Re: [TLS] draft-green-tls-static-dh-in-tls13-01
"Roland Dobbins" <rdobbins@arbor.net> Mon, 17 July 2017 10:42 UTC
Return-Path: <rdobbins@arbor.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A7FB131B56 for <tls@ietfa.amsl.com>; Mon, 17 Jul 2017 03:42:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=thescout.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VfaDYXAvFj9R for <tls@ietfa.amsl.com>; Mon, 17 Jul 2017 03:42:31 -0700 (PDT)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0128.outbound.protection.outlook.com [104.47.40.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B433013189C for <tls@ietf.org>; Mon, 17 Jul 2017 03:42:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thescout.onmicrosoft.com; s=selector1-arbor-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=9Bz0oxd7YSzfq4PS9/+XZ/jzwlgPdX5lP9oWdsVs27k=; b=dkaHxsxIBS3rjPTEN5Emue4DgJJFNQR3TMvQP9b5hxUJzEPWZV5F/DtYuJzyjpwCbcGnqRVBSh1g1km1g1c1GvYALVXiGVqoqIPTvRASNcGFVpnQpRD6azeO3kBM4AIkpSQN9S4/n+l4kPvIH+x9zu9HfgFhpLKEQQB6kwcDqvo=
Authentication-Results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=arbor.net;
Received: from [172.16.1.3] (88.208.89.131) by BY1PR0101MB1029.prod.exchangelabs.com (10.160.199.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1261.13; Mon, 17 Jul 2017 10:42:28 +0000
From: Roland Dobbins <rdobbins@arbor.net>
To: Watson Ladd <watsonbladd@gmail.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Date: Mon, 17 Jul 2017 12:42:17 +0200
Message-ID: <7423703D-5277-4F78-A2ED-1B7E152E7B08@arbor.net>
In-Reply-To: <CACsn0cnc0X5++cOvTNsboda8J42qg3VDquZ4Va-X-YDcggnbvA@mail.gmail.com>
References: <CAPCANN-xgf3auqy+pFfL6VO5GpEsCCHYkROAwiB1u=8a4yj+Fg@mail.gmail.com> <CAOjisRxxN9QjCqmDpkBOsEhEc7XCpM9Hk9QSSAO65XDPNegy0w@mail.gmail.com> <CABtrr-XbJMYQ+FTQQiSw2gmDVjnpuhgJb3GTWXvLkNewwuJmUg@mail.gmail.com> <72BACCE6-CCB9-4DE9-84E6-0F942E8C7093@gmail.com> <a0a7b2ed-8017-9a54-fec0-6156c31bbbfa@nomountain.net> <6AF150DF-D3C8-4A4A-9D56-617C56539A6E@arbor.net> <CAN2QdAGRTLyucM1-JPmDU17kQgAv0bPZNASh54v=XoCW+qj48A@mail.gmail.com> <CACsn0cnc0X5++cOvTNsboda8J42qg3VDquZ4Va-X-YDcggnbvA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.6r5347)
X-Originating-IP: [88.208.89.131]
X-ClientProxiedBy: DB6PR04CA0014.eurprd04.prod.outlook.com (10.170.208.27) To BY1PR0101MB1029.prod.exchangelabs.com (10.160.199.154)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: b75a0f6f-f794-46cb-8ac6-08d4cd0085a7
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(300000503095)(300135400095)(201703131423075)(201703031133081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:BY1PR0101MB1029;
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0101MB1029; 3:N3EEfzNFdN2kFwnlNN74J/LuZEFP2fw5gg0j5JrD0s6q1Gj9/OIk/AVvycMrQY3XoJYBnVyZ7zWhyJzPHuWUg5DcueqZUxcnGFdZB9xNEd6EQQ3B3W1X9fWcNzUGcUfAVR5xOz8CtUZt4hzIKcT9KnaYSy0Y5ziKUob1hkWE7bnzn4RO9BTu/bf/DZUOdPk/NuEbhgoD2oxolgxQaUMyRxDRa742wBUeAh2SuTN4lI+hZpGkkJFD/peHAXw125n3CHIxIHunP+NG5rhRdm8ODAZ38qrddjsGavsY4WvnYSGtEYAjCOzH5YbuAxM6jA9pDqVKsWQtYp/qwyi2RtZpm6ekvWY41SGB3mkIHlkg47Jhir7g2daks/2bAHqwKcHOMeloK7mgZTHRCvJiQDbcxfZlrNeTs358vdgGJXld8sk+qlT+S50u84CMY8cehBGADp0xNwWYUrCpc62dfOxSbPGOgw1sAA6IYzuOFbklmR9Zx2/P6kfkFpIQMJFXiy4jDr/7kxRu54wdiTlcF3TLYaT2MeS34lQQejSAwWCZzlDLi0v3ES5/u3sFKPQbcEqRqZF0tgmtWtWUDVaiMSGgT8o0xZrbo4acPxwPNUIKRP0Pn13QgzmhnzyPwg7Om/3H3YOt6JxIfqaZLAQ3EZU6Vdte/zFIEJ8lbX2wMPIkkDAi5tvRV2tV7D3r8hAXNa8D7oSyVvWo/Jn19n+/Z4SGN5k5n9iuck1Tc4TNdmbWuzY=
X-MS-TrafficTypeDiagnostic: BY1PR0101MB1029:
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0101MB1029; 25:X/3DaR0WGspk+j85FHBIsQiy56ATkJ4S0g/emrtOvbGqgdySiPsini/dNilZrkCMV8RqSmTwZu6wCqO1LgPqv72CWU+WeUqoGH23MQS+TcHGdaiz15X+XKlwDcG/K5JefErk5FASG0jwul+jRpuOlTPxt7Q5O/nY0q6IzViGw3ywZWynRrdg5JNF2VCs/dNwNSqN41d23WUmim97QLLr5o8KV5xsCQ5/OYTpZ3WT2CCvfAGi+rbwZPkYYOQuRfdljzX0Zibnv3cYhD64rIya4h59Brd5rcy9MMQ1eGB1Sk3CVXIqtV+dabWRlH8d/wtVBALEFEcua9eH68sWqo3apUYszRFeCzSh5R/q9eZDGMzoPu7NPLTRIq9Fbg23S+ds+VkGsr0bAH0+hN4En9UiwLu6FqQ97nrIv+FlINDz/WNPaPlh310KlooyE7beCbQIx1EEKwUwh9AY9Kni0BWxLkhLdB3dafZWK8oqQBj7tS9mQGXOHgbm/uwK7Z1Fu95J14ez1LM1eQFMkFCs8f23TRLWJxkmFtLwsoWtKW/ujdZOQBtDRu46D+0kkek9to9iW74+S214OFPHefWyvsUrY1FK+rpIpnD76a+dSaHiOEI8zME17eXyzCcBoeViafpyGPkd5wBy2PGzfLuzOueGb5IRtfss3M8A2DIDAIZFDwlcqsx60qWorn/AmZUZ9t56gvd9lT48EA29I4dhXwN9HONcLkKg0vOCdR1a3Zsw+cZ1yVnbZqRsOsTUmW+Q8gFSRSMYATsdi027yeIucD2nfF/UGSgpAMnBDxjYBpcIHkSx3cc2qvKdVRvB1m0P+dub0ooKyevi+rBwe0ZbQtD0wSLtnz1tBVezgZVX0qlCnIWERSK0oeM4SrmZnBh7ldKSQV+2a5GFWh4QKTjgeT6V1kZqpDvskSyKc7nN9yT6HQ4=
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0101MB1029; 31:dpKYakIWOcz085fMogKWib1LYCul7W4nQbXOpiinDN6PiAYFRc9ZJyeT9WpxP71pEkTIdqzjNKnhWH8rk3pjtqNarZ0SOVwEp7OB65HOOUsD7qTJ1jKhfvyW4B9tX1X8Co+GUdLn+XJ62TB31/vu54m4H1T3AXxS4eN4jNxRY0+FWyf7jKDuF6xvwcgampByCCrdOGWdSqsgOj8cXpF7KWV2lV18qTe8a4LTui/nQ0gpxPAof95yqP+XXVX1wPZtitbuUML5ghGYbc3TOfNwNbrwLMnjrSMyxtGqY6vrCRryr8A2/63+DKZY9qEwEGisPvJoKnxHGtO0XKCCA39M8R3HqmiYrt1PvJMdoUtDD9WCcae06kBDtWXTQxp7On6ag209xdiCiNEDZFnVO+2euqRBW1esqqJOhibyb8zb8I1Not5dlAYTFErGd5S8iZV23B/IlsQW+fhTafF1xs/+BmXi6njx785SOPahrl5HLEjTaOFNeEHZc8Eu8TTLMK/ldXSOsBwSo2GCsOPmO4fAHpvXvzMGWvIFwr/rBLaoty+L4qT+qRGvKgP6o2kJVUyFbAc8ixhiD96Pv5lTahDWPSjZFMHcQOneY856DzdTxaImAA+jA9Btz5AxnF1Wu3PxFOb8vfCVYU3JLiCHQMv02rrl89Kk6J1oq7MDUvONOft2F01X/79k2z2hAtbqCQX3G1S6PEs3vIjTZXjiqV8ALw==
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0101MB1029; 20:xtYWROmoB+sdakaT7zQ3hhqDLzkRd03UJaECEdYG56aEQEt7Yt11IawluhSZ8EpQ7UlbceZsbw0EApv8VrJQIBSMRlzr1ERlLzKb/tQ8kx7W3/OOoqllWroUKE91zLM+sQNBEy41EYOYSEEowwj0FASLcW/lnN8hcxIKLFuUcoXNnQqr6w7RxcYbpj3U1Wrpv+FrXZ2eUSOilcR/ObZEJedV/CES63F8wV3mKTs+gddToWdf5CuJ7HHkK2TfMT+5F7yR+lYMBCjAfCKw4HsmXqUswzZDP8tOBDQtp0ehA/MNQ9OkQb64KlXcYAe1NaiW+/CR2DnWLYn/ao2Bd1BZmq0aTtrvdK40+o0kLlIIP4LGUyRdvd4qDsOLVzMhc2HnW7VA0dxL9EKrd1zCiZGr9GnmvuNbxbDeFFMTnSdqEEoHSeGOHK5c6kFTf93QjyYOsUSrjuB+ScMuGMcrGVf+z6IKHItjjILVwDnvrDaV81yL2Q43KjQwMWDZPigEXYF4
X-Exchange-Antispam-Report-Test: UriScan:(236129657087228)(266576461109395);
X-Microsoft-Antispam-PRVS: <BY1PR0101MB10299ACA8AC98C40540048A8CAA00@BY1PR0101MB1029.prod.exchangelabs.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(2017060910075)(100000703101)(100105400095)(10201501046)(3002001)(93006095)(93001095)(6041248)(20161123555025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123562025)(20161123558100)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BY1PR0101MB1029; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BY1PR0101MB1029;
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0101MB1029; 4:yjPVg3L7FfjqPxK6Gs9UtumKAZuBSyPoGWOETjA9P95l5MTU4Edyq9pVFvF/x6Xm96T+/UpeLyoTqkkwh+XKwAAM3hpe8A2y/V/52Ka+1PpSyzncTzMvSR3YNMavVS9A0O4c1mZ5HfInmJD/IH0NXkaAtFlGGQU+umSKdBpbS2Y01G3FpVWzhrw7556HH2jCobW1k8S1Il5eaFEu8cFnsPgZt4Qfx1Tq9JWtpH5iBwK4xrv9lBURIcjchqRAnc16HgBxbECAkGXw+1V5bK5IQ7l0xgTefPm9H1maiCMzVI4xFhiBvt7T5seafem2zAogHOPH/KRQxZHt2jk9vAdU2sHFWCrJQmjkFD9zWcH5QLf2kH/7kABfk6ZhkHUBBCzA1KoFk8I0ta44HUHA1cteXTNvavYSgBoDpLVJdcj41wrJS4UiTYfeBFus84tG0G7sNFwiy3p7Im1o7GDmngYyCIy+kQzFfaH0Lwr7qtyFA1hQ53xuRH/AvTdFMzO+0PB8xTcOrazBy8RpH5sWGUQjfIWiaZjKu0+ytEuiRWrby02wpMzfJj7Z0e6S04iDiwqtqod9YJShf5vi8T+h+pxuSSaostV6cEp67wK1wg235UhvW1K5ei6IIp9n2JHD98ZiBxjA9PCd7QEPDMjaZ9oiC/0NIvIupmCNLUi01paonBxx8p8X8YwSefs58Ew21c5LngedxX2ASestJic5lwejUUMvdTuRnnu2cnmBb267ywVbAgHHSxFTJ8uG3ujKMxGJSQk1EM2K69wIHiQM/NuBjr/6dzLocTkMo3lUWvakqUFcxqfawgcAVIXkxhVwz5gjUtle8bCtfkCs3UJ1AFGr6ZgtG3DTbKv6u8QDEl8KLygwckOi4uNy0FwOXabmMElvAI6v1V/G+ZgGsXrtOHmJys2Mc3V6i3GGZ+E3yafe/TkWUL38Rc0INzXlVp6gGN99En4G4MZq3UKbFteM/fww8dxba1QItRjdlou5PnDARbxEP/8d+aZs2Hn9qRF+vreskBFwgpPuC68JEcca2qpONatTam7G2Hs/pCw3cGpPX6hMrdJmGSuDABudwefV23h+eTFIEGUbteH/cVTetg5al1VnxdWqIlGptXMgRoJo14ZDlNpDK7mG7fS3GInZHvTtLfpAieKEUzDmtG8jvpa60NSrZDZKBJkB8V2D0ZbA6bFZzJvECDtoqUBzD7D807gMC88S4ipdon7l/+d0e6G70Ze7KJAHR5AGAKej9ohpEnU=
X-Forefront-PRVS: 0371762FE7
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(7370300001)(4630300001)(6049001)(6009001)(39450400003)(39400400002)(39850400002)(39410400002)(39840400002)(24454002)(6116002)(5660300001)(3846002)(53546010)(82746002)(6486002)(7350300001)(5003940100001)(229853002)(36756003)(93886004)(6916009)(2950100002)(478600001)(6666003)(86362001)(25786009)(77096006)(83716003)(305945005)(76176999)(33656002)(66066001)(50986999)(7736002)(1411001)(47776003)(189998001)(230783001)(6246003)(81166006)(53936002)(50226002)(38730400002)(110136004)(42186005)(4326008)(2906002)(8676002)(50466002)(90366009)(379384003); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR0101MB1029; H:[172.16.1.3]; FPR:; SPF:None; MLV:sfv; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0101MB1029; 23:HB7/CrIzfANR16U+q5FwdNa7garVXj0hP4ya14iVlJo3JQ9Cma4sxq1RGW6J7W4MuvmMo6z0RFns+wvVqoeAKJ8iS97AYLs7hclCqn2aM4MvfDR0jNkgbmF9vrtL86tYDgjkYsV9k63RMkANp4OJDBOU34K/E8u5OPjHZxTaR/IOFj/WamtbJcn8txcyiS+0ZaS67DM5NOtcubSRvkBGFMMZd06Zgc8wu4zouQqfvdo401V6QmCZGwObBzQKK3NHkMTyQlUT1tfFPSXFWzxvwH8uydbRViBBHzLCSFqXBFCIyGE+p+oxRzSndjCt38IXuc2azqOTsbs4dt2NyOsz/SfZAFY0asCs/HY2MSP1mTN2vDsJ81dyqSxZ6IQUxQ3MjK7b4kFj9q9Z4iAizGVR1kklvRKod3koZET/CELIqefgJ/sE5lwk47utIufAmZEb9m8jgUgjXkjPx2Cgr81ga2AnryFX0rY5zroBAYaRMQfAtV6Ceh574OUxcQpkoy/7r9blaYvUhTm5yHvvUSDMt54z420VKb9y6o+YQUcfdMQMkxyLOrT0EG1Vk1j21pDumn2YNT4jaCXNMWRWspTYjz6hcP+VDWSngOdfmhvXqLGU7YFMFJRCdbYGUojk9fsVeaW9RFJTdyiJ+jz6inhLDNxsJ3ZK40hc4+SDS1wwS+cydW1Vc0Pws5usCedzFMELN0tl8njFF8FSXxpOmAZvmrzohiB+RFMMByVp3oZP8W/+4pUaBfGL2mDk+8Pkk+7PcF9jCXZ25VYJOQgTFsDBTBqLYW+pWHaQ8aJKNJGby3ZI55rhrMbjbblwNvhx0IKA0OF/N2LN+ntKuszSRoGbz+zq3eIQ/FKw5pLStzyXG+sx9icS+M505eDCNccpdIaMzWw29SlecQp1LiXDbXQgOk2KoQCACE0f+uSwB4m5l+8b/zTBgUZP1h9bXOF1dSxg1VBbBBtPM2x/PG/GCj6BRLRfK98UlRp2WTYhs/wJFU5Cu0hg0i4dfoq1dAzV3cP0jGwdlW+d0ezfy9UJju1DrpglWl8lJhegImX3HtYi3XKnZWkZK3Ubuw2n2qAiegeEthhRg3NOAM60tTR/HxcW/JeiweN3zDHISmjgyZKdss1Hfe0/UG1Tw/R10iNCKiafFohX3ULWXNrZ6MBvI1nAcP28dELZBpFcUE2GNfUFykDT1Vc0mVmID6eJzzR3K0l//vnu5cM1xj95YunsTZvcjohqHqvLA3c3GIk0RR8jzZ7EpqhSMK9l4gzNWpUdQPMyzflEz4+ZdvakfVcR3qB5gQ==
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0101MB1029; 6:Rx90VUhgdkW1c8UsHjCH4+bpg1jV8Q5l5g5MDZF1FpKjql46sEN8VgbLu8lxZJtxV4kGYNCetBF1P/3v2TjvL9DCdAiYdLPVu4qCzscrzIxpHUZOWiu/uI1N0REEVfXh1lzkvNNpO8SD0bSw8cfmuxgC8hfXsN9ySh1a5gR60m3m1AmuXxlOgMkQAGCKjVN+GDA9BzAQ2luT++RXcw/bbALsjHVmtY08epTWNXJM79f2eosKA6XOPsoChFuyPATf/EZeFdb4wvzDsKOZjhRTMxlkwpH7eXg2lm7oZ1MJOUCwIMpj7YN03OSQaIWLCz2gbxYHa+/AvWFdyjFsxssn5x5b4qf1byvo0o/t9MxUYCQmDOfzoHUEg5Uwg7fQsK/oTY5+xAnOjrdIZK9VZCJwoJPcao+TdHs22UDKJeeMcv8WKG0FyfjO895iZ2hDw+E1HztFHgNPy6jFB4iQd0OKEXt/DCJGGLZbTOTLCCaAcZcbkxLOMtD5Or8Np1k5CgN6pKgQPeV2WgV1JwsKR10QUSKZhH6eJlMabzcsAn9CZPlf10ktUy5C48AmWsWI6SYRUQI9ckMF/TjUIhdBlnyzRgADhkbCqBr77ss+JfvsMJmsPMluE81lVmN4KqUy74Q2JfAAjIhBIYoZ8QjXKBM726h9UtZ9CsUpbqBl0O8M9k9SlWR04l+mNsvXtNb+7FdR3G7gXR9TK1Vn+v+lB23olR8ehltof/YMpifdg0FC3aaxQxXmftTl82+zLMK7PYVujC4MUArIT5EYzioJOxF8i0V4YNWR2tUbT0nczsgMKmSKqkfGzea/fGNMmcAveBU2tnK6BNEqr1HbXOdRJNCK6+KS+n1gUItKrB0I6ExDN+wSwAO1nU/TmTklMLBDIgZP6tblfgesrKMB72zMdjyaZDK3RlTrk9V7XO8TXg+PJNPvBDT0ehvtckqKzC2/S0XYzNUBzzU0tHlli/xi98qYxSsu2jcx8cs4SrtW/HHYW8g=
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0101MB1029; 5:rkv+zetrqBzO8DEdc3tpk5OC1EB0xk2K+5tjOKjmaX/VZ4rsy/FIOa+bxC8SSC92+D6zCtWmAmm06RBT7FlqbofQ/dW9MJJ9xTry8KuAjGlHqybAnuppe8Edfu7Jq70h8qlO8N94ErQw2fuWrXvKyEh8WuGI0rhOAp3+prjEvvOsjt+ba304oK021S7d9TUeeNQKCgjpItGtAsTsbRsUPBZAQubT1XwQnbw0LRBEXz/FWR8OO41TQ6C3Jr0ZCcWIcqRaMsllkxBou4ifRY53IeQp0LSfdyz8BxVVY/Azzz16KzVLV2oF58m2pcIi+cBdlesCkDYtsPT+F8asgOkcNzRPw8MpboIEEKKJ9AkYxTCtg0adA8vQgFc8YqO9efTW/GhXJ7IdSudIitdlSaO20kQ+Ra96H2JancrWppIGBigbVoweKJNd77cgH3V4QG544qpTP2UkVvu38nX9RwCLPalDzDfQWmwtMdK0yNb6ZpxD8EzEKgtUhKiCIe92cb38; 24:vmH0vLUxBJmvl9fTuCjVMXEFfEBJpIRDSZUuXkjzBB16c2szl1Z6t78VzHDKvlU0YBYx9miFzKTF7hSbF6IONRjVlZ38ywDvktZdRV0tONs=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0101MB1029; 7:YGnsT5n/jGux4lIgLiv2WC7EIf/p1ftWgVK920HhQvfOME0ltPheqTy/5V1vJbnKp/jMSKfJHyNholLV4ENifOvXEmhYx4PlSsD98l63x2LbkGToM/FldgjosAnrc72uA0rN+sVwXa0UgBpayhGbMqx4wP44UV48MW39DgN3O0Evp+M27/gakmazOZM2uUqJDDqCfpv2bk85L8aABn1WJWbHTOGeumM23rkvdrNxnFAdLaczrSjYnTeyR4wh2pyErSuqLGOkMUka7ge8xiNaC1LZSDkzTu89BlPSnvIY7SIo3CLXJbmhqrhvzyEI/jJpgcvlwDNN0/PPqBRvyk/texGlRvYmvo+vyyaIVnViZ4ZvLLGztN3wIgMIHp8I9wTQpvESPu2dYu7bXL6A8NRzRsLWWbwRzit+j/iuStEL394KrbmffR/ul47k4k8m/tODujXjIyCQ5ZaPQyT8aE/KB186RcMjgJM1aEz7RC2Uti+jChejx9p4H/DKJuMx3ZimAx7u6+jT68iGBcwJWvxOV8JSGsP5axLVYTjlMmU+5wANccRelglvEsePZ+0c5H1yRWv9HHeVTBhmDtpis9GlUsCg4jTEfd7XRJspLXNAU+u24tpCWaYxttUiqqR0Eu8IFRNIHXchl8kH26h/V0ozkFwqOTld9bPb2BMVpM6MdyR4KXoq7XeTsVcuB8O4G2nDZm2mg/7HCPsBNjr1ZlrtJCWAZfJo00FktK+xm9nDa2JGxonoUhpX1hkTeZdqnnoqREvOLVhK6gmu6Ze+wADzdgxyyngi+FAas6+0kU5TAKk=
X-OriginatorOrg: arbor.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Jul 2017 10:42:28.4860 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR0101MB1029
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/hdGbag8ruy55UQ75rmoN4_Bh91M>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jul 2017 10:42:33 -0000
On 15 Jul 2017, at 3:40, Watson Ladd wrote: > DDoS mitigation can be done at endpoints Not at scale. That's why it isn't done that way. I'm all in favor of things like mod_security. But they can't do the heavy lifting on boxes which are already burdened by handling legitimate traffic. > If you want to detect unauthorized access to a resource, having the > resource which determines access anyway log that is enough. This is incorrect. > Exfiltration detection based on looking for sensitive identifiers > doesn't work: Yes, it does. I know, because I've done it. > real attackers will encrypt the data and dribble it out slowly or > pretend to be videoconferencing. Believe me, real attackers do all kinds of things - and the most common exfiltration mechanism is to try and get lost in the http/s crowd. > As for attack surface why is "Press here to get plaintex of > everything" not a major, major increase in attackability? Because these are intranet-only systems on isolated management networks with strong access controls. > Which DDoS attacks specifically? Among others, application-layer DDoS attacks within the cryptostream. > And if the traffic isn't hitting endpoints, does it matter? Of course it matters. I've not personally had the pleasure of doing this, but I know it is possible because it is done every day. > Finally, most software can export the secrets from TLS connections to > a file. Logs are context-free and in no wise have the same value as being able to see the interactive traffic on the network in real-time. > The capacity being asked for already exists. Yes - and now folks are talking about arbitrarily taking this capability away without understanding its criticality to network operations, troubleshooting, and security. The fact that we're even having this discussion at this point in time is because of an astounding lack of due diligence on the part of those who are pushing to remove the capability to monitor standards-based encrypted traffic on intranets. ----------------------------------- Roland Dobbins <rdobbins@arbor.net>
- [TLS] draft-green-tls-static-dh-in-tls13-01 Matthew Green
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Stephen Farrell
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Richard Barnes
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ackermann, Michael
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Watson Ladd
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Russ Housley
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Richard Barnes
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Salz, Rich
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Andrei Popov
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Russ Housley
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Stephen Farrell
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Stephen Farrell
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Kyle Rose
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Stephen Farrell
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Russ Housley
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Stephen Farrell
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Russ Housley
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Eric Mill
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Stephen Farrell
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Russ Housley
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Stephen Farrell
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Stephen Farrell
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Russ Housley
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Stephen Farrell
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Christian Huitema
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Watson Ladd
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ackermann, Michael
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Timothy Jackson
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Stephen Farrell
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Yoav Nir
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ackermann, Michael
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ackermann, Michael
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Tony Arcieri
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ackermann, Michael
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Watson Ladd
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Jeremy Harris
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Stephen Farrell
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Russ Housley
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Stephen Farrell
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Richard Barnes
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Watson Ladd
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Stephen Farrell
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Nico Williams
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Nick Sullivan
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Jacob Hoffman-Andrews
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Dave Garrett
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Shumon Huque
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Dave Garrett
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Salz, Rich
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Zink
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Colm MacCárthaigh
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Eric Mill
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Stephen Checkoway
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Nico Williams
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Salz, Rich
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Joseph Lorenzo Hall
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Yoav Nir
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Melinda Shore
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Dobbins
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ted Lemon
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Kathleen Moriarty
- [TLS] Fwd: draft-green-tls-static-dh-in-tls13-01 Watson Ladd
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Salz, Rich
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Jeffrey Walton
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Daniel Kahn Gillmor
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Daniel Kahn Gillmor
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Dobbins, Roland
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Dobbins, Roland
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ted Lemon
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Dobbins, Roland
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Dobbins, Roland
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ted Lemon
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Yoav Nir
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Dobbins, Roland
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ted Lemon
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ilari Liusvaara
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Dobbins, Roland
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Dobbins, Roland
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ted Lemon
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ted Lemon
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Dobbins, Roland
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Nick Sullivan
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Daniel Kahn Gillmor
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Daniel Kahn Gillmor
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Dobbins
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Dobbins
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Kyle Rose
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Kyle Rose
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Kyle Rose
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ackermann, Michael
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ackermann, Michael
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Kathleen Moriarty
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ted Lemon
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Kathleen Moriarty
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ackermann, Michael
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Colm MacCárthaigh
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Dobbins, Roland
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Dobbins, Roland
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ackermann, Michael
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Salz, Rich
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Watson Ladd
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Watson Ladd
- Re: [TLS] Fwd: draft-green-tls-static-dh-in-tls13… Roland Zink
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ackermann, Michael
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Zink
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Zink
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Salz, Rich
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Zink
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ilari Liusvaara
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Salz, Rich
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Zink
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Salz, Rich
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Zink
- Re: [TLS] Fwd: draft-green-tls-static-dh-in-tls13… Watson Ladd
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Colm MacCárthaigh
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Daniel Kahn Gillmor
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Watson Ladd
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Stephen Farrell
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Peter Gutmann
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Colm MacCárthaigh
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ilari Liusvaara
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Salz, Rich
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Melinda Shore
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Stephen Farrell
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Stephen Farrell
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Colm MacCárthaigh
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Salz, Rich
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Colm MacCárthaigh
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ted Lemon
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Salz, Rich
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Colm MacCárthaigh
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Salz, Rich
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Kathleen Moriarty
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Wartan Hachaturow
- Re: [TLS] Fwd: draft-green-tls-static-dh-in-tls13… Roland Zink
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ackermann, Michael
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ackermann, Michael
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Mark Nottingham
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Daniel Kahn Gillmor
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Melinda Shore
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Dobbins
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Dobbins
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Dobbins
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Dobbins
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Dobbins
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Salz, Rich
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Salz, Rich
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Tom Ritter
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Dobbins, Roland
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Dobbins, Roland
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Salz, Rich
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Dobbins, Roland
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Dobbins, Roland
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Yoav Nir
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Dobbins
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Yoav Nir
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Dobbins
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Dobbins
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Dobbins
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Salz, Rich
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Yoav Nir
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Dobbins
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Benjamin Kaduk
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Benjamin Kaduk
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Dobbins
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Dobbins, Roland
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Watson Ladd
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Dobbins
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Watson Ladd
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Colm MacCárthaigh
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Colm MacCárthaigh
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Dobbins, Roland
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Dobbins, Roland
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Watson Ladd
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Dobbins, Roland
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Dobbins, Roland
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Dobbins, Roland
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Dobbins, Roland
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Watson Ladd
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Dobbins
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Dobbins
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Ted Lemon
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Watson Ladd
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Simon Friedberger
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Carl Mehner
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Roland Dobbins
- Re: [TLS] draft-green-tls-static-dh-in-tls13-01 Simon Friedberger