Re: [TLS] Industry Concerns about TLS 1.3

BITS Security <> Fri, 23 September 2016 19:31 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D512812BC32 for <>; Fri, 23 Sep 2016 12:31:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id TMFTVEyb2rG1 for <>; Fri, 23 Sep 2016 12:31:45 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7355F12BC2B for <>; Fri, 23 Sep 2016 12:31:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1-fsroundtable-org; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=+byTK/99H2t2JuPJUOCXUAh/8vejTaSiX/n3sDJAOBY=; b=Ao57KQ22PZEvHAyPpqUkcWc8TxGiFLoWL90Q4/vD06+M+dmzytAOajh3oDsccDO2PGfuK3F6EwtOvcMzXvEzuynBsVW+asygC0sunrFtCJv322u+G7O5OzES7yCtxC3uuKIQhdninnqizvadSQPy7Xd8aCEbK79OgMvP+UttJME=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.619.10; Fri, 23 Sep 2016 19:31:44 +0000
Received: from ([]) by ([]) with mapi id 15.01.0619.011; Fri, 23 Sep 2016 19:31:44 +0000
From: BITS Security <>
To: Watson Ladd <>, "Ackermann, Michael" <>
Thread-Topic: [TLS] Industry Concerns about TLS 1.3
Date: Fri, 23 Sep 2016 19:31:44 +0000
Message-ID: <>
References: <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: []
x-ms-office365-filtering-correlation-id: eccf14d3-2c40-46a8-4f78-08d3e3e84094
x-microsoft-exchange-diagnostics: 1; DM5PR11MB1417; 6:VEmDDOJVkIjJqr5csTD8bWXDXq44FnPoRRBgKc1qN01KZF69ZMfiLUg9HxgTXI0t5TT5kMF1GmBdZVz46vVB6He/Q5qQmPacfMJFGsRoG6xJXpX8G2A46afc3SgKGGKxOr0Lr/jCJDOXldlWLFXD3r8+pavKk78R+tWx8IXy2ZMN+YLOT8lodrtBiVq1tQsVcNY4rctUpifAjyMxjaTd0k8UBLprc6hpZk/WPG8U03iwNgFNXFvQTSPKiezdAAM2CQD/IUTexIt+tykwzSvt2LK6bnZcvL+ZKOhjHcENXmAFelK9NMy+pDN4nZBN5SSp; 5:feQ7+965aw7t3RhwwZFU15pN0yUpkUedkhw32lhypGx9NsRukHZXMf63te0XwHXnUE32Lh2BPXJF3be0ph1H/SJ5y0dO/Ncr8OULKJH4BXOUS9CG0NWfHkNnIYY5UHL+mfnq8MtEi5e7cagtyQ9KEA==; 24:tI6AWLtyGv424ZGQQT9zYoi9le0D4451WAPJdvJoAM2m8YC07VQ87uOOTsy5SqCcdQiB79wqYr1QwfVf6LtHXV6TDdvYDDhYWsFn8yB5EeM=; 7:P1yq1HXV4mBuM5OcobyYA7woFQhScRCJfCYcDYhKJs52PxRjF3txkYChyVzr1pxfwx7UWTtuNoFtoqQURn4r+RuSpRafo59P0DSKp6ZulIBRt3CCF+70GqccRjPoT2xI41vh6pL4Mmx1QHPm+X/8yELyuX+qQFWlFxZh28/Ahb09Ln6RAMUh3Y+Spg7xLNEmbbl99sS+y5/vR38ylSgWzzlTTSBsGhOJDz4o6Qkiomg1xMSIX0MHY2unVMpn4EdWxp6Wk6WPt/cNnWqU782x6fRpyNjLl+dY5GMhN0BdQDX59N2fxDBFM6tZW0NbUiZW
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM5PR11MB1417;
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:(158342451672863)(278428928389397)(72170088055959)(192374486261705)(86572411397741)(266576461109395);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6042046)(6043046); SRVR:DM5PR11MB1417; BCL:0; PCL:0; RULEID:; SRVR:DM5PR11MB1417;
x-forefront-prvs: 0074BBE012
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(7916002)(24454002)(189002)(377454003)(13464003)(85714005)(199003)(105586002)(50986999)(99286002)(15975445007)(5002640100001)(87936001)(31430400001)(9686002)(76576001)(189998001)(19580405001)(101416001)(6116002)(586003)(3846002)(68736007)(102836003)(19580395003)(77096005)(11100500001)(66066001)(7696004)(2900100001)(92566002)(86362001)(8936002)(7846002)(106356001)(8676002)(3280700002)(305945005)(10400500002)(5660300001)(4326007)(76176999)(33656002)(7736002)(3660700001)(93886004)(551934003)(122556002)(74316002)(81156014)(81166006)(80792005)(5001770100001)(54356999)(2906002)(97736004)(2950100002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR11MB1417;; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None ( does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Sep 2016 19:31:44.3049 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 841de5a0-73e8-4cbc-8142-f80b225ef22d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1417
Archived-At: <>
Cc: "" <>
Subject: Re: [TLS] Industry Concerns about TLS 1.3
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 23 Sep 2016 19:31:50 -0000

> What exactly is the problem you are concerned with? As I've pointed out previously one can still log the contents of TLS protected
> connections: you do this at the client, or with an intercepting proxy.
> What information does this not get you that you need on the network?

For enterprises using Content Delivery Networks, the TLS session from the browser ends at the edge server in the Content Delivery Network.  The session that the enterprise sees is completely different: different IP's and ports, different TLS session, different application layer content because of caching, different network behavior (like packet drops and retransmissions).  If some infrastructure component in the data center is causing a problem, a trace on the browser side is blind to that.  An additional problem is that Microsoft does not allow logging of ephemeral keys in their browser. 

Likewise endpoint logging in the data center often does not provide adequate data to isolate the fault domain and/or the root cause of a problem.  Logs tell you that an event happened but not why it happened or which infrastructure component was the cause of the problem. For example, a log may indicate that a call was made that either didn't get answered or received a slow answer, but there could be ten infrastructure components between the server that made the call and the destination server that is supposed to answer.   

>From the time a packet enters a data center, it is travelling through routers, switches, firewalls, load balancers, web servers, app servers, middleware servers, and possibly hitting a mainframe, all TLS encrypted for many enterprises.  Frequently, source and destination IP's are NAT'ed multiple times, so there is no visible relationship between the packet that enters the data center and the same call at deeper layers of the infrastructure.  Any one of these infrastructure nodes could be the cause of a problem.  The way to isolate the fault domain of a problem is to take a packet trace at each tier of the application infrastructure and look at the application layer data in a decrypted trace in order to find the transaction that is failing. 

Large enterprises have built up robust out-of-band packet capture infrastructures in order to provide better network and application layer visibility than what logs provide.  Packet brokers and sniffers can handle 10 Gbits/sec. line rate or more of traffic, including write to disk at 20 Gbits/sec. or more.  This is needed because when IP's are NAT'ed, you have to trace everything in and out of a particular server and then decrypt in order to find the transaction of interest.  Some endpoints and/or infrastructure components have packet capture capability, but most are not robust enough to handle this kind of packet capture load in a busy production environment. 

There can be twenty or more layers to a large application, all TLS encrypted, that need to be inspected for troubleshooting, and replacing this with MITM infrastructure is not scalable.  Likewise, there can be hundreds of physical network taps feeding security monitoring tools like IDS/IPS, malware detection, and fraud monitoring.  Threats are coming not just from the Internet, but also from internal or 3rd party machines that have been compromised and then start reconnaissance from a wide variety of locations.  Large enterprises also have complex virtual environments which can be running TLS between VM's.  There is no scalable way to intercept VM to VM TLS that never leaves the virtual server.


-----Original Message-----
From: TLS [] On Behalf Of Watson Ladd
Sent: Friday, September 23, 2016 11:44 AM
To: Ackermann, Michael <>
Subject: Re: [TLS] Industry Concerns about TLS 1.3

On Fri, Sep 23, 2016 at 8:31 AM, Ackermann, Michael <> wrote:
>  I am not sure I understand what your reply means?
> Is it that we should create or even allow an environment to develop,  where all providers of service cannot  provide effective diagnostics and support?   And then see the constituents of these industries collapse together.     And only then realize we have an issue?
> I hope I am  not understanding correctly.     IETF is supposed to be looking ahead to provide better answers and circumvent predictable problems.    Not ignoring,  waiting and then reacting to negative situations that can and should be avoided.

What exactly is the problem you are concerned with? As I've pointed out previously one can still log the contents of TLS protected
connections: you do this at the client, or with an intercepting proxy.
What information does this not get you that you need on the network?

> What I am saying,  in relation to your "Delivering a stable product"  comment is that over time various industries have learned what it takes to "Deliver a stable product".    We did not want to invest millions in these debugging networks.   But  we learned the hard way,  that it was necessary.
> I am not a member of the banking coalition that started this subject,  nor of the banking industry at all,  but I certainly understand their perspective and am concerned about  the same unmanageable future they described.

Do  Akami, Cloudlflare and Google magically not have these problems?
> Thanks
> Mike
> -----Original Message-----
> From: Jeffrey Walton []
> Sent: Friday, September 23, 2016 10:55 AM
> To: Ackermann, Michael <>
> Cc: BITS Security <>;
> Subject: Re: [TLS] Industry Concerns about TLS 1.3
> On Fri, Sep 23, 2016 at 10:46 AM, Ackermann, Michael <> wrote:
>> From the perspective an Enterprise that runs these applications and has invested HEAVILY in the debugging networks.........
>> The reason we are debugging these networks is so that "The 5-6 order of magnitude of folks using them"  will have good service.   If they do not,  they will consider competitors and/or generate a litany service calls or complaints.        I.E.     When these "Folks"  are slow or not working they are just as unhappy as we are.
> Isn't that the market operating as expected? Those who deliver a stable product at a competitive price are rewarded, while those who fail to deliver or deliver at an unreasonable cost are not? (Some hand waiving).
> If all providers failed to deliver or delivered an inferior product, then it might indicate a major course correction is needed. But I don't think that's the case here.
> Jeff
> The information contained in this communication is highly confidential and is intended solely for the use of the individual(s) to whom this communication is directed. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. Please notify the sender, by electronic mail or telephone, of any unintended receipt and delete the original message without making any copies.
>  Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association.
> _______________________________________________
> TLS mailing list

"Man is born free, but everywhere he is in chains".

TLS mailing list