Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00

Ted Lemon <mellon@fugue.com> Mon, 23 October 2017 16:43 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EF7F139605 for <tls@ietfa.amsl.com>; Mon, 23 Oct 2017 09:43:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O1HPOUtlef3x for <tls@ietfa.amsl.com>; Mon, 23 Oct 2017 09:43:49 -0700 (PDT)
Received: from mail-qk0-x22f.google.com (mail-qk0-x22f.google.com [IPv6:2607:f8b0:400d:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B34B1380DB for <tls@ietf.org>; Mon, 23 Oct 2017 09:43:49 -0700 (PDT)
Received: by mail-qk0-x22f.google.com with SMTP id m189so22732553qke.4 for <tls@ietf.org>; Mon, 23 Oct 2017 09:43:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=776zVGX2dvw1VoGg7azmk6IXd1Z+nJnx+QMbj6SGbks=; b=oh8VtDNypZRYLVbvCx6JCr6AM5CsTvIga9eJTYigGqfzSgBO4E7G7uLF9JuohytTK8 R4VmKnCG1IiCG9jRejRi39oXcmgjEIxqgF8NUidzHK5zNL1A0mp2OiR8QDy6pqFjOvAm TezzbdbixpvXHlifGatZ5SlTXfaRrB/Zdbk6Jr4/pXfFbkaxzq91mc4dIsoWSLlErCVA xXf5A+tTCjRZEvDclAU9n1XNM85uax9nbCGpbwRqzygAnncDTFYyAUFkQIWbsUWZstJw 9n3V+TFh0k786jGJKaV3Ko+Yi021iPItRZo2LwwbJUoi5VQ5Io3AqHSH1FruGIoKFJn4 ibHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=776zVGX2dvw1VoGg7azmk6IXd1Z+nJnx+QMbj6SGbks=; b=WRCOwwCei+7/KWylkgWg//4hyuAwg/tAfvgILwM1Ep3VllyY6hXsVjp38vmKF39Rk8 4aeRLeJHI+bGIRjtWT4jix7Od93omrBqVt75LJijWa3fzQg4BGanIBcFKVcSPZoNvwBt u6KO+wZTwlFxkDVeiJBmMHXoa67U7P12R1lqs0Ff0vzise+xNe2sQFQXUilWTEPp4mKK +NUgWJVbCyWxl9gtTQoMI3o4zwhJF6VsX/QM65MidDOKIRWNs4aeDu/ltlOihbpN0rrz ZMe451aZwv3qbRNMzDte+KrNOCWpixjQAQLejocEx47ofEnhCEqOj7Wn2WzsuyctUFQh 2S1g==
X-Gm-Message-State: AMCzsaVYU+i7tcMz+W5/y4k/bquBctX7jk0swerd1tHGTlyrueM656aK 2H6WxzMzdWNdpHTQ7KKM2o2cNehAzn0=
X-Google-Smtp-Source: ABhQp+RvSk8DqTIEwh4l2CVtjFNwDaGK1ZqkxqHwiN4ruC7mLrjaO5bbjLWhBEswtm3I91G63mgWGg==
X-Received: by 10.55.137.198 with SMTP id l189mr20738375qkd.169.1508777028549; Mon, 23 Oct 2017 09:43:48 -0700 (PDT)
Received: from cavall.lan (c-24-60-163-103.hsd1.ma.comcast.net. [24.60.163.103]) by smtp.gmail.com with ESMTPSA id i8sm5142742qtb.63.2017.10.23.09.43.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Oct 2017 09:43:47 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <2AC16F9E-C745-43AD-82C1-D3953D51816C@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_AE4580C8-236D-4DE2-A329-8E09FCC6E4FF"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Mon, 23 Oct 2017 12:43:46 -0400
In-Reply-To: <CY4PR14MB1368378B42A6C46B27F5EF01D7460@CY4PR14MB1368.namprd14.prod.outlook.com>
Cc: "Salz, Rich" <rsalz@akamai.com>, "tls@ietf.org" <tls@ietf.org>
To: "Ackermann, Michael" <MAckermann@bcbsm.com>
References: <7E6C8F1F-D341-456B-9A48-79FA7FEC0BC1@gmail.com> <a599d6ad-54db-e525-17d6-6ea882880021@akamai.com> <71e75d23f4544735a9731c4ec3dc7048@venafi.com> <3D2E3E26-B2B9-4B04-9704-0BBEE2E2A8F7@akamai.com> <000501d348e5$1f273450$5d759cf0$@equio.com> <70837127-37AB-4132-9535-4A0EB072BA41@akamai.com> <e8417cc424fe4bf3b240416dfffd807a@venafi.com> <B11A4F30-2F87-4310-A2F0-397582E78E1D@akamai.com> <fd12a8a8c29e4c7f9e9192e1a1d972d6@venafi.com> <D2CAAA44-339E-4B41-BCE0-865C76B50E2F@akamai.com> <d76828f02fc34287a961eba21901247b@venafi.com> <56687FEC-508F-4457-83CC-7C379387240D@akamai.com> <c1c0d010293c449481f8751c3b85d6ae@venafi.com> <4167392E-07FB-46D5-9FBC-4773881BFD2C@akamai.com> <3d5a0c1aab3e4ceb85ff631f8365618f@venafi.com> <E84889BB-08B3-4A3A-AE3A-687874B16440@akamai.com> <CAPBBiVQvtQbD4j3ofpCmG63MEyRWF15VL90NOTjeNqUOiyo6xg@mail.gmail.com> <9013424B-4F6D-4185-9BFD-EC454FF80F22@akamai.com> <CY4PR14MB1368CBA562220D9A3604F0FFD7430@CY4PR14MB1368.namprd14.prod.outlook.com> <2741e833-c0d1-33ca-0ad3-b71122220bc5@cs.tcd.ie> <CY4PR14MB136835A3306DEEFCA89D3C2DD7430@CY4PR14MB1368.namprd14.prod.outlook.com> <31F5A73E-F37E-40D8-AA7D-8BB861692FED@akamai.com> <13592ABB-BA71-4DF9-BEE4-1E0C3ED50598@gmail.com> <2EE9CB23-AEDA-4155-BF24-EBC70CD302EF@fugue.com> <CY4PR14MB136816569A2AE2A9760C6E08D7410@CY4PR14MB1368.namprd14.prod.outlook.com> <557F43AC-A236-47BB-8C51-EDD37D09D5CB@fugue.com> <CY4PR14MB13684F18AD75F4AE767CE35CD7460@CY4PR14MB1368.namprd14.prod.outlook.com> <57CFBA2A-E878-47B0-8284-35369D4DA2DF@fugue.com> <CY4PR14MB13680B6D5726D940C4C51B4BD7460@CY4PR14MB1368.namprd14.prod.outlook.com> <0D75E20C-135D-45BC-ABE4-5C737B7491C9@akamai.com> <CY4PR14MB1368378B42A6C46B27F5EF01D7460@CY4PR14MB1368.namprd14.prod.outlook.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/jfzCCQjaeVBkGPl5CWXxf2gNoPg>
Subject: Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Oct 2017 16:43:51 -0000

On Oct 23, 2017, at 12:39 PM, Ackermann, Michael <MAckermann@bcbsm.com>; wrote:
> If staying with TLS 1.2 indefinitely was considered acceptable,  would we even be having these discussions? 

This is a vacuous argument.   Nobody has provided any evidence of any kind that "enterprise" installations relying on TLS 1.2 would ever switch to TLS 1.3, much less that they would do so in any kind of hurry.   You demonstrate why with your very next bullet point:
> Modifying Server,  application and logging infrastructure is a huge, expensive proposition,  that executive management would not be receptive to at all.   Not to mention the logistics to follow if they were.  

If indeed that unmovable mountain, executive management, must be moved in the case of switching to TLS 1.3 or in the case of switching to something else, it seems obvious to me that it is better to switch to something else.

Can you give me a clear technical reason why that is not preferable?