Re: [TLS] draft-green-tls-static-dh-in-tls13-01

"Salz, Rich" <rsalz@akamai.com> Sat, 08 July 2017 22:21 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F7C812EB01 for <tls@ietfa.amsl.com>; Sat, 8 Jul 2017 15:21:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 53gIOdAd56UX for <tls@ietfa.amsl.com>; Sat, 8 Jul 2017 15:21:17 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11E0312EB8E for <tls@ietf.org>; Sat, 8 Jul 2017 15:21:16 -0700 (PDT)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.0.21/8.16.0.21) with SMTP id v68MHLnJ012891; Sat, 8 Jul 2017 23:21:13 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=jan2016.eng; bh=y2JkOpQ+bIG8phVreELSpKUgxcBEdDcGruZbZ0EcfJA=; b=Xr9mFC5NX6c4WnaZdZU4UDsqs9Vkse/qA6rUviQjCvf2/81+/o0wdH0nLjYtyaE1yDqi ZSuf2jK/ooWcJEqlDL+tFJ/51koxnGU9/1qxEomEqHXTIymPvQinwMioh3klExUb1uqv i3WbTQ9M9Cn0hKzNqUhG6q+gKNrQ+hI/IQZuuoqtP5dpI5iy+5D0K8Gn1kvTy3NJx/I+ /ZpfZdyXWogPiS5pHO1rl1bGu2R9EDReCdZLFHFSrvhLzLBkyQJc8q8CYfB1RWJjNplv kaWx8RFqIsSR/2MpgoIm/zkD+VbgiQsAXINhD0SIv64Qx7a/GBbUHDXSfPZ6/Rivu2hO OA==
Received: from prod-mail-ppoint2 (a184-51-33-19.deploy.static.akamaitechnologies.com [184.51.33.19] (may be forged)) by m0050102.ppops.net-00190b01. with ESMTP id 2bju4bt064-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 08 Jul 2017 23:21:13 +0100
Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.17/8.16.0.17) with SMTP id v68MKlgW019485; Sat, 8 Jul 2017 18:21:12 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.34]) by prod-mail-ppoint2.akamai.com with ESMTP id 2bjtqu138r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sat, 08 Jul 2017 18:21:12 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb1.msg.corp.akamai.com (172.27.123.101) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Sat, 8 Jul 2017 18:21:11 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1263.000; Sat, 8 Jul 2017 18:21:11 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Nick Sullivan <nicholas.sullivan@gmail.com>, Matthew Green <matthewdgreen@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] draft-green-tls-static-dh-in-tls13-01
Thread-Index: AQHS9u8P86lPDndxlUiqCEzu895UtqJKs/sA///O2BA=
Date: Sat, 08 Jul 2017 22:21:10 +0000
Message-ID: <d07c8729338a4370acbc0befabc95f98@usma1ex-dag1mb1.msg.corp.akamai.com>
References: <CAPCANN-xgf3auqy+pFfL6VO5GpEsCCHYkROAwiB1u=8a4yj+Fg@mail.gmail.com> <CAOjisRxxN9QjCqmDpkBOsEhEc7XCpM9Hk9QSSAO65XDPNegy0w@mail.gmail.com>
In-Reply-To: <CAOjisRxxN9QjCqmDpkBOsEhEc7XCpM9Hk9QSSAO65XDPNegy0w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.46.239]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-07-08_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1707080400
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-07-08_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1707080399
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/WweNMXXvI5_flgF5GUhL33jLH4Y>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Jul 2017 22:21:19 -0000

> 1) Both server and client must explicitly opt-in

Why can't it be implicit such as when you click-through on the website's terms of service?

> 2) A third party should be able to tell whether or not this feature is enabled by observing the stream

Why?  Because we want to watch who's doing it?  Do we watch who is leaking plaintext?