IETF Logo Mail Archive

Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00

"Salz, Rich" <rsalz@akamai.com> Wed, 25 October 2017 12:48 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68624138239 for <tls@ietfa.amsl.com>; Wed, 25 Oct 2017 05:48:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3v11r7Cbhnto for <tls@ietfa.amsl.com>; Wed, 25 Oct 2017 05:48:06 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C1DA1377B3 for <tls@ietf.org>; Wed, 25 Oct 2017 05:48:06 -0700 (PDT)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.0.21/8.16.0.21) with SMTP id v9PCgjcV002463; Wed, 25 Oct 2017 13:48:03 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=sYqsGdrOYG6NZN5WBep5N7qesJvrkuwBvUSE50Ur1VI=; b=mCeqd5Uui3eRUn13U+57k+1SusmFwhu/281wxcEUQXogZ72koiu4QxyxumTOWnJ8spUS y+0voxDzkFRXV/XB9+JqttI99irSoESxkK2XjIc6Uz4pVOX6co2aeCC7jZTiOUS5KroH YJMIH2tUoTT06O7lB7p/cbIuMkXKhkYoqzrarbc9RZt5B4JroEKwdHWrfvyF+bj7wKFq GzqLayOEKcYMR9YAvQEIpGfGKDguyKwNCgTd62x+DyIdb+jLNz0ExVK1MhuxounbamW8 XuUmif5T3lnEdv3wS63wdQ7cr8gc2kODDeFxUZ/FEbatNpYpM/MUJgH+VqFl5gEZBxVh vw==
Received: from prod-mail-ppoint3 ([96.6.114.86]) by m0050102.ppops.net-00190b01. with ESMTP id 2dquad5cun-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 25 Oct 2017 13:48:03 +0100
Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1]) by prod-mail-ppoint3.akamai.com (8.16.0.21/8.16.0.21) with SMTP id v9PCkwiR000481; Wed, 25 Oct 2017 08:48:02 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.57]) by prod-mail-ppoint3.akamai.com with ESMTP id 2dr1jvpcce-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 25 Oct 2017 08:48:02 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb3.msg.corp.akamai.com (172.27.123.103) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 25 Oct 2017 08:48:01 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1263.000; Wed, 25 Oct 2017 08:48:00 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: "Ackermann, Michael" <MAckermann@bcbsm.com>, "David A. Cooper" <david.cooper@nist.gov>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00
Thread-Index: AQHTTPr5Mz3yJYxp1UWiK0P85Z38q6LzpCgAgAABKgCAAAJqAIAABUSAgAAMJgCAAAjQAIAAAkoAgAAWo4CAACJOAIAAFimAgAAZC4CAAJuvAA==
Date: Wed, 25 Oct 2017 12:48:00 +0000
Message-ID: <831AE1AF-C24F-4D12-A182-03EAB40F036A@akamai.com>
References: <cde0e322-797c-56e8-8c8d-655248ed7974@nist.gov> <FB95CAC8-C967-4724-90FB-B7E609DADF45@akamai.com> <8A5E441B-90B7-4DF4-BD45-7A33C165691B@gmail.com> <3BA34D7B-BB04-4A1F-B18A-B0AC25402C4B@gmail.com> <0f9073f5-271b-a741-1a1e-f20ebc506d61@nist.gov> <9E26AFA9-2E72-4E8C-B304-553A2C851DC4@gmail.com> <2d45c53b-cef3-7e86-3d6f-3d486b1342b8@nist.gov> <74265928-8252-4CA1-B6A4-45296F74637B@akamai.com> <5fd2adb6-ed9c-2368-34de-db0597727e68@nist.gov> <CY4PR14MB13686CD4119467FEEB5AC454D7440@CY4PR14MB1368.namprd14.prod.outlook.com> <4ff287f3-fefa-d68a-ac56-52697d978ceb@cs.tcd.ie> <BN6PR14MB13610227E80B81F0BC45582ED7440@BN6PR14MB1361.namprd14.prod.outlook.com>
In-Reply-To: <BN6PR14MB13610227E80B81F0BC45582ED7440@BN6PR14MB1361.namprd14.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.27.0.171010
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.33.58]
Content-Type: text/plain; charset="utf-8"
Content-ID: <B2863D8EE9FE42449E90CC8CCE9BE546@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-10-25_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1710250176
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-10-25_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1710250175
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/odHULscVCQY2pAXmZDWvm_ZPR4Y>
Subject: Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Oct 2017 12:48:08 -0000

Before you leave, there are a number of questions still unanswered.

1 Can this draft enable an active attacker to modify traffic?  If not, then then how is that prevented?

2 Can this draft be used to segregate traffic so that only those willing to be intercepted can be handled separately from those unwilling?

3 Do you think that this draft will require zero changes to your infrastructure?  How does that cost estimate compare with, say, the server just sending the PFS session key to the infrastructure?

4 What percentage of traffic in your enterprise is TLS 1.2 now?  (Yes, that’s a new question I admit)

5 When do you think you will “have” to move to TLS 1.3, round it to, say five years.

6 What is the justification for this approach, other than you think it will be a “hard sell” to convince executives to do the work needed?  I’ve seen no other reasons discussed and am curious to see how this response and #3 align.

v2.23.0 | Report a Bug | By Email