Re: [TLS] Update on TLS 1.3 Middlebox Issues
Randy Bush <randy@psg.com> Sun, 08 October 2017 22:39 UTC
Return-Path: <randy@psg.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A96DC133061 for <tls@ietfa.amsl.com>; Sun, 8 Oct 2017 15:39:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yy-Lz0GDha2m for <tls@ietfa.amsl.com>; Sun, 8 Oct 2017 15:39:26 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8778413495E for <tls@ietf.org>; Sun, 8 Oct 2017 15:39:26 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.86_2) (envelope-from <randy@psg.com>) id 1e1KEF-0002aq-IU; Sun, 08 Oct 2017 22:39:24 +0000
Date: Mon, 09 Oct 2017 07:39:21 +0900
Message-ID: <m2o9phi7s6.wl-randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Rich Salz <rsalz@akamai.com>, Transport Layer Surveillance WG <tls@ietf.org>
In-Reply-To: <CABcZeBPA885itU+O-X+ri_P7Zxqbs1qXUmQFbE9Fc3h5YQfSMw@mail.gmail.com>
References: <m2shetiafc.wl-randy@psg.com> <CABcZeBPA885itU+O-X+ri_P7Zxqbs1qXUmQFbE9Fc3h5YQfSMw@mail.gmail.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/25.2 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/fJG2ivtUV6BZH6QBttjtmG-w5xA>
Subject: Re: [TLS] Update on TLS 1.3 Middlebox Issues
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Oct 2017 22:39:28 -0000
> You seem to be responding to some other thread. As both Adam Langley and I > mentioned, none of the changes that anyone is investigating for reducing > middlebox-induced breakage affect the cryptographic properties of TLS. my apologies. i can only plead low caffeine (6:45 am tokyo time). the proper threads would have been draft-green-tls-static-dh-in-tls13 draft-rhrd-tls-tls13-visibility etc etc etc it's getting to be that you can smell a red herring by the word 'datacenter' when it's really vendors of surveillance gear and three letter agencies. > On Sun, Oct 8, 2017 at 2:42 PM, Randy Bush <randy@psg.com> wrote: ^^^^^^^ that's your clock, not mine :) > >> there are a lot of us lurkers out here a bit horrified watching this wg >> go off the rails. >> >> it would help if vendors of devices which break privacy would stop >> speaking for 'datacenters' and let datacenters speak for themselves. i >> have not seen any doing so. my $dayjob has>10 medium sized datacenters >> serving everything from banks to telcos to scaled cloud services. i can >> not find folk in our datacenter groups who see a need to break e2e >> encryption. >> >> if the interception proposals ensured that user is notified and able to >> prevent session interception, then i would believe this. but if they do >> not, then let's face it, this is all about selling surveillance gear to >> snooping enterprises and repressive regiemes where people with guns take >> you away at 3am because your session was decoded. >> >> can we please provide real end to end privacy or call this wg something >> else? randy
- [TLS] Update on TLS 1.3 Middlebox Issues Eric Rescorla
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Salz, Rich
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Carl Mehner
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Hanno Böck
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Ilari Liusvaara
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Yoav Nir
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Eric Rescorla
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Nick Sullivan
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Salz, Rich
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Watson Ladd
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Richard Barnes
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Eric Rescorla
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Eric Rescorla
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Salz, Rich
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Jeffrey Walton
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Hanno Böck
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Eric Rescorla
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Ilari Liusvaara
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Salz, Rich
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Adam Langley
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Yoav Nir
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Ilari Liusvaara
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Randy Bush
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Eric Rescorla
- [TLS] draft-rhrd (Was: Re: Update on TLS 1.3 Midd… Stephen Farrell
- Re: [TLS] draft-rhrd (Was: Re: Update on TLS 1.3 … Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Randy Bush
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Salz, Rich
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Martin Rex
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Martin Rex
- Re: [TLS] draft-rhrd (Was: Re: Update on TLS 1.3 … Stephen Farrell
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Ilari Liusvaara
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Martin Rex
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Hannes Tschofenig
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Ilari Liusvaara
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Ilari Liusvaara
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Martin Rex
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Hubert Kario
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Loganaden Velvindron
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Matt Caswell