Re: [TLS] Malware (was Re: draft-green-tls-static-dh-in-tls13-01)

"Roland Dobbins" <rdobbins@arbor.net> Mon, 17 July 2017 11:01 UTC

Return-Path: <rdobbins@arbor.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D09D131B01 for <tls@ietfa.amsl.com>; Mon, 17 Jul 2017 04:01:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=thescout.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T57t8n5DizI7 for <tls@ietfa.amsl.com>; Mon, 17 Jul 2017 04:01:24 -0700 (PDT)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0127.outbound.protection.outlook.com [104.47.36.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D18D120725 for <tls@ietf.org>; Mon, 17 Jul 2017 04:01:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thescout.onmicrosoft.com; s=selector1-arbor-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=7p+E/iCFzwSYmL/VhmfJDcsakZ6DxsT7l0RrecHDhu4=; b=nXtW2ab5bPK2lILubsKKTdhnA8uUY9FkerYsFzMX2Xcu4G3KIJOl6wCa2bLbDEhYCzHmUZY0pC4KhCqWXGGhivB9AHnpKjSp8yTCT0qYsP6Ja05P+w+PnVKL7Kj62omXw3YPEjhuDru+IUDnAm3mlTKSVSjPWzMs57DNHvGpozU=
Authentication-Results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=arbor.net;
Received: from [172.16.1.3] (88.208.89.131) by DM2PR0101MB1040.prod.exchangelabs.com (2a01:111:e400:3c18::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1261.13; Mon, 17 Jul 2017 11:01:21 +0000
From: Roland Dobbins <rdobbins@arbor.net>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Date: Mon, 17 Jul 2017 13:01:10 +0200
Message-ID: <D0D9AC61-A1C7-4598-BECE-C5F8F860CBAD@arbor.net>
In-Reply-To: <20E2D146-07BC-40DA-9DE2-031503916F52@gmail.com>
References: <CABkgnnU8ho7OZpeF=BfEZWYkt1=3ULjny8hcwvp3nnaCBtbbhQ@mail.gmail.com> <20E2D146-07BC-40DA-9DE2-031503916F52@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.6r5347)
X-Originating-IP: [88.208.89.131]
X-ClientProxiedBy: DB6PR0601CA0012.eurprd06.prod.outlook.com (2603:10a6:4:7b::22) To DM2PR0101MB1040.prod.exchangelabs.com (2a01:111:e400:3c18::16)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: ed2d7910-095a-42aa-3242-08d4cd03291a
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(300000503095)(300135400095)(201703131423075)(201703031133081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DM2PR0101MB1040;
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0101MB1040; 3:o1elYRvEhF4bqqEG9gPwjSDvNNa0ZKO3/alLEZJnpI6gnaca7PjDsN9rCyWrM/IOvVJS3I658aWTbUSeKDCOV1xCZlL0Rir/NIONaFAkBPw74Q0npuKkxiK5cz+cnhnFDM6eM3I1svfrtHGBtpMWFY6o8GUpN53ekb8CVjWMe687EiFZyPfda1hn32SGZyCFypRKZvsABLUVTHUGKT9+IMip8rPjUKEZ2QlVXJHzTYIALsrzw2D/RQii44yKKsYh/AGVMQ/CMyx6FEVZsqmVhUaGL8mcU0Q6JlQRJrFJIvp0jmuz7FGAx5xdC74fQaiia1eYfM77KmAGS3EFb7RxAADncLf2JLf2a87PHb8SB/WNFtELNN2XtPWBdXUjSMfVG6uGNtIjHCaaz5p/k9EHk1OigKa9y1Op4crP/Xd2MLVozDgUjfVG2WI1ltn9wLl77XTne4uBMd3nXmZx27MIWbqrwRvPuOp9WnjkY1/FvoVHps9H57nMCgVzfKEmZ06XpkNIc0HWi0XcLy7IS3m9i5blMz36e2UgJuPqMZlwWcfAqWUh4AcmikwWFAMBIQEODiXMhq+2/wDFqfH2yH5w8WZeUPYOLDsUB+ctkakll/4N2nDCnBVEzxRgaQSYMip50/xeLjTQlbb+sRsCBGemIc1uNo5UvMbBoT3FNNNCOIqjbvtmGfTCU7uLOuJlclAGrmA+Eiyg9nouMkCfTUoV1k9n1hu9wm37/WXVAPLVnkQ=
X-MS-TrafficTypeDiagnostic: DM2PR0101MB1040:
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0101MB1040; 25:L90w+rUYNrJjqXMGcKYTh3lqbDLC0hS++DPcV7L9ymiYotW05Hlv92JFgScb61R+Hilv/w6gNkMuTBOzp5Uaf5baImfj86PRwfNoB82vx+KWmsFu6grICGrSgZAv+zjoWrDxjeY/FEPZkPG9kAxhe/a1HDDS1WAOTmde1/Y0PDgIuRijceKpIbxHcZPGHJvkElktIZDHQtwesWrrJv49nsn4PPgLoLgC4c5NsN0wbvg/yyJgI3uoQX5RZ4DkLG1MjKCBoKPfcgTy4TXBi8qwNiilXXjVSUOH2oo851ip2j1MjblArIBVbjtsVV3YVdEGz+dMI9JMYlVePC+TgJegL7P5OMTLr4BhxXZDzE8M/Y6/p6ABufrVOVaEHqlsnFrGITLrd8/0Bm/IANoWKUzuPTmIZEj863Iuc6i5HpTQzdQlKCOo7zoyNAaHKdxT3pq825FGLuN58DakdT+5UKlo+aCVSnn234eDyxB40TmEPsWte5Orwg3UBYhjdXed6Hx25NaORE68quYzmXKZlXJRgLxkT0HVtAGEuXKC8wTyJD4FfN9GhesSwjNF+pX+Zp1Exi6uQQyv4triG9qo8XEqPDm9LZSuhcjLKQovsm6Dfs/GXukLVC6NJzG70usw6hcWeaz0IdZ8RvBK9yqnGh8O4efHyb/6qhZ4li8pizhRj03CAxsNuYtfelfprSDG63eEeGLyVf/0TR6RJ4yyAIwLZjZA4aCcDnyyMPLyFPbzsNACGpUv0VJHH4Pe40svSCExuxUwVqYz78k3GJ7SMOttx3NYj1OFGNrrcinN4mdd1pPFlDCQj4WVHdmEYAjVI7ZgQlouWXHUiylv2czDZok3YKe5LBs4dJh/fOHZbiRNpFYrbt8UhNNFcZNSWGqDLy4gx0cdJlI/OPi6fix0LBILt7u2bTUMTkyVV3VPOB+pyic=
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0101MB1040; 31:xde0HeSqWfV1kn9+nya9RXuC1cb/t1eFz1MLqK/4R4ABSKgKIj0OlhcKlU8BopDQhtS7NyzGo1hepsiNcfki4hPGdwjF0JMhRK+V6QBbVaBjGGhsYiIb1W1W0Vk8cVsUVFW9Zl/kckN4Sgj5nLI16EVuZgKUDnQY03D+hZMEUeSjYE8cPUbFyGJ2vd99AU8dDwV+1imoU0ZR/sW4B31JLcc2ybxzgY+/2xohWmPYZKvboLm/sMo5VBttbF62iADnvmEVN/Wh6Vl2tPaqNNAg78x1f74V8hqCXkXsR8GUnb1A07b4gC1jrV9m3N6sagJs72Yjz//FrlfSASvNLwFTsO7wx5fs/vbuxsjAccDBW7xfQg+4dixyPeT3Gz2g6tGNilFTrXCEi4Gung9SD4P+UlAbJTYM2wKuHgQqQu8w6Xme4RucKwS/btj5pugL5J5sJ2A7f89nYakD0WfcfxDAuAe/qX6STdQop1ZJXue1k7os2CjWn35DLwzArDa6qu9lt79LEsrM1zaYlEoAplNAQAuo1cLC1ouNIrF1TuYI6A8h4JXxaGCc48vBjQeMm09q5tu1S7xF99xk6bCA59CKE4RGTzioTPK8b0C3hH2COAjUzKtc1sOJy+yJL9mNg960GQ+uDlS7YAqxs/vu82kVo60BcFTeZN6usntwAKoCI4dX/gpVpismNylh7mWAb/zl7VyrQfmZeJkkEcVl6GiYWQ==
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0101MB1040; 20:yaDp2g/M7Mn2Z55Ia6NuxcC4EjfNd/ER9rKZKFsq7nKXIwuoBSA+GgfVxqMyEDN1ZNeHHnEZH+mx8cNlECshsE5B2f5+gzhTPEn2gmROlQr1UrAopI+8B9A22fWbAp9rhfTYOncyrDxZvDVoSZP9Jfj5euzzF+iSG0du0b01aKBKxzG+TwAJWAKwZnb+IutHdru9mRt3M7Tmsau9g5kK+EiF/PxtB1Nn3PJiT6+kE0/X2ITDtPSg0+WBc91moawNiLlYYxaW76keUinMWJWN9HhrNKS38MZ+1QruE521dfTHI4QqxogaqfE70l6JxBmTgm2KYWr2m/28Blr/gU+xA6nZi7gbuIM+WrkPFfb2ESFbAtf+MhL+thJk3NESuvtBDrEV4daMZLn1Y/DyP2sE9F8zTfqE6FlMdR3WVXPuXIcbz4iDDF+VdbDKCQb7suL3XW59nwt5/qiB1eQHnJRnxYg+pJEAw7PE0QCeUWQW+3fHccmbTNd6bq3LvbxP1Kur
X-Exchange-Antispam-Report-Test: UriScan:(246478575198768)(236129657087228)(48057245064654);
X-Microsoft-Antispam-PRVS: <DM2PR0101MB1040BD3102B2FA9F389A8BCACAA00@DM2PR0101MB1040.prod.exchangelabs.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(2017060910075)(3002001)(10201501046)(93006095)(93001095)(100000703101)(100105400095)(6041248)(20161123558100)(20161123555025)(20161123560025)(20161123564025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM2PR0101MB1040; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM2PR0101MB1040;
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0101MB1040; 4:lQg7cOr0Wk0q5TLkfyCOBpxmBmSH8RzwLy04w3WehVCeVYnkxDCYHZV64d0hpAqz+jxY04ZvHlmxxLQy9B/FsCaVyAQcTBkpGljXt5UZ2f5LHBEHrTXvO8TTNWIJO/Jldxdi2FVaOES2IybIHhQPBt6jaNXirO9GV/MWUbB+2eqifQhaOkcGduNbD/dHPZLAS4lWS2SXxMyR5H+mlBv7tqjNq4mNgEKYeFWIT20pMDkbMrb8/r+MpPXmma+b++CVkfWD+Ywk1SK5EJqapnpLE+Im5AFICRbxaZ54NgG8vtXVpJhHSUfehQ4FGIUXA9QXJY/JH8AjA0pjrm2C+QLcixFpHWdaSvAPWnpXEm6VpQo/r/6ERJEFUPmLkaljU+oYKF6Xa11ot2SVNs+ig++tzAKPFIZ+QRRId3qH8p+23TIiM0zTWCTayoqia1BiKviRabevYpMIPYBURKMhvKudCHmV4nRdOXDFyqxv2QnqHcWm47JFsl+vajgx+/bT4C3rquhbxVq0Tb65bU8LKKOatzwx8Zc2cpUZM4WcLLJEJeiGi4mKDZvEmEsyHvb95AYOuIZlGoK3X9QdWpC1ML4Iw0Mx5PuN6PD8bp+OUJ27ir2V3cTj8EXmCM2xNd3kuoPnigpDJMTR61fIo2wDqM50m+JGFIvMPQ5d7M0EdpoLlZzOdwUA654W3tUcQM/11rA44DgaUXcMWkYFIGd51KHpdpReF7WEDU+LxouGt5P9Brf0GVsAdErSIDglwxfSz2cDF8ay1LbpOOHvb6yTyWyTfWqQC3UGkYEz/PccTuvy1m06eruOQmdXCfcof85UZzOn4Jazwkwxj4tK19NSRzWIuct0GvLJtdAH9+bJIPT6U2eKA3HtzzkV8dbAWEdTBl4FnB72Nu5yqEy3GXVa7p5Mggaj4Wi3bX3ae5G/wJ03LPms3j16hYNUfnJP0Pur1m1fz9DQSbgLspOv0nOAqje3xvO/iaUZpB+ZWTYAOQ3lXwQbHe6X8xtYyQQqZ6g4qoqily+ryU1utALW0oau5HXdxnXeBi/Oh5z9WUfOeZFZdjj/9qTAOqDdlyaFEpfHygPicc1GPC8ZV5l8bRkmjGancFlsPgLIhbpHWQ5+nKsyXwt9EjXqQTJYCLAahNc8A5CcAzS1bHath9x1rs/BxSnDJEwWo2RJf6g+jw+eWyhvUKnJXCDDgMUx7JExNkGbI6PWErU6svebRLO52yJFpRP42ahGoorc7z32AKO9BFqmOT2pPNvhGxWqWtJY816jK8EQ
X-Forefront-PRVS: 0371762FE7
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(7370300001)(6049001)(6009001)(39410400002)(39400400002)(39850400002)(39840400002)(39450400003)(24454002)(3846002)(5660300001)(86362001)(50466002)(33656002)(4326008)(478600001)(6116002)(305945005)(2906002)(7736002)(42186005)(50986999)(76176999)(230783001)(110136004)(6246003)(7350300001)(38730400002)(47776003)(53936002)(229853002)(53546010)(6486002)(83716003)(77096006)(6666003)(189998001)(81166006)(25786009)(8676002)(5003940100001)(66066001)(36756003)(2950100002)(6916009)(82746002)(50226002)(54906002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0101MB1040; H:[172.16.1.3]; FPR:; SPF:None; MLV:sfv; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0101MB1040; 23:crzP48dxzNad+3pWZcaORku/tusVZA3FbWYQr4SefyR9/7IPsqqwO0sjUaheo3ppAKkS5/YYH/xeBiYPg87ZKiIUJqIKihbLpJCiUHpb/hBBnZ/eYlucltQ68vnEAoFNf6lpHWbN/erpjmZ/d1vY/RtQVn1W8P+WmWihFwm0iETl75pMGO7jWhtViE+2LJcpSXnTWbtyDC/i+148CKmDYn3QGI+XQI98t/xFZ2ZiQool9jueImRIVlNriwUjLlj//5LSuD9DKdAAc21dI8IeTBphN4OJ5xUBQzLidYUogoF0q5sCYHbJDou6gdh7KYSRzS3YnrhUrXKJOfCXa7cRXcDL+Kt06xtcGlTclblQG128O1iqWARio1NHKsaK9g/WSf+8sye/iwwpGTxy/LkEH03uIn52GTlrMnPHIvjfOM0SacknWhyTk4obBB71FtZUmsxK6iNRj0pzHKlhaNvKzm7IJQ9Y5iJLIJ/gLDn1vZM2XDBNCTAYjI9t7aSnVpc6xVMZoaIMI8EO+IrGP3Zp7zBwakyvHcvIBD1kyFrzLVfbMf76+m+AUxaE/gt3mZgrjlZnQxcPveQQOnCTgAaqBDBZ1RFDRLaoSJWpzKbThe00lnqqjFDzDkI28DCP3WK5L8kJiGhaedAvzQJlrNZRh66DvSyTHxgkT8xQQbdcIfRFvKAsA36c9liCcOujWb+X/PU+r+m930Uo2TeOw82pXNmJf9HbNMUhySgh9hrZ1ISrnQTFy/kdit+lDRveIj8lJ+h+G8NlwqJGM1GGOVpp3iQDIo0aWz6u+TIna2fB2uo0eFgu0k+tU6o+7gnfCDWPy3XCrJRLS0+ec/UVWaSMVDIt6T0Mm3jgvIvuHOnwDa5QAzrtbMfigkPdz3gvuIGSEUoUiyo/gFKCOHV29EtwtUFa9CxkCPcGZoJJT39NPtwdmFwBVr+tNuFUuOKSDEWZS39cw2AyPRwVHeQZ100UczYXGuiheSy3QJ0jw3XawUnclBGFjAaaSNKJ3NT9feEZy+l+t7vNGrl9xBzT48a6YJv6z0SKO2jpKorFO+5rbbASeDpoELvC7OQc8DUYjLFm7du7y0MBaf/zRSwjelgKX5ZOnX+ddYvtinniXw+mCvvrr7l1QzK4lC1hjb8Wh4dVZK0vPm5iKVqxKEUFjwJVqkT1siPmG5RP/y9j/9kproSDiJV1oJbKXqDUfvtBfihd2hguawXF4qUcgW1X91Nu1w==
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0101MB1040; 6:kUy7UHN7jjlmdpgtdc0nh44b8gfQ9NXG+R+uMpF0nUmsmUHTlf/ZZUJ0Dey8QR+xtYq2glRYpZyYEAdiwDv4F9lcV1XFhrLXWyUtmvc6mdi5iowi61O3ZaATMIvSFZ2mPAqhmxmWpFTiEfJJIOVebmdqFMpX/3c4i0XaUtFFoW5BEq5GgIuqeIFLg7CLYANZLYNV5+gY24m0xmx7HH7JexGBJ1QTct2Afj5CeMDDyqvxwoSMBDOsEqJ7YvSo90Mk+fGX53KdcqxzKiyUwq0bYMAAHhLuwYVY3pZHMrcnll7AC1ihxepkfKcOF3NqRjM8JWkSVfa0KRnEYh5tGIX7l1E285Ran+ncuyjoXAcXixSHRGFOLQ6HnzBkC7h3jW4GunjGHAxUZcP85TRoesbygAJL9pT0kO8bWAzUGm1XHMwOs+q7Kw1ft+ejY0LIzIFTBeq8L+6s9zZeT/aigIiW4sHwvGv7OrumRPoY859dDvqA8j3IhuCFip7fzRvYZqQ9x5RtWybl9kMIaPo93qyh/SJGVQbnQbi5Q6mUgdfSy3t328Js59k3duCPPbGkZDkCBu2+HgoK4ek0wm7VBqLdWCOPihvgvV0L6x4P8rpLv9YmjJHKoNTEl5cu6S36iYzSH0M5LafPppLQ25HWYjxFHRDvjtFYZiwc0VuCWvyxNndR/FxaABvsj/5jOQ6p9LYfhQh00RDug+1ZCvcu/THt7fUVFepqlKWlBDh7B9aE3Qrm8n2jkfODjcs6GgoFsmzZK2kHUlwzj4at8/K7YVWZro9qVQBHR/z20e0cbXeJmMYD0bssI/XAuSzx93D/E+64bBEHhLMsQMHW4uf9u04xmlrWCPUiAK0wQi2y20WU4IGH8idvEXIke5+U9+lAuooRjGYfLRpGTTpo2cfbSaIc4C8vBZWZk/kWU4ur4aJ4EG9L9LVRCBTHiQXBeo9QOeMiloJSGCHfsktPgDXy25eeSFm3sBn3hVyN3J3PVor+L1Q=
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0101MB1040; 5:QYCtuLXtB0KDr+FfGdE38Eq5tJ/xu4dYVYl46W02LfHUMvyOIRmrYkY62wPhRqLb92sskSZzrqSFyq/wT22rZNEBZgK3B5KKqiY+Af2dSJMXB1ypBHcsEtWOmRYBVooogrVh9DdE7gNMmlrl/drRh+VBRxbIeZjssa1m2lMYijLy7ABICDpv9kJj3NSqyaAam+PrNwXjVlTY8DtDWZQKzeyrf/b8UMam0pKfl5g2si3w6HtNuf0fiS2Wz40ijtFPPJtyxY9cGFRT06QtDzxF8J+qA+v1iEEYxxvplhi7UsUprmb0OOMpNY2NeTUkzoQX+eq8FXqnjRPP/d6yynncCxeqSFxrJwcFhHJLb+WNW2BA0+a3JyOyyPz9MuSoo30kKEOa+CUIwXekHKo6BOw2BM8gU7UdEX8wUtb9EtoP6WfrEhjiYzm3KkL4DFoCKv793ZvcNA0N8w62JN2W5nZNlDAuvyLSRM9cbavw+Vdmb3Og8Q3aAvA88X4MlBVflAAS; 24:rHbApxIGBVPTR8FIy4/8zP5QHHHVkhdA82xOweN3zRCmLdvC0KXNfEdOK8Jy1bdCwBFEFtiKVI/EEB8w8VxLgHVmfsXnmTRMnVXeQkc6qKY=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0101MB1040; 7:icdZ/CR3tMZN6sA2MqpMUaOFWvRpS0MQzzGVat2xsoyrzenOSda0wWZ8sww/UFY+QZnvYmJ0DoJGY+zOzj2H1/IsCH/A/zPG3XBB+dgM+t0/SWexVLIuZBap3Vthqm8fQ3i2AeGDI2wpnTNUujoTJViF7QskL3hivy8WyU8/zhh85D+5Atbx3KKIAsdK2TgoVkSMZ8DzLGi9s0I4bOaW0KcdrI/Q3YpkMv5xW3FbR32Ziw/56F42lPVAhcQj2NoUWq7Qgq+teMZw09c37TQzJ9QVRJIbyXZ2Hh4H1/ipvwRHLlkanu3fSwWbYITp5fXaninmhhHlRHgPSqTz9lbU9x0grDjm48U5Za2S/BFOvQdXGpnvvYOEmQfzbuJYB6gG+kp8ebMi/i3eHnG6XjihT7AzxeMwZQMGjadFYQDiAZvZDbOiiDWK0zskar9IEAQIIkbGjol/Qntzs3kL5eiPtmMj0euRu7+9QGH7GQ+xqN1RzJ+sRcGfRipswr669erHxFOnLByyA19zWZ0YhqrkS4aucCtdvDUikkpLJP8XX1DHqJxX3hbVJV6rlUK9eJkt8NQUX3Gz1ezQpP7nf+WJwgdU7xzCS4DOrJBcLKlA9VIMdqpUXYQFxps3/uWJ5HVHJALOJljPFw2JtTkePrPNB/veUFoONtwQLxTQcLjASvN1di5Zohgi3VowT1SI0nhXdOXxI0in9bot0ucxRClmNo74FOvHDq18BIYB4t4ikf6IeSRhucwUbNttLDhITRHLRE1nr2PuqUmRasNahyqXw7/bpc/sfkOeQaLtGTqxz54=
X-OriginatorOrg: arbor.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Jul 2017 11:01:21.4093 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0101MB1040
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/bBPY27kpXidb6RSE-xyzdgd_oi8>
Subject: Re: [TLS] Malware (was Re: draft-green-tls-static-dh-in-tls13-01)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jul 2017 11:01:26 -0000

On 14 Jul 2017, at 12:17, Kathleen Moriarty wrote:

> Otherwise, with the proposed solution, your still relying on 
> indicators of compromise that can be detected using the encrypted 
> traffic.

Actually, it's often important to have visibility into the intranet 
cryptostream in order to detect and classify aberrant behavior which 
can't otherwise be detected/classified standing outside the tunnel.

Organizations do this to identify compromised/abusive machines on 
intranet networks all the time.

-----------------------------------
Roland Dobbins <rdobbins@arbor.net>