Re: [TLS] draft-green-tls-static-dh-in-tls13-01

Nico Williams <> Sun, 09 July 2017 19:15 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 42171129AA8 for <>; Sun, 9 Jul 2017 12:15:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bH9QuIFVes3a for <>; Sun, 9 Jul 2017 12:15:41 -0700 (PDT)
Received: from ( []) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1A4BC129B4D for <>; Sun, 9 Jul 2017 12:15:41 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id 40AE3C086D04; Sun, 9 Jul 2017 12:15:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to;; bh=kdLt2bRtGgVETr WmHzR7d1ofwdM=; b=ZLSCMRkGdBkFuWBiJm/4MdEC4XNf1ejnLX9cHL1Wqc5tbM Vj4PmuGET2DrGimqp99DJHAWYjqRxwjjVo5ecFNeB2eS9DcsL5M28tDAVENL/W7a +ODrrdRoD44jv4NNVct0LKbm40igWG9clxRmyH+JFY7jfP8ZatP5vTJ2WzUQg=
Received: from localhost ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: by (Postfix) with ESMTPSA id ECD69C0028B0; Sun, 9 Jul 2017 12:15:39 -0700 (PDT)
Date: Sun, 9 Jul 2017 14:15:37 -0500
From: Nico Williams <>
To: Matthew Green <>
Message-ID: <20170709191536.GJ3393@localhost>
References: <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 09 Jul 2017 19:15:42 -0000

I don't understand this proposal at all.  You absolutely can build in
wiretapping capabilities into TLS server implementations without any
help from the TLS protocol.

(E.g., your servers could send a multicast UDP datagram for each
session/connection, bearing metadata and master keys encrypted to a
logging facility's public key, or in a logging session key.  If UDP be
insufficiently reliable for your needs, then use TCP.  Yes, there's
overhead in this, but it's minimal, and you already need fast logging
facilities anyways.)

Changing the TLS protocol to aid in wiretapping risks introducing
vulnerabilities in the protocol.