Re: [TLS] Breaking into TLS to protect customers

nalini elkins <nalini.elkins@e-dco.com> Thu, 15 March 2018 08:52 UTC

Return-Path: <nalini.elkins@e-dco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A04012778E for <tls@ietfa.amsl.com>; Thu, 15 Mar 2018 01:52:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=e-dco-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QsCWOeZYN_uW for <tls@ietfa.amsl.com>; Thu, 15 Mar 2018 01:52:20 -0700 (PDT)
Received: from mail-io0-x233.google.com (mail-io0-x233.google.com [IPv6:2607:f8b0:4001:c06::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DEDC71270A7 for <tls@ietf.org>; Thu, 15 Mar 2018 01:52:19 -0700 (PDT)
Received: by mail-io0-x233.google.com with SMTP id l12so7629571ioc.10 for <tls@ietf.org>; Thu, 15 Mar 2018 01:52:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=e-dco-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=bnpcZAYy+KBMgOU4T/J/qbQTTj8VPf1aJp0iEmuHmOc=; b=afN+BmZlXmcLdpVU4DPrQmYeNzzrArOaJw5ww3gzaY/rvQFbyst8HvvqKj4LkcGjnM ALF21qLWQrMCJQ4G61zjofNqkPKvMk5WeLCmDrsuTevMdonHea/HGKlrWyIB+TMgF/Bm R0kg+5r58I9wgv5LM++FZhRhRmYxPcSA9flxFtXEPC8WglOzOHETrh46G8IAuvLEaJiG 4uS7JVBb0pEmIqxOR1XLvpnClU0B5yKBl4HwtublugmXsLH2otI6iRmei1e2mfRIJZK6 BblRUWoBSgiWp/oghnCPLW52egKhsDqQGgTyq9ABVUxw0fiTzQ+rxw7c6kbn8qEri7/o 1uxw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=bnpcZAYy+KBMgOU4T/J/qbQTTj8VPf1aJp0iEmuHmOc=; b=FOfmFTiPQ3irezLiqU7JiwK3U2bbPj+vzL0FSElLcG9DHttCJNk603viCgMNatqDEO wXdkDBIAHsayPr5JzzFE6kqJmSbS85fJJDPA1fWGS+ncv59P1EMIlJb8IEHfqFUZMQFT QCxvJFn9XO5FGq5cuvlOHDxZIdKu1KOoCoynxb1KM3fD9QgSDT6tJSxKE5RkaqDjqQOQ 98gwuqHVgRCJglERDapkQ+JwItWWnGVs4AcLyC6zA8P0L+eiFBpeWLA8lubIUrACZQ0D OuVg9lHFZr2EskpYIeTgZ8gjikD7BFwPATdT/8B9253pOp22AFkdoaLCACNEVqAyTC1Y Ipxg==
X-Gm-Message-State: AElRT7GO/8OWuFd9QrVSjVUbpa5WbLc/ElOEQizevpZX84MinJs0NCSr iFk5iNjQpW6LvgX/70Ld5Y37sHDncaaSUzwZ6eW2wA==
X-Google-Smtp-Source: AG47ELt3wn2DYLZRgY5kINQhwKQd21XD4TGcODqV+dvP090o+imG8c6qT26AZI6vx4Ie1mkVhQ0KUQTfM4c2kmMhJX8=
X-Received: by 10.107.46.30 with SMTP id i30mr4664955ioo.288.1521103939113; Thu, 15 Mar 2018 01:52:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.2.29.138 with HTTP; Thu, 15 Mar 2018 01:52:18 -0700 (PDT)
In-Reply-To: <CALZ3u+b_iRx7-jCWkSdxMGJS0XdyiexVxUepXYjywoeNzxpFyQ@mail.gmail.com>
References: <C43EDAAC-1CA1-4289-8659-B2E05985F79C@akamai.com> <CALZ3u+b_iRx7-jCWkSdxMGJS0XdyiexVxUepXYjywoeNzxpFyQ@mail.gmail.com>
From: nalini elkins <nalini.elkins@e-dco.com>
Date: Thu, 15 Mar 2018 08:52:18 +0000
Message-ID: <CAPsNn2XY1upg=wLwUgQo-G2pkAPG0m8yaU5f15HC9LLN=aRRbg@mail.gmail.com>
To: Artyom Gavrichenkov <ximaera@gmail.com>
Cc: "Salz, Rich" <rsalz@akamai.com>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a11372550f5497505676f9b47"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/k_Xn0ycA2IiuxGqeXv4cZB8qCPY>
Subject: Re: [TLS] Breaking into TLS to protect customers
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Mar 2018 08:52:22 -0000

 > Are we going to discuss draft-fenter ad hoc, or we'll start a new thread
dedicated to that? Because I strongly believe I also have some suggestions
for that draft.

Artyom, yes, as far as I am concerned at least, please start a new thread.
Sorry I am getting behind on responding to all the emails.   But, I am very
interested in what you have to say.  I just can't keep up.   Will do my
best to respond as promptly as possible but there are many of you and not
so many of me.

Nalini

On Thu, Mar 15, 2018 at 3:33 AM, Artyom Gavrichenkov <ximaera@gmail.com>;
wrote:

> Are we going to discuss draft-fenter ad hoc, or we'll start a new thread
> dedicated to that? Because I strongly believe I also have some suggestions
> for that draft.
>
> ср, 14 мар. 2018 г., 23:30 Salz, Rich <rsalz@akamai.com>;:
>
>> Some on this list have said that they need to break into TLS in order to
>> protect customers.
>>
>>
>>
>> The thing customers seem to need the most protection is having their
>> personal data stolen.  It seems to happen with amazing and disappointing
>> regularity on astounding scales.  Some examples include
>>
>>    - retailer Target, presumably subject to PCI-DSS rules
>>    - Anthem health insurance, presumably a regulated industry
>>    - Equifax, a financial-business organization (but apparently not
>>    regulated)
>>    - Yahoo, a company created on and by and for the Internet (one would
>>    think they know better)
>>
>> We could, of course, go on and on and on.
>>
>>
>>
>> NONE of those organizations are using TLS 1.3.
>>
>>
>>
>> So what kind of “protect the customer” requires breaking TLS?  And what
>> benefits and increased protection will customers see?
>>
>>
>>
>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>


-- 
Thanks,
Nalini Elkins
President
Enterprise Data Center Operators
www.e-dco.com