IETF Logo Mail Archive

[TLS] NIST Draft comments period: Addressing Visibility Challenges with TLS 1.3

"Salz, Rich" <rsalz@akamai.com> Tue, 16 May 2023 11:18 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 106CAC05E03A for <tls@ietfa.amsl.com>; Tue, 16 May 2023 04:18:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w5T_zpvGa95H for <tls@ietfa.amsl.com>; Tue, 16 May 2023 04:18:32 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 072CFC151099 for <tls@ietf.org>; Tue, 16 May 2023 04:18:31 -0700 (PDT)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.17.1.19/8.17.1.19) with ESMTP id 34GAf2l9014506 for <tls@ietf.org>; Tue, 16 May 2023 12:18:30 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=OhiGfGGrd1KyvjDzZsAWHP59wKcPoKjbQTGHytuVfws=; b=B43BWk3t0XifwEYJkALbxJtbVvHzkwD+HFyXBEZiIFI6SX9etUhKdGTd0TRCgxJ3MMdB PzLZ9uwFHfsiOWvdHA0ZvLT/8e76ZYQ8ny01Aymmoenz8E9OCC5MSwvKwJ5bM43fuodK MqqaXuSFSB336Er8f9xJb17s7DCui7/X6NhZ+zeTXupX+93/veHA9IXz4k+5hcvmsn4V eVvEeHv1MC0oJM1LlYcmGn2sPF02eDof0IlYRk0FQ2AQnSXImcUU6Aw18KJNW60ClsSa fCGN6V5LqzHzwbClzIJ3YJQx9Una6ZCurUw/lHMRTets30Y17euv1rDrhUTnUPK5stAV SQ==
Received: from prod-mail-ppoint4 (a72-247-45-32.deploy.static.akamaitechnologies.com [72.247.45.32] (may be forged)) by m0050102.ppops.net-00190b01. (PPS) with ESMTPS id 3qhymfqnfq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <tls@ietf.org>; Tue, 16 May 2023 12:18:30 +0100
Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.17.1.19/8.17.1.19) with ESMTP id 34G8TYQS029833 for <tls@ietf.org>; Tue, 16 May 2023 07:18:30 -0400
Received: from email.msg.corp.akamai.com ([172.27.50.205]) by prod-mail-ppoint4.akamai.com (PPS) with ESMTPS id 3qj5vvsy41-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <tls@ietf.org>; Tue, 16 May 2023 07:18:29 -0400
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com (172.27.50.203) by ustx2ex-dag4mb6.msg.corp.akamai.com (172.27.50.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Tue, 16 May 2023 04:18:29 -0700
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) by ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) with mapi id 15.02.1118.026; Tue, 16 May 2023 04:18:29 -0700
From: "Salz, Rich" <rsalz@akamai.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: NIST Draft comments period: Addressing Visibility Challenges with TLS 1.3
Thread-Index: AQHZh+gkgLa7BUkUwE2qbU9oMQ3IhA==
Date: Tue, 16 May 2023 11:18:29 +0000
Message-ID: <497567B2-AB42-436E-9BE5-95CCA121E62A@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.72.23043001
x-originating-ip: [172.27.118.139]
Content-Type: text/plain; charset="utf-8"
Content-ID: <3F6BB782E1B31A48BCE787CF6EBFEB42@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-05-16_04,2023-05-16_01,2023-02-09_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 mlxlogscore=865 phishscore=0 spamscore=0 malwarescore=0 bulkscore=0 mlxscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2304280000 definitions=main-2305160096
X-Proofpoint-GUID: 7XXmPmYpm-iSjbm8YozlWViHnK7RmCbU
X-Proofpoint-ORIG-GUID: 7XXmPmYpm-iSjbm8YozlWViHnK7RmCbU
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-05-16_04,2023-05-16_01,2023-02-09_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 adultscore=0 priorityscore=1501 malwarescore=0 clxscore=1015 phishscore=0 lowpriorityscore=0 impostorscore=0 mlxscore=0 mlxlogscore=799 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2304280000 definitions=main-2305160096
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/cFjHTIt-UqoqRXgnrGbTulJlGUo>
Subject: [TLS] NIST Draft comments period: Addressing Visibility Challenges with TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 May 2023 11:18:36 -0000

Public comment period open until June 26.

Quoting from https://content.govdelivery.com/accounts/USNIST/bulletins/359534b

This project builds on our earlier work, “https://www.nccoe.nist.gov/tls-server-certificate-management,” which showed organizations how to centrally monitor and manage their TLS certificates. We are now focusing on protocol enhancements such as TLS 1.3 which have helped organizations boost performance and address security concerns. These same enhancements have also reduced enterprise visibility into internal traffic flows within the organizations' environment. This project aims to change that--and has two main objectives:
• Provide security and IT professionals practical approaches and tools to help them gain more visibility into the information being exchanged on their organizations’ servers.
• Help users fully adopt TLS 1.3 in their private data centers and in hybrid cloud environments—while maintaining regulatory compliance, security, and operations.

v2.23.0 | Report a Bug | By Email