Re: [TLS] Industry Concerns about TLS 1.3

Peter Bowen <pzbowen@gmail.com> Fri, 23 September 2016 23:17 UTC

Return-Path: <pzbowen@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 954CB12BA99 for <tls@ietfa.amsl.com>; Fri, 23 Sep 2016 16:17:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dIitra1YnM-7 for <tls@ietfa.amsl.com>; Fri, 23 Sep 2016 16:17:37 -0700 (PDT)
Received: from mail-io0-x22d.google.com (mail-io0-x22d.google.com [IPv6:2607:f8b0:4001:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9B6B12BA64 for <tls@ietf.org>; Fri, 23 Sep 2016 16:17:36 -0700 (PDT)
Received: by mail-io0-x22d.google.com with SMTP id m186so132884651ioa.2 for <tls@ietf.org>; Fri, 23 Sep 2016 16:17:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=/RnU8y2eNNbOrBCyMhAjAmYI5lxnw71O5lMkNu8899Y=; b=yhs1uXRNmP3tMlbRhDiqzMNK05S4VZrMEJ4vw0gWc/mD950ATukgfQLSb9FfgxTw8w HJQRzkealC2oHCJIcT1V+4HzTFvXR84uPZxCFB6T/YPFtOYuLISasP8A7ZhA9LuBlamL uUXcCAuwOF7MCa9vsKcsuHz+c22ieeJHoICtcAyroU22K8fk9hxKBdtug2NJd2APQGjX ht6wT77kv6y6i6tejLHFV01RgQav6zEpYTolWZCuz/OjO+rbidyfFMc2oWy/1ufb5lvM +T7fGSegZ8KiwmYHmLlnqZbo5oqlGldbMSMWfLE3K6iFJn6gO1kqqBlokdw1BHfzs8NA SzQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=/RnU8y2eNNbOrBCyMhAjAmYI5lxnw71O5lMkNu8899Y=; b=gOlNceZsqC6SQqVPl8/6bTocBWSz66Pr4CFAaeIErmrCO7k8hg0iOEQNDycD0Zneef BQDjRhaBpdyx1GJ2vMqpSNIrciCSspyOLrsfp8b1oslBxquiqevqVdCYam4o4gYMS7aU GFRpiOEk50AYy+O8BSiFmIxYVTca06RprlqpvxnMs1MKPFZEWw5YLY8jxgAubB8bHpVN Re4QWEP8rGd5XqjQSdpwNvlPdxqTe9YsBCgPgqgqKIS1BoYczef78d6Hl9YAtu0WgUWP d3uopdiyC2I9TbMrgmmFZNyBIvfra5OM2DhrHsiZQrlY3EezlFzVCbNkrWiTrF17um9w XpgQ==
X-Gm-Message-State: AA6/9RlIcF3/WzOM3AFozfD2t06q8Lntvtloo/UflUz7d2SKie3NNzOquPpBeuZMsq9ME1PxKtuToWY0Vamt8g==
X-Received: by 10.107.159.138 with SMTP id i132mr13199060ioe.177.1474672656287; Fri, 23 Sep 2016 16:17:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.2.229 with HTTP; Fri, 23 Sep 2016 16:17:35 -0700 (PDT)
In-Reply-To: <DM5PR11MB1419F8F0D0C80835C1DB49F2F4C80@DM5PR11MB1419.namprd11.prod.outlook.com>
References: <DM5PR11MB1419B782D2BEF0E0A35E420DF4C90@DM5PR11MB1419.namprd11.prod.outlook.com> <CO1PR07MB283F2C414B6478E993675DEC3C90@CO1PR07MB283.namprd07.prod.outlook.com> <394611bf-208f-03d3-620c-79aaf169645b@cs.tcd.ie> <4FC37E442D05A748896589E468752CAA0DBC66AE@PWN401EA120.ent.corp.bcbsm.com> <CAH8yC8kgYzYXwJ01NkK7WYxD-diponWEQOd+MNHssm+bLHE54w@mail.gmail.com> <4FC37E442D05A748896589E468752CAA0DBC699B@PWN401EA120.ent.corp.bcbsm.com> <CACsn0c=5vjzQmr=ah6sH1JzTj3peaKad7aCPertcqD4B2DLKiA@mail.gmail.com> <DM5PR11MB141941D8E156245A1CF6C911F4C80@DM5PR11MB1419.namprd11.prod.outlook.com> <126ee1b6-fc88-bf4e-c366-60d59a9b3350@gmail.com> <DM5PR11MB1419F8F0D0C80835C1DB49F2F4C80@DM5PR11MB1419.namprd11.prod.outlook.com>
From: Peter Bowen <pzbowen@gmail.com>
Date: Fri, 23 Sep 2016 16:17:35 -0700
Message-ID: <CAK6vND_S-YRfY5mpvt_v_srNhdvYJkM8pVV84bywr9zMaYoE6A@mail.gmail.com>
To: BITS Security <BITSSecurity@fsroundtable.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/rkf01VQDcK39J-4Lnzs3wb1tjIU>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Industry Concerns about TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Sep 2016 23:17:38 -0000

On Fri, Sep 23, 2016 at 2:10 PM, BITS Security
<BITSSecurity@fsroundtable.org>; wrote:
>  we need a better option than TLS 1.2 that will, perhaps sooner than we might expect, be deprecated.

I'm somewhat confused here.  The concern over RSA for key exchange
versus DH for key exchange would only seem to apply when the network
tapping system has access to the RSA key, right?  So the part of this
about monitoring the network for external chat and such doesn't really
change if the client is using TLS 1.1 or 1.3, as you still can't
decrypt the connection just from monitoring, right?

If that is true, then it implies that the server is at least somewhat
under control of the monitor, so it can support TLS 1.2 as long as
needed.  TLS 1.0 came out in 1999 and is still now (in 2016) widely
deployed.  While I hope TLS 1.3 deployment is speedy, I don't forsee
browsers dropping TLS 1.2 and earlier support any time soon.

Thanks,
Peter