Re: [TLS] draft-green-tls-static-dh-in-tls13-01

Watson Ladd <> Sat, 15 July 2017 19:25 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 74DA2126B7E for <>; Sat, 15 Jul 2017 12:25:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id OdyKCA5OwEjl for <>; Sat, 15 Jul 2017 12:25:37 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400e:c00::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 745B8124217 for <>; Sat, 15 Jul 2017 12:25:37 -0700 (PDT)
Received: by with SMTP id q85so59633787pfq.1 for <>; Sat, 15 Jul 2017 12:25:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=tgX/ZNatIzHbLylLupk/bcXFZ0nl1Br4BchGriWWEl0=; b=quMH1TnZBD0ZfHwO8J5RpBSbYYMoRJ0vd3AyhyHQmY33RmtZmgukw8uqfJ94umElO6 PLVgqFYNZhjHLY+Wtm/oqWIT1EGBdPru8boIBWugd1KHLPltychFiaLk5XTBTpN3loa4 y7JIXwLhdpMfgedZpRKwC1iQhDPMXVQOq0HEvMliwEtkmLk0X7kM7dA+M9CWpmK0/oQa Fn7ZaP6bs2oZYQXV8iJ1kH484xG6G0WcVLnQcPpAcu+Wt3Bb6Mv7PLiRMZgokRSbfbV3 /N2ZXAGqfgbeqFLlh2tE2KAeR9a8g/3aRGSWAHUha2Sgy8EYkOFLHsP8H0Sr6dHPVlx+ +v4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=tgX/ZNatIzHbLylLupk/bcXFZ0nl1Br4BchGriWWEl0=; b=IOwohi/+u4bZHRXi1K7Cr63oqgTZywpW5XAfIZz9oE8b1jy7f/vELreZCTq9k2XyF5 zfCLLwhmHD2Qb3CgXeuIPW7CliD8ayEggQp45yu6fxBwTAbgpCbbTrGHQ2JiIx7IjlYj aIiLLBJqEpS0/kb4uz88bmcH1YG6EmVmKb1JLCe5gGZ1MslT+JWpKbYbjXH9XOyC0Qyw 9/9uKf4xkFtqUC6vc99ESSquT6ToSkAjGb+jkMsiEoxsYIHJS7pov88AklJy85PppO9r O8NWSGQMdXMiZGcDfcsFKCrB2OosnaG4oX+e3opMEq7pnt3IsywUlWsNwq1tHa6p1l4w NL2w==
X-Gm-Message-State: AIVw1124n/RtY3sDtkMtQqRlVxnNosMPWel2EEVuAmOyLE0YOXthMRRq 0yeQ3d1m7Fr0IpTN5TI06oaXN3r7kA==
X-Received: by with SMTP id d15mr22768912pln.4.1500146737098; Sat, 15 Jul 2017 12:25:37 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Sat, 15 Jul 2017 12:25:36 -0700 (PDT)
Received: by with HTTP; Sat, 15 Jul 2017 12:25:36 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
From: Watson Ladd <>
Date: Sat, 15 Jul 2017 12:25:36 -0700
Message-ID: <>
To: "Ackermann, Michael" <>
Cc: Matthew Green <>, "Dobbins, Roland" <>, IETF TLS <>
Content-Type: multipart/alternative; boundary="94eb2c19ecb460342e055460211b"
Archived-At: <>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 15 Jul 2017 19:25:39 -0000

On Jul 15, 2017 11:16 AM, "Ackermann, Michael" <> wrote:


I tried to say in my message that collecting traces on thousands,  or
hundreds of thousands of hosts,  is just not practical or possible.   Not
to mention the administrative domain barriers to this.

We do it every day at my current employer. Guess we do the impossible.

*From:* Dobbins, Roland []
*Sent:* Saturday, July 15, 2017 2:03 PM
*To:* Ackermann, Michael <>
*Cc:* Ted Lemon <>om>; IETF TLS <>rg>; Matthew Green <>
*Subject:* Re: [TLS] draft-green-tls-static-dh-in-tls13-01

On Jul 15, 2017, at 22:36, Ackermann, Michael <> wrote:

That being the unencrypted stream is available to the endpoints

Even where it is eventually available, they don't have the horsepower to
capture & forward.

Roland Dobbins <>

The information contained in this communication is highly confidential and
is intended solely for the use of the individual(s) to whom this
communication is directed. If you are not the intended recipient, you are
hereby notified that any viewing, copying, disclosure or distribution of
this information is prohibited. Please notify the sender, by electronic
mail or telephone, of any unintended receipt and delete the original
message without making any copies.

Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are
nonprofit corporations and independent licensees of the Blue Cross and Blue
Shield Association.

TLS mailing list