Re: [TLS] draft-green-tls-static-dh-in-tls13-01

Ted Lemon <mellon@fugue.com> Sat, 15 July 2017 09:39 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F41AE126CD8 for <tls@ietfa.amsl.com>; Sat, 15 Jul 2017 02:39:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rl6XIwdHvaCs for <tls@ietfa.amsl.com>; Sat, 15 Jul 2017 02:39:02 -0700 (PDT)
Received: from mail-pg0-x22f.google.com (mail-pg0-x22f.google.com [IPv6:2607:f8b0:400e:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 588C2126C83 for <tls@ietf.org>; Sat, 15 Jul 2017 02:39:02 -0700 (PDT)
Received: by mail-pg0-x22f.google.com with SMTP id 123so6034001pgd.3 for <tls@ietf.org>; Sat, 15 Jul 2017 02:39:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=EOHUiLxKjsRYje5gFuKeKicjdKk3DbqhUYZBwy0EIeI=; b=qkpTTs1TEYKwGbgfYDYEdIIFaHG293k6d1xD+K6oUgkIJSACsYHahILJsvPIwzhxG5 AGdbQ6N1eMU7a+0Q6KLZ4Urn2Ovkvo4zsweZ/S8zvkjvpdm9RJcMyasvpzq7k35Jv2r+ oT2FBoNscT0NOU2wwxJe0yUEEbYqpzJiWD4Hz8WwkgRDCb5wAcFCuuJhGEeZu4xo5VMX Axv8JCYIcsk/tVPk776etfk3t1dIbJcc/qfLJY3XLvtgz4tNLf1jMgPe4aOv9nnymJXM KXvi2vCsqIDLNFLQ2drx2k3oyEk0TptHeSHCn1aBgX2aFv24xWerrr7CEx9jljt6MyD6 BdEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=EOHUiLxKjsRYje5gFuKeKicjdKk3DbqhUYZBwy0EIeI=; b=Us6ClVi730now9WDLaWEcd9weZu86XSjrS/T69vNX+dhqGI93yeGAyzjlnki+h2hvD ApUrV4AeebBLkImlMbACcQzP9WalTRZ3R3i76o2jVM/LZadouGqqDcGbDosmocV867AU uHZokDRrMMerAIvrj6IeD0gx8zVxy2QFK4KVTHy1lgFX9na+95XR0YDtVx6B/1mTI3pq lB1/6DvIpnmEVpqeZ5oELY1JQMNxbGxn+trjKx0epJdbayL5qGxi7o3wuyH9svaSvUbi 0+hQluIVVRh/F9aXfjuLg++oWmuQiwthjBZ9reNsKaNRRIWJ4nLFEIPVrpL97ieF1Tf0 L0Bw==
X-Gm-Message-State: AIVw11237IW1ChwRV6rNc3jw50EpLoPOlcxUn+U6p9bVaxnm8ddo3iNH C1DxJcNGEDIG7PTxVXoFkzxgZfDQF3D9
X-Received: by 10.99.114.82 with SMTP id c18mr107887pgn.32.1500111541887; Sat, 15 Jul 2017 02:39:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.181.42 with HTTP; Sat, 15 Jul 2017 02:38:21 -0700 (PDT)
In-Reply-To: <6770F4F3-3793-46F9-B47C-25EBE2E7DF5A@arbor.net>
References: <CAPCANN-xgf3auqy+pFfL6VO5GpEsCCHYkROAwiB1u=8a4yj+Fg@mail.gmail.com> <CAL02cgRJeauV9NQ2OrGK1ocQtg-M2tbWm2+5HUc4-Wc8KC3vxQ@mail.gmail.com> <71E07F32-230F-447C-B85B-9B3B4146D386@vigilsec.com> <39bad3e9-2e17-30f6-48a7-a035d449dce7@cs.tcd.ie> <CAJU8_nXBFkpncFDy4QFnd6hFpC7oOZn-F1-EuBC2vk3Y6QKq3A@mail.gmail.com> <f0554055-cdd3-a78c-8ab1-e84f9b624fda@cs.tcd.ie> <A0BEC2E3-8CF5-433D-BA77-E8474A2C922A@vigilsec.com> <87k23arzac.fsf@fifthhorseman.net> <D37DF005-4C6E-4EA8-9D9D-6016A04DF69E@arbor.net> <CAPt1N1nVhCQBnHd_MCm79e7c1gO6CY6vZG_rZSNePPvmmU_Bow@mail.gmail.com> <44AB7CB8-13C1-44A0-9EC4-B6824272A247@arbor.net> <CAPt1N1=rvtssKXCnsNmr1vy4ejb6YDUxO2kDcgh-ZMh5WGjfWg@mail.gmail.com> <D43C7836-9F72-4D3C-A8FA-E536FCBEEB6A@arbor.net> <CAPt1N1m6QNmpHY4Zkm3eJSKjBpTs_xaAy6vv6pZi0ySYej_4Sg@mail.gmail.com> <CF285C9C-9822-4B5F-98FC-C5B2701619D4@arbor.net> <6770F4F3-3793-46F9-B47C-25EBE2E7DF5A@arbor.net>
From: Ted Lemon <mellon@fugue.com>
Date: Sat, 15 Jul 2017 11:38:21 +0200
Message-ID: <CAPt1N1k_ywGakLr0=fRe4YrGE=Vs+JAq5i3X+GUC5iSEu7smXA@mail.gmail.com>
To: "Dobbins, Roland" <rdobbins@arbor.net>
Cc: IETF TLS <tls@ietf.org>
Content-Type: multipart/alternative; boundary="f403045c772493fdc4055457ef13"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/p-0vLMp2BQiAgVSoJNqLafSPJ9U>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Jul 2017 09:39:04 -0000

I was at at least one of those presentations recently, and while it
certainly convinced me that there was a problem in the short term, it did
not convince me that the points you are making are inherent problems with
the technology.   That is, the problem is not that there is no way to
achieve what you intend without static keys, but rather that it would be
difficult in the context of some existing deployed architectures to achieve
what you intend without static keys.  I agree that this is a problem.

On Sat, Jul 15, 2017 at 11:16 AM, Dobbins, Roland <rdobbins@arbor.net>;
wrote:

>
>
> > On Jul 15, 2017, at 16:05, Dobbins, Roland <rdobbins@arbor.net>; wrote:
> >
> > There is plenty of information on these topics available on the Internet
> today.
>
> At the risk of self-replying, it should also be noted that highly
> informative discussions of these challenges, & detailed presentations
> thereof, have taken place in WG meetings at previous IETF meetings.
>
> There has also been ample time since those discussions & presentations to
> gain additional understanding & insight.
>
> -----------------------------------
> Roland Dobbins <rdobbins@arbor.net>;