR1zsk/Nx7AHJ7O3id1MWGpqz5k+l9AThgIQGOTNdsS8rlp39HrC0Ul065ol6WIQGB39VId5hgF/VTs9pXaqOsuKk/1UuyN+yAr/EdkXbXirHf+Heg5WXxKxOW1Iue6e2OFnrMeSZ0HrhkODLGh5TtY=
Received: from DM2PR0101MB1039.prod.exchangelabs.com (10.160.129.156) by DM2PR0101MB1037.prod.exchangelabs.com (10.160.129.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1240.13; Sat, 15 Jul 2017 10:00:36 +0000
Received: from DM2PR0101MB1039.prod.exchangelabs.com ([fe80::810f:2255:5d85:2fc7]) by DM2PR0101MB1039.prod.exchangelabs.com ([fe80::810f:2255:5d85:2fc7%17]) with mapi id 15.01.1240.022; Sat, 15 Jul 2017 10:00:36 +0000
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: Ted Lemon <mellon@fugue.com>
CC: IETF TLS <tls@ietf.org>
Thread-Topic: [TLS] draft-green-tls-static-dh-in-tls13-01
Thread-Index: AQHS/TNOetAoAc0WMUGwvSG+0rIljKJUgY1igAABS4CAAAIPE4AAAzcAgAAElA2AAAdCAIAABIWagAAG9ICAAAiVJw==
Date: Sat, 15 Jul 2017 10:00:36 +0000
Message-ID: <AE933897-4B91-4F27-AFEE-5FE635EF4225@arbor.net>
References: <CAPCANN-xgf3auqy+pFfL6VO5GpEsCCHYkROAwiB1u=8a4yj+Fg@mail.gmail.com> <CAL02cgRJeauV9NQ2OrGK1ocQtg-M2tbWm2+5HUc4-Wc8KC3vxQ@mail.gmail.com> <71E07F32-230F-447C-B85B-9B3B4146D386@vigilsec.com> <39bad3e9-2e17-30f6-48a7-a035d449dce7@cs.tcd.ie> <CAJU8_nXBFkpncFDy4QFnd6hFpC7oOZn-F1-EuBC2vk3Y6QKq3A@mail.gmail.com> <f0554055-cdd3-a78c-8ab1-e84f9b624fda@cs.tcd.ie> <A0BEC2E3-8CF5-433D-BA77-E8474A2C922A@vigilsec.com> <87k23arzac.fsf@fifthhorseman.net> <D37DF005-4C6E-4EA8-9D9D-6016A04DF69E@arbor.net> <CAPt1N1nVhCQBnHd_MCm79e7c1gO6CY6vZG_rZSNePPvmmU_Bow@mail.gmail.com> <44AB7CB8-13C1-44A0-9EC4-B6824272A247@arbor.net> <CAPt1N1=rvtssKXCnsNmr1vy4ejb6YDUxO2kDcgh-ZMh5WGjfWg@mail.gmail.com> <D43C7836-9F72-4D3C-A8FA-E536FCBEEB6A@arbor.net> <CAPt1N1m6QNmpHY4Zkm3eJSKjBpTs_xaAy6vv6pZi0ySYej_4Sg@mail.gmail.com> <CF285C9C-9822-4B5F-98FC-C5B2701619D4@arbor.net>, <CAPt1N1=N5OH7QvYd_L=uDn0S7K9dHZQOaaKmOvPrc-NSSG+Cag@mail.gmail.com>
In-Reply-To: <CAPt1N1=N5OH7QvYd_L=uDn0S7K9dHZQOaaKmOvPrc-NSSG+Cag@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: fugue.com; dkim=none (message not signed) header.d=none;fugue.com; dmarc=none action=none header.from=arbor.net;
x-originating-ip: [2405:9800:b408:a9c1:213f:172e:972e:6441]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM2PR0101MB1037; 7:d9Ie36SmQRMHZ1oF7IDniXO6yx+VYwhAcr1hGPvEcH3lUPiLryRoXbfxeQ3+QwfFD9iiX9HkYA/3Bhpyuy0r2UW0Kh5DjC9TfvaPHdmsemirFV6hJ1IARw5osIA2P271zxSyUsO3aFqlDcgzFak2tqeX98/8IeG+dbzBNpDQOQY1g4JmvIt8Ar6sZ71nrACzlfJcY7eLkVYImJOZP9LAC0wYAZkPda73cIB7HAhSQI8WltRxkt8H191DuLATutYS1tNw923IJ++3zPWskeQxPRaodtSwAi+qDixYDDDJ/eDzZpclI0h7kI4xxQJh1uWoEjpOqfsT1Z8DOfq8XP/xWpntJmhNgZdL7MEUPqPv/IzZTnQOKxI0VXdKUZoEMUtXTLKb6S7DluTVY+Ft10KlhyAlhuuXFr9XPH7PSgAzMa7eSDoW8eZ3uJeK2eAc5kxP+XEOPIvGUJl0DAAQh35Spruk4ZlwmvtPd4LI4AMyuqlJ5LIStHqDMU0DFb9iIrmsnQg7kQx7lZZgHPnzkwJ3BzuppA0+4uhUB6rKjpmmg7mC69i3IT2ircmQgWQhjAMzF/EfIlzLOfvMGygAiFGT4KP/vbXEvDlf9WCrI5z/htajEtl/KbbivHVY1WVRZXVnp8wXC+wevtEZMe2vPVRCIv6mviiWUM/9Iq6nBxtt419GQ6jtU8aiZrbcihqq2nth5Vt4ZCg8PxXHRrVsg6eKfIVLuClRjvvifhXlzyZQeLWxdKcOjaBlAe4PVzcIDJrRFyHklT98zi83JfksyLuOsw+B0LZZRwWr79VIfXZ44kU=
x-ms-office365-filtering-correlation-id: 9d9a424a-ead1-43d4-10d6-08d4cb68572e
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DM2PR0101MB1037;
x-ms-traffictypediagnostic: DM2PR0101MB1037:
x-exchange-antispam-report-test: UriScan:(236129657087228)(48057245064654)(100405760836317)(247924648384137);
x-microsoft-antispam-prvs: <DM2PR0101MB1037403F5BEF17A8E5C51C72CAA20@DM2PR0101MB1037.prod.exchangelabs.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(2017060910075)(5005006)(8121501046)(3002001)(100000703101)(100105400095)(10201501046)(93006095)(93001095)(6041248)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123555025)(20161123562025)(20161123558100)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM2PR0101MB1037; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM2PR0101MB1037;
x-forefront-prvs: 0369E8196C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39450400003)(39400400002)(39410400002)(24454002)(50986999)(76176999)(53936002)(5660300001)(2906002)(54356999)(93886004)(3660700001)(6512007)(230783001)(99286003)(4326008)(2950100002)(6506006)(305945005)(8936002)(14454004)(36756003)(229853002)(83716003)(33656002)(6916009)(3280700002)(5250100002)(82746002)(6486002)(53546010)(7736002)(25786009)(86362001)(478600001)(102836003)(6116002)(81166006)(8676002)(189998001)(110136004)(6436002)(38730400002)(6246003)(2900100001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0101MB1037; H:DM2PR0101MB1039.prod.exchangelabs.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: arbor.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jul 2017 10:00:36.4037 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 54f11205-d4aa-4809-bd36-0b542199c5b2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0101MB1037
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/WTlvvC6YexiIqsUDM-Rw1vFFz3g>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Jul 2017 10:00:41 -0000


> On Jul 15, 2017, at 16:30, Ted Lemon <mellon@fugue.com> wrote:
> 
> Roland, the reason that I made that particular comment was to try to show you that the position you have taken here is untenable.

It is not untenable. It is operational really. 

>   There is no such textbook.

As you now, that was a euphemism for 'a moderate degree of operational experience on networks of at least moderate complexity and scope'.  One comes by this knowledge by doing the work. 

To deny the reality of the situation as described is equivalent to denying that the sun rises in the East. You can deny it all you want, but it doesn't change the objective facts of the situation. 

>   There is no consensus that what you have said is true.

There is amongst those with actual operational experience. 

>   I understand that you believe it is true,

I *know* it to be true.  It is objective, verifiable fact. 

> and I'm sure it's frustrating that not everybody believes it.

It's not frustrating. It's just indicative that the level of operational experience of many of those engaged on this topic is minimal. 

For myself, I would not presume to interpose myself in a discussion of topics of which I've little understanding, nor would I dismiss the arguments of specialists in the relevant fields without first having educated myself to attain a reasonable degree of understanding of those arguments. 

>   But if you want everybody to believe it, you have to make your case, and not just hand-wave when I ask you for specifics.

It has already been explained in detail. Beyond what I've already explained here, relevant  information is readily available both in the context of meetings of this WG and elsewhere on the Internet. 

Anyone who has genuine interest in understanding these topics has plenty of information available to be perused.  And it is obvious that if there weren't significant issues at stake, then they wouldn't have been raised in the first place.   

-----------------------------------
Roland Dobbins <rdobbins@arbor.net>