Re: [TLS] Industry Concerns about TLS 1.3

Ilari Liusvaara <ilariliusvaara@welho.com> Fri, 23 September 2016 20:24 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68CC312B9C0 for <tls@ietfa.amsl.com>; Fri, 23 Sep 2016 13:24:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.216
X-Spam-Level:
X-Spam-Status: No, score=-4.216 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-2.316] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HOwDDBlrUDBB for <tls@ietfa.amsl.com>; Fri, 23 Sep 2016 13:24:29 -0700 (PDT)
Received: from welho-filter4.welho.com (welho-filter4.welho.com [83.102.41.26]) by ietfa.amsl.com (Postfix) with ESMTP id 4F62412B79E for <tls@ietf.org>; Fri, 23 Sep 2016 13:24:29 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter4.welho.com (Postfix) with ESMTP id 88EF116776; Fri, 23 Sep 2016 23:24:28 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter4.welho.com [::ffff:83.102.41.26]) (amavisd-new, port 10024) with ESMTP id eWr5JOc51emx; Fri, 23 Sep 2016 23:24:28 +0300 (EEST)
Received: from LK-Perkele-V2 (87-100-237-87.bb.dnainternet.fi [87.100.237.87]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 49253C4; Fri, 23 Sep 2016 23:24:28 +0300 (EEST)
Date: Fri, 23 Sep 2016 23:24:24 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: BITS Security <BITSSecurity@fsroundtable.org>
Message-ID: <20160923202424.GB6669@LK-Perkele-V2.elisa-laajakaista.fi>
References: <DM5PR11MB1419B782D2BEF0E0A35E420DF4C90@DM5PR11MB1419.namprd11.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <DM5PR11MB1419B782D2BEF0E0A35E420DF4C90@DM5PR11MB1419.namprd11.prod.outlook.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/oQZpjJy6dE8lqmnL9MEMYqmI8c0>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Industry Concerns about TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Sep 2016 20:24:31 -0000

On Thu, Sep 22, 2016 at 05:19:48PM +0000, BITS Security wrote:
> To:  IETF TLS 1.3 Working Group Members
>
> Deprecation of the RSA key exchange in TLS 1.3 will cause significant
> problems for financial institutions, almost all of whom are running
> TLS internally and have significant, security-critical investments in
> out-of-band TLS decryption. 

It is not merely deprecated, the whole TLS 1.3 design assumes DH-like
key exchange, which RSA key exchange isn't. It has been this way from
the earliest designs, which were over 2 years ago.

If you are thinking you can have static RSA key exchange in TLS 1.3, you
are just plain wasting your time. There will not be static RSA in TLS
1.3. No matter how much "inconvience" you claim that causes.



Also, security protocol design is hard enough without backdoors. Try to
add those and everything will just come apart. In way that lets the "bad
guys" (however you define those) to waltz in.


-Ilari