Re: [TLS] Industry Concerns about TLS 1.3

Yoav Nir <ynir.ietf@gmail.com> Fri, 23 September 2016 20:40 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA57012BC9E for <tls@ietfa.amsl.com>; Fri, 23 Sep 2016 13:40:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UE_rhUlnXJI8 for <tls@ietfa.amsl.com>; Fri, 23 Sep 2016 13:40:27 -0700 (PDT)
Received: from mail-wm0-x22e.google.com (mail-wm0-x22e.google.com [IPv6:2a00:1450:400c:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 053E712BC8D for <tls@ietf.org>; Fri, 23 Sep 2016 13:40:27 -0700 (PDT)
Received: by mail-wm0-x22e.google.com with SMTP id w84so52706846wmg.1 for <tls@ietf.org>; Fri, 23 Sep 2016 13:40:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=W4RT2HItnIQqMWhCNz/9nvV+gfzg2qIQykVdX7bCpOA=; b=HqqTWXJijqzh6PrTq339NgDlTvdblwkDNkdX6Z5gxd2x/RM6fsoCTHBT3OG/9rs/UG TFCgtlzS60h0Bt3Kncb82zQF/5LAieFqyoI3csaohVm1Q2lgABXNkhIWfQwUtYgIIm4g QOfXdJg2rzRB+H6U19T0IPi8JDQ88I1xFF30YkyFbk1hd7jZ7b9x5EfUqEDcXEOaEAqD 41FU7KQ1Rsf5Pmwk8YsKhAQDVeQVxO6Bg9GjPGupRqC0h0upyZYQ9NUBijUKc+JK/1Y5 klMf5p9hH9MlrPxonpbDo8ju86tyqeE9pRHq1WTsJyKheuL2gOt8EC91+dmGDJ/d3bPH XYag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=W4RT2HItnIQqMWhCNz/9nvV+gfzg2qIQykVdX7bCpOA=; b=k5FZGYv6C17HA/lrahGdjp1C7ln9OSAQtWvGDyCSa7ZqUgBKy+WsgDYj3I+UrPQPsL rr4APLIh0UcPbyhgzD0aTAh22WfekvqovOsEhlDTROL/kRPAuH/JcBIKuyYrGDFEfhS0 SFEsipPR2EBHelrfiriQGSKcYqX4kbWiRLx8jZDgHAn12Y5jPw6OHEWQ2ITuEyLHwsIM vcReG0Oj7hXYDPyov8TFyYB8PlBvWfQ644UFs+X15nEV+E9O659qD9vUhs+8iPq1CWGE l3Qli2nIB9oEwTZeklnDeW8PiOkz6zrhdJytGPyVszRnXMDPO3fDwbpvtCD6p8edMA/r 1qBw==
X-Gm-Message-State: AA6/9RkTL/7WoJ2FSc1kws5SxGnRcUSHSm2fjbe2KkkJNSGLH+Pj+kHWuy7UcCKqxZSQ/A==
X-Received: by 10.194.155.100 with SMTP id vv4mr8840795wjb.56.1474663225428; Fri, 23 Sep 2016 13:40:25 -0700 (PDT)
Received: from [192.168.1.14] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id va3sm8912152wjb.18.2016.09.23.13.40.24 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 23 Sep 2016 13:40:24 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <e24a06b8d0d04ccc80b9a55d83bf5606@usma1ex-dag1mb1.msg.corp.akamai.com>
Date: Fri, 23 Sep 2016 23:40:22 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <007398E5-DCEF-4490-ABA4-C361A099A3BC@gmail.com>
References: <DM5PR11MB1419B782D2BEF0E0A35E420DF4C90@DM5PR11MB1419.namprd11.prod.outlook.com> <CO1PR07MB283F2C414B6478E993675DEC3C90@CO1PR07MB283.namprd07.prod.outlook.com> <394611bf-208f-03d3-620c-79aaf169645b@cs.tcd.ie> <4FC37E442D05A748896589E468752CAA0DBC66AE@PWN401EA120.ent.corp.bcbsm.com> <CAH8yC8kgYzYXwJ01NkK7WYxD-diponWEQOd+MNHssm+bLHE54w@mail.gmail.com> <4FC37E442D05A748896589E468752CAA0DBC699B@PWN401EA120.ent.corp.bcbsm.com> <CACsn0c=5vjzQmr=ah6sH1JzTj3peaKad7aCPertcqD4B2DLKiA@mail.gmail.com> <72011214.413503.1474650126973@mail.yahoo.com> <e24a06b8d0d04ccc80b9a55d83bf5606@usma1ex-dag1mb1.msg.corp.akamai.com>
To: Rich Salz <rsalz@akamai.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/cNTrVQHdBp4ywswG5DvudnII2nU>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Industry Concerns about TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Sep 2016 20:40:29 -0000

> On 23 Sep 2016, at 10:08 PM, Salz, Rich <rsalz@akamai.com>; wrote:
> 
> 
> Look, pretty much the entire world is being spied on by national-scale adversaries who are recording all traffic for eventual decryption and correlation.  *Almost everyone* is having their traffic surveilled. The problems of debugging a set of enterprise apps doesn’t amount to a hill of beans in that world. It just doesn't. Same for a particular industry's regulatory requirements. 

+1

And if almost everyone is having the traffic surveilled, you can bet that the financial industry in every country is definitely being surveilled. Probably by multiple agencies from multiple countries.

Yoav