IETF Logo Mail Archive

Re: [TLS] TLS Impact on Network Security draft updated

"Ackermann, Michael" <MAckermann@bcbsm.com> Tue, 23 July 2019 20:46 UTC

Return-Path: <mackermann@bcbsm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51B5D120159 for <tls@ietfa.amsl.com>; Tue, 23 Jul 2019 13:46:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); domainkeys=pass (1024-bit key) header.from=MAckermann@bcbsm.com header.d=bcbsm.com; dkim=pass (1024-bit key) header.d=bcbsm.com header.b=Pzjlxnoo; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=bcbsm.onmicrosoft.com header.b=TsuiV4Ru
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eW0-R8ovp7Q1 for <tls@ietfa.amsl.com>; Tue, 23 Jul 2019 13:46:47 -0700 (PDT)
Received: from mx.z120.zixworks.com (bcbsm.zixworks.com [199.30.235.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E634120986 for <tls@ietf.org>; Tue, 23 Jul 2019 13:46:47 -0700 (PDT)
Received: from 127.0.0.1 (ZixVPM [127.0.0.1]) by Outbound.z120.zixworks.com (Proprietary) with SMTP id 7CDA71C4619 for <tls@ietf.org>; Tue, 23 Jul 2019 15:46:46 -0500 (CDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ZIXVPM1670e2ded26; d=bcbsm.com; h=From:To:Subject:Date; b=meALcuZmUPNdo5tCokFhb7iLvMWtNvjsY9C10KID0Y3bvExzS6jB4JuKG1ZQVSfX U2wbgGDALQ+mCF+pvj82CerB6pHftlWgTPrWqH4hys9Sn0Rig9c3cMCxJqEhxo yOhq3b+cXqZlJOjeghH1PxOOawpG1U6TxDaONTzswvc24=;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bcbsm.com; s=ZIXVPM1670e2ded26; t=1563914806; bh=MKO6LsmN6dFPfbKjZcdjftQLDtUQC4w9Gzm3s+NxX0k=; h=From:To:Subject:Date; b=PzjlxnoowBc6GfB3lpco+iTui0FnpPfriDSA7FcTBksnLPJUQJXb1/ZTJjb4n3+pS uY5rUM/e43pOPcEe9+wbLaPyToF9Ezm7uLTqNetIJ9djqVgKpCJ9LYxk7T4wRi9L9q DfcyDj+Cgqbkwx9QSFAjHLJwfC0z9sgrb0ZOu/wE=
Received: from imsva1.bcbsm.com (inetmta03.bcbsm.com [12.107.172.80]) by mx.z120.zixworks.com (Proprietary) with SMTP id 06ED21C45C4; Tue, 23 Jul 2019 15:46:44 -0500 (CDT)
Received: from imsva1.bcbsm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C31BE9206A; Tue, 23 Jul 2019 16:46:44 -0400 (EDT)
Received: from imsva1.bcbsm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6001B92053; Tue, 23 Jul 2019 16:46:44 -0400 (EDT)
Received: from NAM05-BY2-obe.outbound.protection.outlook.com (unknown [104.47.50.56]) by imsva1.bcbsm.com (Postfix) with ESMTPS; Tue, 23 Jul 2019 16:46:44 -0400 (EDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=et2aHMG1lEsZfbdaL3VXrDa774+ciWPhhg0K56evl6kIaaFkMOYdQY6LRNtYYVUgnhCTj9n7ZwsDH7ffd65JFAsl2IABiC81XlwTZPlMsKhd4tn1YuvZAmHE1Cs/g1mbEkZHoTvuBlBg9lDGODRLGuzO28lJXACcRwPf6xxroryzIfZ+b6P2gVMVAwpsrViMDcJ4IH7tAZ6aYm43mWbrojSDOTiIJoM80Y98aj1Lyp/eFjzdtNtFq5FDyLs3DoRQSurzX/WoQogs/LGfNkWvtQQq1ye7HiucKHoh4RvmogdaTJYnXF9pIktla6Qx+a2aM4VdyHeLnhw/kSlOEAlV/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NNCl62rc9itYpKL1hsfqG3JdRZgEqLlazuJWM+VlHkg=; b=R+ATdsOK+15iU3PgJoMJE7k12kvKPHKh9NvKgIUpqGp7JfVReLOcTXzNuogzj0IF10rYEKoUyRF55STwMAGaR9y3RVOlJb424mTbwoyczzH/laqLk4hPI94mPOE2i04CjLYHb8r+/AXraR61AyPZrbWB0JBnWIYt3iY7SKHPN/uFOIyCjLlDtL0t0wCzmGQanw8ujUqsl3xuJP+ghBBmI2aVN/f0sGu9SFIC8XkS8uXQqQr1bqetuwXUb1IpEZeWBYgtXFEs7tyu1zla4/QsXNbOjHOVFuTS7LGJa12G0a6mSeUy+uD0l0WtCE1sMJkzsxfAM0MpGw8n4WYPXCpeAQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=bcbsm.com;dmarc=pass action=none header.from=bcbsm.com;dkim=pass header.d=bcbsm.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bcbsm.onmicrosoft.com; s=selector1-bcbsm-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NNCl62rc9itYpKL1hsfqG3JdRZgEqLlazuJWM+VlHkg=; b=TsuiV4Ru7wBXhvg3JXe1fftZeHhy43W4CxaV48cGmhOALpjij/vT/xzmWwe0cZa3ZsVi4PtYQGbTeyqtNKul7tQjX3eOqNwadUpozXT9OHTTY7mbb3a8ge3Bpz4s9627PFgqS8b6HAptQEQ1UgGunyVDQFnbwZdYy0c2Cf4wtbA=
Received: from DM6PR14MB2474.namprd14.prod.outlook.com (20.177.221.205) by DM6PR14MB3632.namprd14.prod.outlook.com (20.179.166.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.17; Tue, 23 Jul 2019 20:46:42 +0000
Received: from DM6PR14MB2474.namprd14.prod.outlook.com ([fe80::168:5560:a095:93e3]) by DM6PR14MB2474.namprd14.prod.outlook.com ([fe80::168:5560:a095:93e3%7]) with mapi id 15.20.2094.013; Tue, 23 Jul 2019 20:46:42 +0000
From: "Ackermann, Michael" <MAckermann@bcbsm.com>
To: Mark O <Mark.O=40ncsc.gov.uk@dmarc.ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: Re: [TLS] TLS Impact on Network Security draft updated
Thread-Index: AdVBlEsEpQQ4zuheRNyyIiMVYmF2vAAAsnSw
Date: Tue, 23 Jul 2019 20:46:42 +0000
Message-ID: <DM6PR14MB24748FF357654E2971904BFFD7C70@DM6PR14MB2474.namprd14.prod.outlook.com>
References: <LNXP123MB2570E01BA9FFF9412F565800D3C70@LNXP123MB2570.GBRP123.PROD.OUTLOOK.COM>
In-Reply-To: <LNXP123MB2570E01BA9FFF9412F565800D3C70@LNXP123MB2570.GBRP123.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=MAckermann@bcbsm.com;
x-originating-ip: [165.225.39.74]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 89bf015f-a4ca-4d11-11fe-08d70faede87
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7167020)(7193020); SRVR:DM6PR14MB3632;
x-ms-traffictypediagnostic: DM6PR14MB3632:
x-ms-exchange-purlcount: 4
x-microsoft-antispam-prvs: <DM6PR14MB3632CC3A2623BD7EB7911DD6D7C70@DM6PR14MB3632.namprd14.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0107098B6C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(396003)(346002)(39860400002)(366004)(376002)(199004)(189003)(54164003)(64756008)(8676002)(76176011)(71190400001)(110136005)(71200400001)(81156014)(2906002)(102836004)(7736002)(81166006)(316002)(8936002)(186003)(33656002)(486006)(15650500001)(11346002)(446003)(6116002)(7696005)(74316002)(99286004)(7110500001)(790700001)(966005)(53546011)(2420400007)(6506007)(68736007)(5024004)(14444005)(55236004)(3846002)(256004)(52536014)(25786009)(6306002)(55016002)(9686003)(606006)(478600001)(476003)(2501003)(236005)(6246003)(86362001)(14454004)(53936002)(66066001)(229853002)(66946007)(26005)(5660300002)(66556008)(66446008)(66476007)(54896002)(76116006)(80792005)(6436002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR14MB3632; H:DM6PR14MB2474.namprd14.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: bcbsm.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: Rd7EM507T/2YYB1Al2yFjUoQ2C/U2ovEepDF5FhffENCRZi6x44s/vFttBmOfk/rM8skx36VWTWEmvUuJ1Qo9bWekGIZbM8aQVyogrkvUIVeMCIDFUCFeprDadqWphJZqSYmJ8+gxVq7wg9wT8I/Cnz/QKpBOH9UBhVPMgVUcm4WsCxFHrvf33zjJd7AWzxq8Cx0PTL0T746OQFLFwk4wosSCRrkuqRgv9Zrk22Vv118bche6f2N4DCcjAP8QU74v1nX/34U6UlAeVMBE68tpfhgOMB+Frce1niCC7jzdjVPZCvcmcTFqodKTCbzUhZ1dKbMIhPiUXNFLSIFOfYTpBf5apA1AJAAEHl2WowEMZilX6jSiHUYdpJ89Ao+ff73Dnb8tyQi8OapeFGXkK0AqkfToWB237pnYAX5Q0+f9ps=
Content-Type: multipart/alternative; boundary="_000_DM6PR14MB24748FF357654E2971904BFFD7C70DM6PR14MB2474namp_"
MIME-Version: 1.0
X-OriginatorOrg: bcbsm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 89bf015f-a4ca-4d11-11fe-08d70faede87
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jul 2019 20:46:42.6605 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 6f56d3fa-5682-4261-b169-bc0d615da17c
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: MAckermann@bcbsm.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR14MB3632
X-TM-AS-GCONF: 00
X-VPM-HOST: vmvpm01.z120.zixworks.com
X-VPM-GROUP-ID: fc2df9f5-4dd6-4da5-8930-de8d93c9c5d7
X-VPM-MSG-ID: 423b7aad-3f58-4399-bf0d-fbcec52c7206
X-VPM-ENC-REGIME: Plaintext
X-VPM-IS-HYBRID: 0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/suWcCpbbv3XXJr_3qwgfgW9xyxw>
Subject: Re: [TLS] TLS Impact on Network Security draft updated
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 20:46:58 -0000

+1
And I would add that the pervasive effects of encryption are not limited to security of systems,  but limit the abilities of other system management, monitoring and diagnostic platforms as well.


From: TLS <tls-bounces@ietf.org> On Behalf Of Mark O
Sent: Tuesday, July 23, 2019 4:28 PM
To: tls@ietf.org
Subject: Re: [TLS] TLS Impact on Network Security draft updated

 ALERT This email was sent from a source external to BCBSM/BCN.
 DO NOT CLICK links or attachments unless you recognize the sender and trust the content.


I don’t have a preference for whether this draft should become a working group item, or become an AD-sponsored or individual submission​, but in any case it contains important additions to the security considerations of RFC 8446. The use-cases it details are real-life scenarios where the introduction of TLS 1.3 in place of 1.2 has an impact on the security of systems (according to the threat model outlined in RFC 3552 and the additional non-ComSec threats that have been identified subsequent to the publication of RFC 3552); therefore they should be accurately and publicly recorded.

-- Mark



On Sun, Jul 21, 2019 at 6:51 AM Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com><mailto:ncamwing@cisco.com%3e>; wrote:



> Hi,

>

> Thanks to all the feedback provided, we have updated the

> https://tools.ietf.org/html/draft-camwinget-tls-use-cases-04

>

> draft.  At this point, we believe the draft is stable and would like to

> request its publication as an informational draft.

>

>

>

> Warm regards,

>

>     Nancy

>

>

>

>

> _______________________________________________

> TLS mailing list

> TLS@ietf.org<mailto:TLS@ietf.org>

> https://www.ietf.org/mailman/listinfo/tls






This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk<mailto:ncscinfoleg@ncsc.gov.uk>. All material is UK Crown Copyright ©



The information contained in this communication is highly confidential and is intended solely for the use of the individual(s) to whom this communication is directed. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. Please notify the sender, by electronic mail or telephone, of any unintended receipt and delete the original message without making any copies.
 
 Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association.

v2.35.0 | Report a Bug | By Email | System Status