Re: [TLS] Breaking into TLS to protect customers

Matthew Ford <ford@isoc.org> Mon, 19 March 2018 08:29 UTC

Return-Path: <ford@isoc.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19A53124E15 for <tls@ietfa.amsl.com>; Mon, 19 Mar 2018 01:29:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isoc.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mitxkfpin1Rh for <tls@ietfa.amsl.com>; Mon, 19 Mar 2018 01:29:06 -0700 (PDT)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0053.outbound.protection.outlook.com [104.47.32.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DEC9120721 for <tls@ietf.org>; Mon, 19 Mar 2018 01:29:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isoc.org; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=KXRBSKlGVd3K8Wi4VwCPuAkuxaWlRxFRjjRyvQmKL0I=; b=xDxHAzrgjyU7MMBMRFAEifD+WAAkDOYHKmCdMgEg+nFT4/PuI7UxicqkSOU8EzIPTd66QU6I+Wa7OErGZazzf19sd73/AXhyI1jAlK+T7rk3s/O5dppFfCxva0wb3ANo6uJm/oFtvldwvHrQp8AKreI65YBQihMkVo0YfRq0Wcs=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=ford@isoc.org;
Received: from [IPv6:2001:67c:1232:144:70ea:659a:e62c:b1e2] (2001:67c:1232:144:70ea:659a:e62c:b1e2) by BLUPR06MB178.namprd06.prod.outlook.com (2a01:111:e400:84b::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.588.14; Mon, 19 Mar 2018 08:29:02 +0000
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Matthew Ford <ford@isoc.org>
In-Reply-To: <CAPBBiVRJRNi3oQCPbv0mn82nvgMXcF6VosOS8-GTB0xebxG4Hg@mail.gmail.com>
Date: Mon, 19 Mar 2018 08:28:55 +0000
Cc: "Ackermann, Michael" <MAckermann@bcbsm.com>, "tls@ietf.org" <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <3A498F31-70AC-44B5-B71E-C7E1DA8E7DC1@isoc.org>
References: <C43EDAAC-1CA1-4289-8659-B2E05985F79C@akamai.com> <E22E3F4C-2A44-4F17-9FEA-18760C36A1E8@gmail.com> <BN7PR14MB23698A785363CC424A981A15D7D00@BN7PR14MB2369.namprd14.prod.outlook.com> <CAPBBiVRJRNi3oQCPbv0mn82nvgMXcF6VosOS8-GTB0xebxG4Hg@mail.gmail.com>
To: Darin Pettis <dpp.edco@gmail.com>
X-Mailer: Apple Mail (2.3445.5.20)
X-Originating-IP: [2001:67c:1232:144:70ea:659a:e62c:b1e2]
X-ClientProxiedBy: MWHPR18CA0026.namprd18.prod.outlook.com (2603:10b6:320:31::12) To BLUPR06MB178.namprd06.prod.outlook.com (2a01:111:e400:84b::18)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 6e66f3d7-717b-477e-e81c-08d58d7379ae
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BLUPR06MB178;
X-Microsoft-Exchange-Diagnostics: 1; BLUPR06MB178; 3:hRvI7OCGihy+E1Y7Ax8RR+bMJ+Wezwj6Cd86+qoQSbz4mI1qOyKPWz+nDrBZdNU2BXxLOl5XgsfaeyZW8poKJAzirRU728oe5cuS72GhlmDzfDd3rpBQiFtg+FjgAhLLF1HL5m9DswlsuY6Z9TQmYHtKfHnJCMnBLp9DMcy1hlweHbYhvfikF8N90IJpyPwYawX7a5H2uoMq8VS5WJL1fHkdO2mssHYualYWzUVILDTm6cJ2zQ0PgM9VvVcVhNgZ; 25:CTJaa9LFE4CzY9z4ihiQnBL87zKM86pMJ0lvgYyeVVEXwrQpe5p8juiQbeaEDUcUqrwMSfb1sbJOfs9CvjTgnjbX/Wligiz7TKDKRgNIbxNoDRFig2r/EjB9R7HdWwPnaG1Gm8pY/AL+aJNoCG4IOM65vN6cEeLEo2LSsB5xMiGhU1NJ9an2jm8LVfcnZgNLQPki9YGauBs19SGnXx5TyTJ2aDe7YcnGo8mtcDmG7L+ez/KSx8icHGqk13No6RZ7XWwj0NGtfCb/+WaHatUbLgwkrnbq7CTzJMbx/MyKkWQeTQUyiRLEv8o1JVBYbKLn2EylXKINxe3mxfmrj7C1dA==; 31:0zNbJwQU+2iilv34L1x8p2tGaKlSK4xdXd6/HZMNEb1U8c+4OAm3136kct8s/6cvoom1GNMyuUx8I/IaS+MWyQUTl03k9BFXCyW5x9DAA2glEwd98opbEnWimCBKoFz/a1eU9miKIuyxr4shFj3qQ3KTePvjP54l1/RF8mSoXkshttPbMbrZ43+8Zj6qf6M+fTwE3qc3FLoYvx+of72mXYG58fhQBaNLJRAgtRrZv8k=
X-MS-TrafficTypeDiagnostic: BLUPR06MB178:
X-Microsoft-Exchange-Diagnostics: 1; BLUPR06MB178; 20:40spmuPncPRL5OK5wYpjTgXfnQ9K6n3AUeEd+bwf7vWeC9Kc/E1X0RCVNlT8Z98QH2T0+tZ8MBtXPDCvIt74iBlqR2IP77X+z+DLLf/5mhKIxYg2AHFO5rXeMUAJrti2qR4EmdoHu7G1/070yuiugtKypeZu1afyjKVTghgS+YaHZVE4o3i5ZtRtYhifTPFI+V+GAzpe9QZuJrnUReXRL965LhgMGgNx4r1VTyC0ztXD5ZU9CgurKA1KBfOYKzl90sJb8fKwSKLhbFQ7sNRxlUG0pyEh7iwX05dYCVEzp6aSZMICExB+Z6DwaBP0WsBHaKATk028d+tcFX2l9KRG69Mr1Qt9/6e8YsQoO4HJYEOnBiTHJZSU8HbLypFDfgBCXryMEfUGEnoknH79xyYZtT/hSTOLi8alR3c+CzWxERXK3hnaa9nzl/0E4eOC3/n3d+bxC91hpkk07D0G9UIgJLek4US9Bo0hJRR23U9dcJjFq2F4w4e8ig7fP0rrbYf2; 4:TjnO9+CgTxRwqkA2oieuIol7uODeUhFcrkif4yXXZtRRCbryFoppF0ro9uyuSxdu8+ZAeJj1UptQh/WhODeUVDbPvA04v6Q24qZg0g24IGfwaSuCIX42Kzpdxe9Vd3vyt3kCyvpJtnpMp7a/jlaLFWQlhMjZ69eCuzhe2NIgrD9ylDJgwg8N6kR3xGkGV/CbQqO96VEL19PQ0YqJI5aQXGpPH4ysxNucrQN6LqS8+pjJyINkCcJSMY7iAihGs/4Ymq0ElmQCjQdHukvPI4jGRhEoKxO0tv/fn+xJHvnQlMak8nVOu21I/EkAH0IXnhHQ
X-Microsoft-Antispam-PRVS: <BLUPR06MB178BC24AB727268A279F185A7D40@BLUPR06MB178.namprd06.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(85827821059158);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231221)(944501244)(52105095)(10201501046)(6041310)(20161123560045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123558120)(6072148)(201708071742011); SRVR:BLUPR06MB178; BCL:0; PCL:0; RULEID:; SRVR:BLUPR06MB178;
X-Forefront-PRVS: 06167FAD59
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(366004)(346002)(396003)(39380400002)(376002)(39840400004)(199004)(189003)(6246003)(5660300001)(8936002)(8746002)(52396003)(81156014)(81166006)(305945005)(57306001)(86362001)(7736002)(4326008)(54906003)(39060400002)(25786009)(50226002)(97736004)(6916009)(2950100002)(6486002)(1706002)(36756003)(2906002)(106356001)(46003)(33656002)(68736007)(47776003)(53936002)(23726003)(6666003)(6116002)(50466002)(82746002)(105586002)(83716003)(558084003)(16526019)(186003)(316002)(386003)(53546011)(93886005)(478600001)(229853002)(8676002)(52116002)(76176011); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR06MB178; H:[IPv6:2001:67c:1232:144:70ea:659a:e62c:b1e2]; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Received-SPF: None (protection.outlook.com: isoc.org does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BLUPR06MB178; 23:7mWFaYsIjay52CBA/g0erjLyytsU0Iab5cHr42fJQK?= =?us-ascii?Q?rdJy7+1k6pw68hxSjbQmi2j3JU1VHeVW7xby4c64B+kF2ReY7DIwzGijvsYi?= =?us-ascii?Q?cBGqo+wGyrC6w/EnGUNafISwTbLY6f38u+S4fCcIGKPyX3S1FHgx5Xw6w0Xa?= =?us-ascii?Q?piEbNczQgloca5n315bprWh4qoRsqX6h/rwO+aUxO6tKSzabuemdvkGrQsEY?= =?us-ascii?Q?iwRfBGhxmslLDzWQu+WD9X6abiKEZUMOXFk/RHYui0XlmxjFPpY8B4FLvw23?= =?us-ascii?Q?GnNxZoD84XvTkP73BVDlv7zUqsWM0oOZXjBtuYlC8HvPHhY11RsQVDNZJmUb?= =?us-ascii?Q?lQCouyRirF4GVPIQIOkSoovFgPCWzgdF0/ugizaHOGD+5E3jB3BRT7+zrgyn?= =?us-ascii?Q?atN7One153BuG0Qc0W3gKe8ii6Cv/dQrzkM2vlMj/VPq1r7EiYWFcyyfejaf?= =?us-ascii?Q?6uGq1OWtrPTwcHZOpQxfhAasxTez3VA80vywOrLjRFYQMuF8FPCw1cu7RSar?= =?us-ascii?Q?XNKDIuBgG3XwWowOhn+bbaS83Ds0jmK5mmvpYMKLD6pQFq5Do8B2hLNDs0Iz?= =?us-ascii?Q?8CJGDllqbHl4HbRAL/B5y9RZ2jVohToh1MUfE+KVP07eKdHJkLexcMTBtrll?= =?us-ascii?Q?U4NxSjbfG4yEWrEaoLQ2rhCU3w25NE4xMaCsZDMPdwOCbh6DlA7+EtXzAUdQ?= =?us-ascii?Q?0N3pNfIAGapK+3AtblxE870ZGkPphhI7zPJaCMltqZdZ9TwwWO2LnR4RdKbk?= =?us-ascii?Q?XJH/zwZD7Z4ALikYHOZdSYxmnJOv/RExHu6qqd4LIGaZ3eHT2jtMLsHAflSh?= =?us-ascii?Q?u4GhRvN8hF/fLmVcs6czoNGfTM3xJgHpBk5Gc32nMiuq/aclw+L+vQdL+F6j?= =?us-ascii?Q?RlZmPcHU+Jc72/3nZVO6KAQAHZEAsBh2omEDl8rJM8WymPlOZni5u9iRu9R/?= =?us-ascii?Q?GXFfU5L9qPlhKud8aeFAS3bDsB18+Rm4HTYWBRDe9RPhLV/GOmrokpNmu5Gh?= =?us-ascii?Q?Xy7rksNbD5kd09y3zlY02GTDojfzhFAi+pcrc0pvfGn+koeWfbgR6ilXWMGn?= =?us-ascii?Q?ofKZD8UvdFTT6BII4oiJUR+djU/hQWk+bCBudTW43rpthUsxqWJUsRmbkGKN?= =?us-ascii?Q?brsCanNQz5PxlXohvLRvEeLrzwwzpbt+DX+/QzHFeFGa4fP1rIGpYl8JmCSf?= =?us-ascii?Q?7jOaV0Mf8uO2bMJcFzVxwBchQnpjdDQZih+gYAv+B7MCqSGTnbHVVC7e47Gb?= =?us-ascii?Q?B/PcwA1xKskjekFhsb5xuzmf899WaTJ4EBXl8bGCmlDuL/x0GVG0FKAatcvQ?= =?us-ascii?Q?=3D=3D?=
X-Microsoft-Antispam-Message-Info: fR7MZqSuXVd8uHZF3s+E4xNmpKP3PzTVb5KoDYfiQY6LYzXcU2+7ikbKtGVRP38DWwIsxWJecFZEZ1DLfZWNMazBsDchNqXuQkoEeVKwVUqsJfKzv1XaTvoBeCyczp1bn3NBTwsSyM4MNgsgjGJxbyY/9fvcJ/c37dUjumOIBvq8oABaBHQA0PQjbdRSXkr5
X-Microsoft-Exchange-Diagnostics: 1; BLUPR06MB178; 6:lPEisDuu7RYE1OcWYAbnoU/+EUREx7tJe2s96E8WPpgyg951LfeGJrj6qDJGmf+Das9n5HKlukTyWoeFyYr0+7fZvleJnClrdvHxPHqM1IRj4ncb0Kmg4FF94PtNKI/gj8ircVsdhuqiTDmI7/tCp0kntbHmsCbLVx+HaGkY5iECNPs/kozOvHioTfwn+Qd1ivu6YjeOXfsS69jTFcY0ukLnySfP4/QrIT/0A1nyuAw40sQyzZ8Cs5c6TQL3/EfGr+XCdv2UN/fnk/Kk+uOxyacmJtYBUAjMVzAvib74c6AH9ebIOL7x4X+/WMtMHb6B4oygM0eNVzSbLNQTkdcOncdkd78EaW8d2MzCm72wRr0=; 5:YU20zRkmAlxzH1Mjo7Nbmic8xMAUFzawLOlPh9JVzwqtV8UmLAMT05YVfnjQ55jH/7jWyMILchMDay/Q6g5Ev0m3QefY+ewHUA3WaSwld6sEHsDxnUyQ5n0kVz2+BzYvVOPJWEkbAjusBnEMyPApQvg84jVC1+HETd2nOEONT0M=; 24:AKq19Xc6TulvzCC4DTMLcyKsUJ0kfhfNC1c8eGPqooS2W43d2u5jggUP5LbWyyFOJ4LerjRmpBkQdpI4i0A7IHNLcbAGopqpz3uG6cdAdNk=; 7:4q/Pe7GQTpTGdAEvRK1E1AqfEreyC+CKE6F8oud2ocvciklHM30Y/BvLn+LmenzkZ8gki5tbskxu5Ae7KA7V9HTpG3dvbY7bimwmMxMZEUm4E///M/1UlzSHyJVwEZWP4Ivzad/Rcd3l9vxcQUJ+Keu2TWMbwIQMCXYBB9nIGlYSw9FnlIPP6kYwXdxVel+kSSUiwV6izlMhdZpx+exRw4muZMTugxqQBIoWpjlrgfvzqMMdUZct70NIkZQfBsln
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: isoc.org
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Mar 2018 08:29:02.9429 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 6e66f3d7-717b-477e-e81c-08d58d7379ae
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 89f84dfb-7285-4810-bc4d-8b9b5794554f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR06MB178
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/bbBgD7SdQt3zKdMDHCXBsYWDJXE>
Subject: Re: [TLS] Breaking into TLS to protect customers
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2018 08:29:08 -0000

Hi Darin,

> On 18 Mar 2018, at 16:09, Darin Pettis <dpp.edco@gmail.com>; wrote:
> 
> pushing this to another technology or WG isn't going to solve the current problem in time.

In time for what?

Mat