Re: [TLS] chairs - please shutdown wiretapping discussion...

"Blumenthal, Uri - 0553 - MITLL" <> Tue, 11 July 2017 20:59 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2287F127869 for <>; Tue, 11 Jul 2017 13:59:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id EqZPrTp8haEx for <>; Tue, 11 Jul 2017 13:59:07 -0700 (PDT)
Received: from (LLMX2.LL.MIT.EDU []) by (Postfix) with ESMTP id 380FE126E3A for <>; Tue, 11 Jul 2017 13:59:07 -0700 (PDT)
Received: from ( by (unknown) with ESMTP id v6BKwwdk038078; Tue, 11 Jul 2017 16:58:58 -0400
From: "Blumenthal, Uri - 0553 - MITLL" <>
To: Christian Huitema <>, Stephen Farrell <>, Ted Lemon <>
CC: "" <>
Thread-Topic: [TLS] chairs - please shutdown wiretapping discussion...
Date: Tue, 11 Jul 2017 20:58:56 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
user-agent: Microsoft-MacOutlook/f.24.0.170702
x-originating-ip: []
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha256; boundary="B_3582637136_1653575835"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-07-11_11:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1706020000 definitions=main-1707110333
Archived-At: <>
Subject: Re: [TLS] chairs - please shutdown wiretapping discussion...
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 11 Jul 2017 20:59:10 -0000

I’d rather not deal with this whole mess.


On 7/11/2017, 16:56, "TLS on behalf of Christian Huitema" < on behalf of>; wrote:

    On 7/11/2017 1:31 PM, Stephen Farrell wrote:
    > PS: There are also genuine performance reasons why the same
    > DH public might be re-used in some cases, so there would be
    > false positives in a survey to consider as well.
    Well, yes. The classic argument is performance. Saving the cost of
    exponentiation, computing G^X once for many session instead of once per
    session. But you reap most of the benefits of that optimization with a
    fairly small number of repetitions. Performance alone is not a good
    reason to use the key over extended period, not to share the exact same
    key between all servers in a farm. The fact is that wide reuse of the
    same (EC)DH private key does compromise the security of TLS -- including
    an obvious issue with forward secrecy.
    I get your argument that this can turn into a cat and mouse game.
    Clients detect a bad behavior, misbehaving servers adapt by tweaking the
    behavior to avoid detection, clients get smarter, etc. On the other
    hand, documenting the attack clearly marks this key reuse as not
    desirable and not supported. The public statement provides an argument
    to developers to "just say no" when asked to add the wiretap "feature".
    Detection by clients also provides a clear signal to enterprises that
    they should really find another way to solve their problem.
    In any case, I just submitted PR #1049
    Christian Huitema