[TLS] draft-rhrd (Was: Re: Update on TLS 1.3 Middlebox Issues)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sun, 08 October 2017 22:32 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E926134964 for <tls@ietfa.amsl.com>; Sun, 8 Oct 2017 15:32:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1wHELP4TDbJY for <tls@ietfa.amsl.com>; Sun, 8 Oct 2017 15:32:53 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFD201345A4 for <tls@ietf.org>; Sun, 8 Oct 2017 15:32:53 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 80CE5BE47; Sun, 8 Oct 2017 23:32:51 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iuTeh8OhMPOa; Sun, 8 Oct 2017 23:32:49 +0100 (IST)
Received: from [10.244.2.100] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id ACFDFBE2F; Sun, 8 Oct 2017 23:32:49 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1507501969; bh=zeoF891gPDq7Y372A4QkQPbpDTRlnXGq+d3mQInd++4=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=XzKbxzvycPvO2DM2N/A6ec2bxC5MHMsu7wSDazEHlFcxPpFOc/6p8t4RjcveAuBcs 9lGuGKItfc8UXFU439EyKSCmLhcnlSSwyFUidLlwonDtQ2urs4qnN2HwfNwu+15H+2 Gj1IxW1Ds7q2kyCVHJXX8v4EK2Mn2BDsmwrVcEB0=
To: Eric Rescorla <ekr@rtfm.com>, Randy Bush <randy@psg.com>
Cc: Transport Layer Surveillance WG <tls@ietf.org>
References: <m2shetiafc.wl-randy@psg.com> <CABcZeBPA885itU+O-X+ri_P7Zxqbs1qXUmQFbE9Fc3h5YQfSMw@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <1854f9e7-7264-bd1a-9ae4-0407b682b731@cs.tcd.ie>
Date: Sun, 8 Oct 2017 23:32:48 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBPA885itU+O-X+ri_P7Zxqbs1qXUmQFbE9Fc3h5YQfSMw@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="jwnfrqNK3xhqM05kPWbKiWSM7gU1Chwr9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/cfuRjny5g7etW7BsE67R_RUN_A4>
Subject: [TLS] draft-rhrd (Was: Re: Update on TLS 1.3 Middlebox Issues)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Oct 2017 22:32:56 -0000


On 08/10/17 23:22, Eric Rescorla wrote:
> You seem to be responding to some other thread. 

Yep. I changed the subject line.

Randy's substantive message however is crystal clear. And is
one that WG participants ought take to heart IMO. Pretending
that some changes to TLS would magically be limited in scope
to so-called "data centres" is BS. I'm really really puzzled
that some otherwise sensible folks appear unable to see that.

S


> As both Adam Langley and I
> mentioned, none of the changes that anyone is investigating for reducing
> middlebox-induced breakage affect the cryptographic properties of TLS.
> 
> -Ekr
> 
> 
> On Sun, Oct 8, 2017 at 2:42 PM, Randy Bush <randy@psg.com>; wrote:
> 
>> there are a lot of us lurkers out here a bit horrified watching this wg
>> go off the rails.
>>
>> it would help if vendors of devices which break privacy would stop
>> speaking for 'datacenters' and let datacenters speak for themselves.  i
>> have not seen any doing so.  my $dayjob has >10 medium sized datacenters
>> serving everything from banks to telcos to scaled cloud services.  i can
>> not find folk in our datacenter groups who see a need to break e2e
>> encryption.
>>
>> if the interception proposals ensured that user is notified and able to
>> prevent session interception, then i would believe this.  but if they do
>> not, then let's face it, this is all about selling surveillance gear to
>> snooping enterprises and repressive regiemes where people with guns take
>> you away at 3am because your session was decoded.
>>
>> can we please provide real end to end privacy or call this wg something
>> else?
>>
>> randy
>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>
> 
> 
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>