Re: [TLS] chairs - please shutdown wiretapping discussion...

Tony Arcieri <bascule@gmail.com> Sat, 08 July 2017 15:40 UTC

Return-Path: <bascule@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88B88129687 for <tls@ietfa.amsl.com>; Sat, 8 Jul 2017 08:40:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fQ9sloqtvtjb for <tls@ietfa.amsl.com>; Sat, 8 Jul 2017 08:40:16 -0700 (PDT)
Received: from mail-yb0-x230.google.com (mail-yb0-x230.google.com [IPv6:2607:f8b0:4002:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 706E6124E15 for <tls@ietf.org>; Sat, 8 Jul 2017 08:40:16 -0700 (PDT)
Received: by mail-yb0-x230.google.com with SMTP id p207so18163859yba.2 for <tls@ietf.org>; Sat, 08 Jul 2017 08:40:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=JkhmvSIhmCivdecbu4c5ZdhQXXIiNPvb2HFPa83vzVE=; b=tB5nV667P/tB8ylKLEsS+09wfjv3zoaTlsok7dxjJyRoO4764yA0VKDMquLYUwYrbh UIRlkzqwPf4fv7ioKmvLzrvxr16mM1jBlpKT5mR2fz5fRD0qP7M3RdVOKMZH/R3lDFIO 8AbSZrDQ8uTBpjsfyzEpcbaHG1pMMycBh0TQ1mM6CHg+qg5zfWUeQlSFpT1hx9CGWSP8 CdI9JVlD9mYGdtzJXAV200OOIzNGF05wrjt75BQtBLhgq6p8orsrlzt9oIgKCh3dqohQ oVXxJxI0goYDpUj0gEhxPJAjqUhMe5qTpxumMSN1sx/ul+YY41ONvupJxp46Wfvi2/KO 6wFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=JkhmvSIhmCivdecbu4c5ZdhQXXIiNPvb2HFPa83vzVE=; b=jI2Eoz6+z7fAZ6oAwQ3jGgqL+ZzDHfzSBqzgbjsTXSsQCsYAEMOoOZfewurU/ix0pD sXNWN84fC8MFldLmvsuWCg7bbd9ziBmkElSIMev3jv0Z8BrgOVdeXdSDwdif3YbsddjP cZLzgaFIe/KBs4d5a+3793sZVddYvOL3RSBv6DmfaBIbnHBCMZF0nyIpcr2HjXnz6w1t glnRtSnTush843sH/pBDb7SJM0v8AbuUPr9vavjBjcmz9qQDDVSb4sv73KLrfm/jQyyM uOr7ZnZ6JJADWdzmKkANBcm+6GBj9GXLRzEthC3RD8b05CP63HlwbC2hrcFTZ1ZPJu7g yIUA==
X-Gm-Message-State: AIVw110u69mFBuoVp+hp6tOZMSRiiFGSJqM7uWcBcoNhMK3vZkjs5TVs Ir237IwBxMhghhbaJhHiFoIzSoQ82A==
X-Received: by 10.37.221.196 with SMTP id u187mr8590771ybg.173.1499528415563; Sat, 08 Jul 2017 08:40:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.192.216 with HTTP; Sat, 8 Jul 2017 08:39:55 -0700 (PDT)
In-Reply-To: <b8baf87c-6648-96aa-4275-924fee07f774@cs.tcd.ie>
References: <b8baf87c-6648-96aa-4275-924fee07f774@cs.tcd.ie>
From: Tony Arcieri <bascule@gmail.com>
Date: Sat, 8 Jul 2017 08:39:55 -0700
Message-ID: <CAHOTMVLXzgnvcZsSjUgexpqeTZROUz9gaHO8oa8ox4hS7awQYA@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: tls chair <tls-chairs@tools.ietf.org>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a114bc35a8a76a50553d02ab4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/mZh45CRrC2OWu3ngUc4WViQT9hk>
Subject: Re: [TLS] chairs - please shutdown wiretapping discussion...
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Jul 2017 15:40:18 -0000

I was one of the people arguing my hardest against the BITS Security
proposal to continue to (ab)use RSA static keys to allow passive MitM, even
though TLS 1.3 had already moved forward on what I would call a more modern
protocol design of the sort I believe payments companies should embrace to
improve their security.

That said, if people do want to MitM themselves, I would rather there be a
single, easily detectable and very explicit way of doing so, as opposed to
sketchy, incompatible, ad hoc mechanisms. Furthermore, it would be nice to
have a clear answer for these users, less they continue to make (bad)
arguments that there is something fundamentally wrong with the design of
TLS 1.3 that makes it incompatible with "industry requirements".

Clearly there are echoes of the scary protocols of yesteryear, i.e.
Clipper/LEAP. I think if you visit Matt Green's Twitter page and check the
image header you will discover he is quite familiar with these things, and
my personal presumption would be he is not displaying this image to show
his undying love of the Clipper chip, although perhaps he's an especially
crafty and duplicitous NSA sleeper agent.