Re: [TLS] draft-green-tls-static-dh-in-tls13-01

"Dobbins, Roland" <rdobbins@arbor.net> Sat, 15 July 2017 18:03 UTC

Return-Path: <rdobbins@arbor.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BE3F128B8D for <tls@ietfa.amsl.com>; Sat, 15 Jul 2017 11:03:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=thescout.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7RUIu_T7Cdo5 for <tls@ietfa.amsl.com>; Sat, 15 Jul 2017 11:03:04 -0700 (PDT)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0136.outbound.protection.outlook.com [104.47.34.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0653A120721 for <tls@ietf.org>; Sat, 15 Jul 2017 11:03:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thescout.onmicrosoft.com; s=selector1-arbor-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=B/ABhs5lHarP5iOpkXlHxkjPQw2BXmOFfY8nRv9BOv4=; b=lGJpu1gJfNCqOkz7x4TZmDGwvBsSchebKNNIdD3jFgNEbzmSpgimAAS6FaIC0HThWQk9dMv18PfZdAQm1DyYWM99uk+0T1qHjFiU6XbToHzOSZ/zB7G5KQ0EvpaOUgvL7VA92KVfISsijbUDrcf16EMCJqeVLxrJWXwM5Eel4IA=
Received: from DM2PR0101MB1039.prod.exchangelabs.com (10.160.129.156) by DM2PR0101MB1039.prod.exchangelabs.com (10.160.129.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1240.13; Sat, 15 Jul 2017 18:03:02 +0000
Received: from DM2PR0101MB1039.prod.exchangelabs.com ([fe80::810f:2255:5d85:2fc7]) by DM2PR0101MB1039.prod.exchangelabs.com ([fe80::810f:2255:5d85:2fc7%17]) with mapi id 15.01.1240.023; Sat, 15 Jul 2017 18:03:02 +0000
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: "Ackermann, Michael" <MAckermann@bcbsm.com>
CC: Ted Lemon <mellon@fugue.com>, IETF TLS <tls@ietf.org>, Matthew Green <matthewdgreen@gmail.com>
Thread-Topic: [TLS] draft-green-tls-static-dh-in-tls13-01
Thread-Index: AQHS/TNOetAoAc0WMUGwvSG+0rIljKJUgY1igAABS4CAAAIPE4AAAzcAgAB9sICAACj9Zw==
Date: Sat, 15 Jul 2017 18:03:01 +0000
Message-ID: <46888EEF-750B-46CF-BA77-1827DD6D3607@arbor.net>
References: <CAPCANN-xgf3auqy+pFfL6VO5GpEsCCHYkROAwiB1u=8a4yj+Fg@mail.gmail.com> <CAL02cgRJeauV9NQ2OrGK1ocQtg-M2tbWm2+5HUc4-Wc8KC3vxQ@mail.gmail.com> <71E07F32-230F-447C-B85B-9B3B4146D386@vigilsec.com> <39bad3e9-2e17-30f6-48a7-a035d449dce7@cs.tcd.ie> <CAJU8_nXBFkpncFDy4QFnd6hFpC7oOZn-F1-EuBC2vk3Y6QKq3A@mail.gmail.com> <f0554055-cdd3-a78c-8ab1-e84f9b624fda@cs.tcd.ie> <A0BEC2E3-8CF5-433D-BA77-E8474A2C922A@vigilsec.com> <87k23arzac.fsf@fifthhorseman.net> <D37DF005-4C6E-4EA8-9D9D-6016A04DF69E@arbor.net> <CAPt1N1nVhCQBnHd_MCm79e7c1gO6CY6vZG_rZSNePPvmmU_Bow@mail.gmail.com> <44AB7CB8-13C1-44A0-9EC4-B6824272A247@arbor.net> <CAPt1N1=rvtssKXCnsNmr1vy4ejb6YDUxO2kDcgh-ZMh5WGjfWg@mail.gmail.com>, <CY4PR14MB136850FD3287DEAD0CD44C78D7A20@CY4PR14MB1368.namprd14.prod.outlook.com>
In-Reply-To: <CY4PR14MB136850FD3287DEAD0CD44C78D7A20@CY4PR14MB1368.namprd14.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: bcbsm.com; dkim=none (message not signed) header.d=none;bcbsm.com; dmarc=none action=none header.from=arbor.net;
x-originating-ip: [27.55.7.59]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM2PR0101MB1039; 7:Fsbe22VT+QjE162Tpy9fsarUnNTvwDikFACe3TcacH2mvPlZo3QM7PCTYiZNOtLK/TgSyFG5tj0SqnffqQbco68AmeBPvc9EwYv2YwK99PHlGXXOlif+BDUj4zzOG6a6ZbwmjXN28XopGIUqJjxIbkxOyEckmix3e95L7uQQL/HRfHF53B5OPs08XMDqQVJ5ByMbOKxSMl4/5cFNXrWowHjtoBzWram3WgIbrMeo4wAD+iGhf7Wd/fQI9fNAPTSQkY6ejlIeLpWTANwhsSDvdbJeLTmeombDWuQQbKPRmKSM6pUa6soQgbJUx1tGt/Ryj7V/HVQQ65NTMaOuVvkpkTVfSKuehjklIkHrpaU0/shNCg3y4YV0IYQJNb1Fq9xWBrLmNumNUwe5ZwFU2L936NKQo3oNeBb4EOVs0jILCEykausl/n8RSLpvxG3LE7ZE/QjkyvMbzs/fXr5/iDhNhEmapFpzAZ3Y9/cYe2vFAraX9RYll4spDBZV4yETzekxR+WsY0wkrQf8lzbxUnjBpqSOZIQvF3qlgXDDx1GmKqF4GVXsO9xwMdEvUwsEpPssNh+6FHAtxBAXZ3tbhNuqY6LFJDshy+kBDnqOu9JOzQT5cXoVj6k7KLkbvDKCVfc9kNAzmvKrMB8wbj9LDSaqjHs1dJZqZ8URo5mifL0Jog4RqXaRUp5SaK9RKCO36rcnPioOkAPoYT8qV5NlSIxPhag8rp4+LubvJEcPKNOvM7qwnn4TtCtUWix/MXYJtMnYFyn7BKJ+/eozCEFzteAuptp/Ycaup0CRqC5qryK3f3Y=
x-ms-office365-filtering-correlation-id: 740820b6-af29-4033-93f0-08d4cbabbc07
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DM2PR0101MB1039;
x-ms-traffictypediagnostic: DM2PR0101MB1039:
x-exchange-antispam-report-test: UriScan:(236129657087228)(86572411397741)(50300203121483);
x-microsoft-antispam-prvs: <DM2PR0101MB103906E6448DFDEDDC308CD6CAA20@DM2PR0101MB1039.prod.exchangelabs.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(2017060910075)(8121501046)(5005006)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(3002001)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123562025)(20161123555025)(20161123558100)(20161123560025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM2PR0101MB1039; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM2PR0101MB1039;
x-forefront-prvs: 0369E8196C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(39400400002)(39450400003)(39410400002)(39840400002)(24454002)(236005)(229853002)(6512007)(6486002)(3660700001)(76176999)(54356999)(50986999)(478600001)(33656002)(6506006)(7736002)(54906002)(54896002)(99286003)(5250100002)(2906002)(86362001)(82746002)(53936002)(5660300001)(3280700002)(83716003)(230783001)(110136004)(6246003)(38730400002)(39060400002)(6436002)(53546010)(6116002)(102836003)(3846002)(189998001)(8676002)(6916009)(2950100002)(8936002)(81166006)(14454004)(93886004)(66066001)(4326008)(25786009)(36756003)(2900100001)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0101MB1039; H:DM2PR0101MB1039.prod.exchangelabs.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_46888EEF750B46CFBA771827DD6D3607arbornet_"
MIME-Version: 1.0
X-OriginatorOrg: arbor.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jul 2017 18:03:01.5385 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 54f11205-d4aa-4809-bd36-0b542199c5b2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0101MB1039
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/_UXclP4t4DyESgbzWsePQiDOXew>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Jul 2017 18:03:06 -0000


On Jul 15, 2017, at 22:36, Ackermann, Michael <MAckermann@bcbsm.com<mailto:MAckermann@bcbsm.com>> wrote:

That being the unencrypted stream is available to the endpoints

Even where it is eventually available, they don't have the horsepower to capture & forward.

-----------------------------------
Roland Dobbins <rdobbins@arbor.net<mailto:rdobbins@arbor.net>>