Re: [TLS] datacenter TLS decryption as a three-party protocol

Sean Turner <sean@sn3rd.com> Mon, 24 July 2017 15:04 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03C95131DFF for <tls@ietfa.amsl.com>; Mon, 24 Jul 2017 08:04:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q8AxcS5eTvaj for <tls@ietfa.amsl.com>; Mon, 24 Jul 2017 08:04:20 -0700 (PDT)
Received: from mail-it0-x233.google.com (mail-it0-x233.google.com [IPv6:2607:f8b0:4001:c0b::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 421B1131DAA for <tls@ietf.org>; Mon, 24 Jul 2017 08:04:20 -0700 (PDT)
Received: by mail-it0-x233.google.com with SMTP id v205so18894034itf.1 for <tls@ietf.org>; Mon, 24 Jul 2017 08:04:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=BrbhOtQKUvE/TCk/xeyBslvNJU5imytT9LUDqQmHBwI=; b=Vj4lqO8WCSKaNNA+t0zH7VIP5cSxzARk15iPiKpCzfXYgSQovUMOj8dBUoe/dXimGg XAvskT6UvSVtUIgwq7E7nFb/YQxBqHso4jFq60j/Aa/X4SJtuQ37q8F1Ma2VUSoNHJQ9 2Cv6GTBvY37/jW3X4pYEFawmsMFQM67cg9kK8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=BrbhOtQKUvE/TCk/xeyBslvNJU5imytT9LUDqQmHBwI=; b=cyrYnCtv6iOYkNayLqTWM4hTZTRHmndqKSK64hZwy1YIUv9x/fho9rhkkbrnsOHbd2 XQ1jSBkP1CIJ4ErmBPwOkUzWNbvMfhsZfDPl6KNDbmTdiG2fbftMg7UHnYnY3hDEKO8J D93BHp4fUXkGv7rLXUgF7xzcuCbxW7NlqmAlqJ5uZMrRjkrS6pWCxSydOYc5CpmpXY8H /IJxyIZ3tKCGnhaR3//FIVEHAy+9TV51xhvNbdRKQWgbeyaQbpW1TuxF/x7cvJqcOA6B +63oEW8QA/S7Se2nB1fYTFB88m3Y4pZolGXwsRoNvNDBVX0Gzd2fcwTHCZOHEve/BZYm L1+A==
X-Gm-Message-State: AIVw110xYGFpdUfnfKM289OI9zZczWxGn4kpD6Lj+xp6eA/YXsGTwf// LODYx+C78O5D3d3MUoUbNQ==
X-Received: by 10.36.131.199 with SMTP id d190mr6947023ite.75.1500908659522; Mon, 24 Jul 2017 08:04:19 -0700 (PDT)
Received: from [5.5.33.95] (vpn.snozzages.com. [204.42.252.17]) by smtp.gmail.com with ESMTPSA id f19sm4008480itf.27.2017.07.24.08.04.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 24 Jul 2017 08:04:18 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <855f7890734c4bdb9d65ce961712a6e0@venafi.com>
Date: Mon, 24 Jul 2017 17:04:14 +0200
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <117AB406-6D6A-4F34-B201-72D2B7C92CE2@sn3rd.com>
References: <CAAF6GDeFuRy0DN6w3FwmR_nh1G=YBi4+qiEcw0MfSRj4SUCbZQ@mail.gmail.com> <20170720200114.AA2F91A6CB@ld9781.wdf.sap.corp> <06AE85BC-87AD-4CA5-8408-44F670358701@ll.mit.edu> <20170720203238.e66zurx5yn2jja3a@LK-Perkele-VII> <17109486-336E-44C0-B9FC-D65EE14310B5@ll.mit.edu> <20170723070240.x7kmynzmu4jqco5t@LK-Perkele-VII> <C0772D29-CB26-418F-981B-BC2E2435E655@ll.mit.edu> <35FD3356-8300-405A-B8D8-FC2574DB9A56@fugue.com> <EC5396F6-98D2-4A04-94E5-1618BC8A2C5D@genesys.com> <636eb20e-f4e4-0fac-b5da-c12ccc1d6c6b@cs.tcd.ie> <855f7890734c4bdb9d65ce961712a6e0@venafi.com>
To: Paul Turner <PAUL.TURNER@venafi.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/YpOp7P68Q1SJNArWovScMTvAmzA>
Subject: Re: [TLS] datacenter TLS decryption as a three-party protocol
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jul 2017 15:04:22 -0000

> On Jul 24, 2017, at 16:27, Paul Turner <PAUL.TURNER@venafi.com> wrote:
> 
>  
> It's fascinating that people cannot seem to stop picking at the scab remaining after draft-green. I really think we'd be wiser to just let the wound heal. (And get on with the work that this WG has been chartered to do, which does not include
> wiretapping.)
>  
> Sorry to ask for this so late in the conversation but can you point me to the definition of the term “wiretapping” you’re using?

Paul,

Check out https://datatracker.ietf.org/doc/rfc2804/

spt