Re: [TLS] draft-green-tls-static-dh-in-tls13-01

"Dobbins, Roland" <rdobbins@arbor.net> Wed, 19 July 2017 18:14 UTC

Return-Path: <rdobbins@arbor.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31471131AAF for <tls@ietfa.amsl.com>; Wed, 19 Jul 2017 11:14:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.701
X-Spam-Level:
X-Spam-Status: No, score=-4.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=thescout.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id otGQuu8SiMFl for <tls@ietfa.amsl.com>; Wed, 19 Jul 2017 11:14:49 -0700 (PDT)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0110.outbound.protection.outlook.com [104.47.38.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BCF712EC18 for <tls@ietf.org>; Wed, 19 Jul 2017 11:14:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thescout.onmicrosoft.com; s=selector1-arbor-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=sDUZB53YF/6DOovSjdwdmZwDSfI4la3IcDh5+tdkRYY=; b=BDJoi+rI/yaCuTZspDWmG0YYlnoG8JoK48VtJ+jOzGZBnU0fPMmWJ924885q9I/MR0f3N31Pr1WsWIELITB0K2+v8up/CSNPFMRj4k14cC4rR8jeVH7UyAIu/qRhHTY9wp9deVoIjIq0RKi9ovIU5ELyZhZ2HGTH249ZgYldr0w=
Received: from DM2PR0101MB1039.prod.exchangelabs.com (10.160.129.156) by DM2PR0101MB1040.prod.exchangelabs.com (10.160.129.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1261.13; Wed, 19 Jul 2017 18:14:48 +0000
Received: from DM2PR0101MB1039.prod.exchangelabs.com ([fe80::810f:2255:5d85:2fc7]) by DM2PR0101MB1039.prod.exchangelabs.com ([fe80::810f:2255:5d85:2fc7%17]) with mapi id 15.01.1261.024; Wed, 19 Jul 2017 18:14:47 +0000
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] draft-green-tls-static-dh-in-tls13-01
Thread-Index: AQHS/ulnreU48MdBA0WwDcIvwebnRKJYYxaAgAB6VYCAAmD9gIAAGYsAgAAB3ICAAAJ0AIAABMBagAAGSICAAA0CfoAAAUWAgAACapc=
Date: Wed, 19 Jul 2017 18:14:47 +0000
Message-ID: <AF2CD715-DAA8-460D-A448-FB2DFF42096F@arbor.net>
References: <CAPCANN-xgf3auqy+pFfL6VO5GpEsCCHYkROAwiB1u=8a4yj+Fg@mail.gmail.com> <CAOjisRxxN9QjCqmDpkBOsEhEc7XCpM9Hk9QSSAO65XDPNegy0w@mail.gmail.com> <CABtrr-XbJMYQ+FTQQiSw2gmDVjnpuhgJb3GTWXvLkNewwuJmUg@mail.gmail.com> <72BACCE6-CCB9-4DE9-84E6-0F942E8C7093@gmail.com> <a0a7b2ed-8017-9a54-fec0-6156c31bbbfa@nomountain.net> <6AF150DF-D3C8-4A4A-9D56-617C56539A6E@arbor.net> <CAN2QdAGRTLyucM1-JPmDU17kQgAv0bPZNASh54v=XoCW+qj48A@mail.gmail.com> <CACsn0cnc0X5++cOvTNsboda8J42qg3VDquZ4Va-X-YDcggnbvA@mail.gmail.com> <7423703D-5277-4F78-A2ED-1B7E152E7B08@arbor.net> <CACsn0cmo0HXBj7MidTTwkgE+Hwed9SrEODSzN8oURzQHJTW1aQ@mail.gmail.com> <E5BF12C2-B79A-444B-B4C2-90D28B40CCAC@arbor.net> <CACsn0c=_OT8R6SSr0P3RvT7Qx+smfz1DAKjH9Gni+jM8Ue4v5A@mail.gmail.com> <CAAF6GDc9e9TGWVaOjdb83AFH=z2kt41Rje+r4Ureoc6KVgEUJg@mail.gmail.com> <B08F0D98-FAE9-494C-AA96-4CE89792B770@ll.mit.edu> <CAAF6GDdSnCggfsrSG68An348ngR+fcb+9nQcKvJJGFtxg8NzJw@mail.gmail.com> <FDC8499C-FA96-4992-B1F2-C90F6154856B@arbor.net> <9A49F3C7-DEC7-4FEA-9017-B48DAC1D1446@ll.mit.edu> <2FAFADF2-F791-406B-9519-EAB266AC2FCD@arbor.net>, <1CA52ED8-3119-41CD-AD51-EA5DC7B77ADD@ll.mit.edu>
In-Reply-To: <1CA52ED8-3119-41CD-AD51-EA5DC7B77ADD@ll.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ll.mit.edu; dkim=none (message not signed) header.d=none;ll.mit.edu; dmarc=none action=none header.from=arbor.net;
x-originating-ip: [88.208.89.131]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM2PR0101MB1040; 7:N2FUjZcZLicUtvsi+Oe1RBE/nc6OJiwsxwxMmrvhdhIlG+20PG0gBgiEfI7kqlwGq0GvjTvhC4xSEqWCpwyQayAgTZ0IAGHHe+TKeqskPkFE8Vbpj3IwYgjoMe6ueYSdLbPECysHwAftb2aIlGMKsSxA755jwbCHj6r6lDeWBBt7aT21ZIBtAoKFVg/fReqLD02Qt7rMRhGkn9JXScIHe1IPobkyeXuEH/sK++wfkBIdFBT2NYRU32FISpcRbskftJT6zIRzgm+Ivw90oU89SPq6JhbbOdAKm7kCiAsqdH+Rpxgb8fCMQ818vjgd0XQ5ya2NXk1RmIuxcUvE+6DnvA4S5JeYlZXxrMAjNmPb/ylarTmJ56baaxHc9b9AuDgHHGuSMJwsfThucKAWZioNl95wLYqGQbGtzD71CBoaoF8j/B7pmWRERas+8emGZJZvvBYx0ia4ws9Z4ami5DkGNhp6URwcfHfSsuS9sBMAWl7PiMAN2OlRMdyTvo85pWAE4NVgyXKL/2Dr+GjW9v4Pq5w/pnj/iMfoAP5gceG44mLEeRwKu9jyap9GQ7AJzTurqdLKtC6c0wB14w3g+BnKuzxSRLEWmVPg2sWBUn761fZE1UW1MheIdMKwrC214u9tl86jWbvE60F48W7KRAkLhZWWbiigcAOaoKVV/4pH9ZVvGMNCODyKyqo4AD94Xe41Oy7oDwJICBeFcOBd0GNXHyxkG8YttWfaO16aAP9gOjwqhsY0vysG0FUehq0xJW+4XxLA73dLfml6dPYu5I7zsfKF9uhAD7ZKDuxyYU1jPDk=
x-ms-office365-filtering-correlation-id: 9b316852-86a9-4e56-2d8c-08d4ced20a46
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DM2PR0101MB1040;
x-ms-traffictypediagnostic: DM2PR0101MB1040:
x-exchange-antispam-report-test: UriScan:(236129657087228)(17755550239193);
x-microsoft-antispam-prvs: <DM2PR0101MB1040852BB04BD1C4DF0227ACCAA60@DM2PR0101MB1040.prod.exchangelabs.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(2017060910075)(8121501046)(5005006)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(3002001)(6041248)(20161123555025)(20161123562025)(20161123564025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM2PR0101MB1040; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM2PR0101MB1040;
x-forefront-prvs: 0373D94D15
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39410400002)(39400400002)(39450400003)(39840400002)(39850400002)(24454002)(6486002)(82746002)(8676002)(8936002)(5250100002)(2900100001)(6506006)(93886004)(81166006)(14454004)(53546010)(38730400002)(6916009)(189998001)(2950100002)(2171002)(110136004)(83716003)(478600001)(6246003)(230783001)(5660300001)(2906002)(33656002)(53936002)(6512007)(3660700001)(3280700002)(4326008)(229853002)(25786009)(76176999)(50986999)(102836003)(54356999)(6436002)(99286003)(66066001)(305945005)(7736002)(3846002)(86362001)(6116002)(36756003); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0101MB1040; H:DM2PR0101MB1039.prod.exchangelabs.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arbor.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jul 2017 18:14:47.5345 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 54f11205-d4aa-4809-bd36-0b542199c5b2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0101MB1040
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/kZyzEmyqXcSH3UxP2wGSxHc04qY>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jul 2017 18:14:51 -0000


> On Jul 19, 2017, at 20:06, Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu>; wrote:
> 
> most of them already carry all that’s necessary (and more) to perform surveillance from inside the endpoint.

Unfortunately, this is not the case.  Quite the opposite, actually. 

It's already been explained why endpoint-based measures are impractical.  If they were practical, they'd already be in widespread use, and this wouldn't be an issue in the first place. 

-----------------------------------
Roland Dobbins <rdobbins@arbor.net>;