Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 24 October 2017 08:38 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B14C413C2F9 for <tls@ietfa.amsl.com>; Tue, 24 Oct 2017 01:38:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i-vL3bBQgVA3 for <tls@ietfa.amsl.com>; Tue, 24 Oct 2017 01:38:52 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EEA113D1D1 for <tls@ietf.org>; Tue, 24 Oct 2017 01:38:51 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id DB745BE56; Tue, 24 Oct 2017 09:38:49 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BxZ4dy0A2DxI; Tue, 24 Oct 2017 09:38:48 +0100 (IST)
Received: from [10.244.2.100] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id CAE4DBE2E; Tue, 24 Oct 2017 09:38:47 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1508834327; bh=JHlwbDDKYUJJa8WWF4Q5Vxnc29BFQWVuUjfRAHvlUpU=; h=Subject:References:To:From:Cc:Date:In-Reply-To:From; b=Iyx11g1NlDcBwL7UMvCUVB/8QVO+LL7K81xx8wlBjYSOE9ramVHVQ1Uo1M6rClXzJ a7oJvZW7qZT6mDJorPDD6R8oPG8aI2/b3Pgr2koBYOnbMoQLCu+pD4PrnOzS0AbaXl lvitopwmoTIp49QxndCtF7JuA74k9Lh6TtCcq8Fg=
References: <7E6C8F1F-D341-456B-9A48-79FA7FEC0BC1@gmail.com> <557F43AC-A236-47BB-8C51-EDD37D09D5CB@fugue.com> <CY4PR14MB13684F18AD75F4AE767CE35CD7460@CY4PR14MB1368.namprd14.prod.outlook.com> <57CFBA2A-E878-47B0-8284-35369D4DA2DF@fugue.com> <CY4PR14MB13680B6D5726D940C4C51B4BD7460@CY4PR14MB1368.namprd14.prod.outlook.com> <0D75E20C-135D-45BC-ABE4-5C737B7491C9@akamai.com> <CY4PR14MB1368378B42A6C46B27F5EF01D7460@CY4PR14MB1368.namprd14.prod.outlook.com> <2AC16F9E-C745-43AD-82C1-D3953D51816C@fugue.com> <CY4PR14MB1368895DD0D72286635E4E83D7460@CY4PR14MB1368.namprd14.prod.outlook.com> <E37A3920-D7E3-4C94-89D0-6D3ECDEBCFF6@fugue.com> <CAFJuDmMZMRqvhyLFMoUo_5KPaVu3d4o2ZEQ_PiAOxWe7CtGgYQ@mail.gmail.com> <CAHOTMVJZpWfdCSrzYXhb5-gyzpjuNzoEMjM9DywqRu6Q8op_vw@mail.gmail.com> <CY4PR14MB1368C52236964E69E1F124FBD7460@CY4PR14MB1368.namprd14.prod.outlook.com> <17ae3ecd-ab72-59ac-c0fd-fb040dc67faa@akamai.com> <CY4PR14MB1368BC5ED91EB52D702C7C76D7460@CY4PR14MB1368.namprd14.prod.outlook.com>
To: tls chair <tls-chairs@tools.ietf.org>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Cc: "tls@ietf.org" <tls@ietf.org>
Message-ID: <1d5f4100-ba25-4601-2f76-bd9548d56dea@cs.tcd.ie>
Date: Tue, 24 Oct 2017 09:38:46 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <CY4PR14MB1368BC5ED91EB52D702C7C76D7460@CY4PR14MB1368.namprd14.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="slv7PRcvCaDO6hdCf5IEPv6hGdhRMdtti"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/mY03jJAEW22jPD6HaXPHiQYvt_o>
Subject: Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2017 08:38:55 -0000

Sean/Joe, this is addressed to you...

On 24/10/17 00:31, Ackermann, Michael wrote:
> NO The objective is to be passively observe, out of band and not to
> be a MitM or modify/inject text.    Just as we all do today.

So from the above we see that some of the proponents of
breaking TLS demonstrate a breathtaking ignorance of what
they are espousing. After 18 months of this WG dealing
with the "I want my static RSA" pony, I personally think
we are justified in demanding more from those who've been
actively engaged for some time in trying to break TLS and
therefore we ought consider postings such as the above,
or ones containing blatantly false/exaggerated statements
(e.g. about "guarantees" or "using TLS1.2 forever") as
being merely disruptive.

So in addition to asking you as chairs to close down this
discussion, I would also ask that you contact the folks
being disruptive like that and try to educate them as to
how to behave in IETF discussions and also let them know
about the IETF's processes for dealing with disruptive
postings.

Thanks,
S.

PS: Your (chairs') silence on the repeated requests to
close down this discussion is quite puzzling to me.

> 
> -----Original Message----- From: Benjamin Kaduk
> [mailto:bkaduk@akamai.com] Sent: Monday, October 23, 2017 6:33 PM To:
> Ackermann, Michael <MAckermann@bcbsm.com>; Tony Arcieri
> <bascule@gmail.com>; Adam Caudill <adam@adamcaudill.com> Cc:
> tls@ietf.org Subject: Re: [TLS] Publication of
> draft-rhrd-tls-tls13-visibility-00
> 
> On 10/23/2017 05:09 PM, Ackermann, Michael wrote:
>> No one I am aware of is pushing for a MitM capability to address
>> this. In fact it was one of the alternative solutions for which
>> many implementation issues were cited at the Prague meeting and on
>> this list.    But I would like to ask,  what is the solution that
>> your company and others that you reference,  have solved this
>> problem by implementing?
> 
> Is not draft-rhrd-tls-tls13-visibility a MitM, in that the holder of
> the SSWrapDH1 private key has the cryptographic capability to inject
> traffic and modify plaintext for the affected connections?
> 
> -Ben
> 
> 
> The information contained in this communication is highly
> confidential and is intended solely for the use of the individual(s)
> to whom this communication is directed. If you are not the intended
> recipient, you are hereby notified that any viewing, copying,
> disclosure or distribution of this information is prohibited. Please
> notify the sender, by electronic mail or telephone, of any unintended
> receipt and delete the original message without making any copies.
> 
> Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan
> are nonprofit corporations and independent licensees of the Blue
> Cross and Blue Shield Association. 
> _______________________________________________ TLS mailing list 
> TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
>