Re: [TLS] draft-green-tls-static-dh-in-tls13-01

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Sat, 15 July 2017 16:23 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D03312ECC6 for <tls@ietfa.amsl.com>; Sat, 15 Jul 2017 09:23:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ruWptZxE1pFB for <tls@ietfa.amsl.com>; Sat, 15 Jul 2017 09:23:03 -0700 (PDT)
Received: from mail-pf0-x231.google.com (mail-pf0-x231.google.com [IPv6:2607:f8b0:400e:c00::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79EB7128CFF for <tls@ietf.org>; Sat, 15 Jul 2017 09:23:03 -0700 (PDT)
Received: by mail-pf0-x231.google.com with SMTP id c73so58697140pfk.2 for <tls@ietf.org>; Sat, 15 Jul 2017 09:23:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=jqAa8SGi01qhci/3973RO/J+c2+fe8vuTfKTaLndJ+0=; b=Wcxw7n+/OpH1Zr4gtO7AohsL5iIWzxcakqIUVqsjeOp6Z7kMySHVjJ/cZ+0wYg3Kgp VrbG8BADvtxJxXL9Qc8K66bGQX3RG6EHfC4+4tpbKHK4ioUog23ImajeMAbQecG1pSjo YOIlTaXgJW7jVk2oflbJYTKwiHEvD+Q2afD02Il9IryHQLAqPjgfcWooRDjPvBG5CU4g /DYz5UqmvvScTn5GeRiR+Zn3Ejmubev4XTHidzNp+dZ2CknSp9gFoiesBeU4xWG3307Q krO5xj7yF+uAS02mr8/R5vAzJJ11cRv9BYoVU8Yj2uutMPbKnS0tq/vSahnStafLmMmZ MI7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=jqAa8SGi01qhci/3973RO/J+c2+fe8vuTfKTaLndJ+0=; b=WxkrKksh/0NT2sw9LBUn4g6881Cp9bvjXNjIfM7wER12zIbWQ2q8g2YN+YtTDX2LGR B8INxMZUy8vbfH76hPLDnYddNbGTVSUsErDqOI2z10mFpk8UbFCNwAmtcqbzc/I99kVK 2Cxc77QW+tBddm7Q3tGVfmR+iWumfTYy7GTg7Dbcs+Z7tDWLlhCQsu3VMF6ALWSOD0Il yCP5Nff55szH1Zq4ptBzAt9iOYbY65raOLNT7tZ/ppIz1z1YlWDEjrQhPPbRCg70Xf2o e8E+TqKAmOHygTyJKku/zbrpx1IOLtOrIrhAplW7VUXrFjpqhsMieegRSlEleryJ64OJ TmHQ==
X-Gm-Message-State: AIVw1112CD011Q5gurw9mKOdSQbIWZK7E1j76Aj7CoTbUUYUaLVnysov NBzunVICDNUtIZGxqEQ9TLkJrdWtCg==
X-Received: by 10.98.201.75 with SMTP id k72mr10641538pfg.99.1500135783158; Sat, 15 Jul 2017 09:23:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.180.193 with HTTP; Sat, 15 Jul 2017 09:22:22 -0700 (PDT)
In-Reply-To: <14403761-47B4-4F6C-BF89-2553D180E776@arbor.net>
References: <CAPCANN-xgf3auqy+pFfL6VO5GpEsCCHYkROAwiB1u=8a4yj+Fg@mail.gmail.com> <CAL02cgRJeauV9NQ2OrGK1ocQtg-M2tbWm2+5HUc4-Wc8KC3vxQ@mail.gmail.com> <71E07F32-230F-447C-B85B-9B3B4146D386@vigilsec.com> <39bad3e9-2e17-30f6-48a7-a035d449dce7@cs.tcd.ie> <CAJU8_nXBFkpncFDy4QFnd6hFpC7oOZn-F1-EuBC2vk3Y6QKq3A@mail.gmail.com> <f0554055-cdd3-a78c-8ab1-e84f9b624fda@cs.tcd.ie> <A0BEC2E3-8CF5-433D-BA77-E8474A2C922A@vigilsec.com> <87k23arzac.fsf@fifthhorseman.net> <D37DF005-4C6E-4EA8-9D9D-6016A04DF69E@arbor.net> <871spirljc.fsf@fifthhorseman.net> <14403761-47B4-4F6C-BF89-2553D180E776@arbor.net>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Sat, 15 Jul 2017 12:22:22 -0400
Message-ID: <CAHbuEH6B5JFs_NcfppzDa+NfV2NSj9w0WLRL+4HU2SwA1=aLYw@mail.gmail.com>
To: Roland Dobbins <rdobbins@arbor.net>
Cc: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Matthew Green <matthewdgreen@gmail.com>, IETF TLS <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/__07Dp_OuzcxOmbAJ2S-sUF6zBE>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Jul 2017 16:23:05 -0000

On Sat, Jul 15, 2017 at 7:59 AM, Roland Dobbins <rdobbins@arbor.net> wrote:
> On 15 Jul 2017, at 18:23, Daniel Kahn Gillmor wrote:
>
>> Whether it justifies a loss of security is a separate question.
>
>
> It isn't a loss of security - it's actually a net gain for security.
> Network visibility, independent of any end-host, is a key requirement for
> network security.

Visibility, yes, but I don't agree that you can't protect the network
if traffic is encrypted.  Many incident response teams are able to use
indicators of compromise (IoCs) for encrypted streams.

>
> As to the specific regulations, folks from the appropriate verticals will
> need to speak up.  I know vaguely that there are regulations in the
> financial sector and the defense contracting sector which apply, but can't
> cite chapter and verse.
>
> I'm sure someone on the list can, however.
>
>
> -----------------------------------
> Roland Dobbins <rdobbins@arbor.net>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls



-- 

Best regards,
Kathleen