Re: [TLS] Industry Concerns about TLS 1.3

Xiaoyin Liu <> Mon, 26 September 2016 20:12 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 711FC12B2B4 for <>; Mon, 26 Sep 2016 13:12:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.718
X-Spam-Status: No, score=-2.718 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HK_RANDOM_ENVFROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id uHnc7CnYmqi2 for <>; Mon, 26 Sep 2016 13:12:08 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2759212B2A7 for <>; Mon, 26 Sep 2016 13:12:08 -0700 (PDT)
Received: from ([]) by over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Mon, 26 Sep 2016 13:12:07 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=M1f82UdTL41xvY37D2NU69JQUqYLQ1ZxlDxm2JWMQKU=; b=fkO0DYDGumtfs1cTNL8UzO60jAmo+pKMc3TZEO24YPkgPSk8NDnAFX0y4wONA2u6vG29ufWLA9L8doaLuyj6ER0JbCFgjztaqbxJ8uTXYIzA6qr0mbtu3r6UIMCcnTKsIAgYqr1pn4ClWlXIgI7LwwuMLG3yot6aAvsXevZztW8Q7Wmvix0NkaXTlujhxTjpa2GTGJLtX0Yt/kNlFaB/A5PzXhXCZX+fBE9TZ/Fm4uwstIU0vHq9ywgrhUB5Ab0Fw/mvY6f2C6eJqo29ldMweAsIU8CrdweCXs18ChPcBJ8BVuH7DawmqE5Y+Tmpd8E/OKZjxXPpmtyHxG91iX21mw==
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.629.5; Mon, 26 Sep 2016 20:12:03 +0000
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.629.5 via Frontend Transport; Mon, 26 Sep 2016 20:12:03 +0000
Received: from ([]) by ([]) with mapi id 15.01.0639.011; Mon, 26 Sep 2016 20:12:03 +0000
From: Xiaoyin Liu <>
To: BITS Security <>, Peter Bowen <>
Thread-Topic: [TLS] Industry Concerns about TLS 1.3
Date: Mon, 26 Sep 2016 20:12:03 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <> <>, <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results: spf=softfail (sender IP is;; dkim=none (message not signed) header.d=none;; dmarc=fail action=none;
received-spf: SoftFail ( domain of transitioning discourages use of as permitted sender)
x-incomingtopheadermarker: OriginalChecksum:C021A45FF908502D84865B54156215BFB263023E496939B5C011B20DC70973EE; UpperCasedChecksum:3773D6F6758CEDEA0CD54AC085786960F07409FB26C592F9B6C8DC5AFD72658B; SizeAsReceived:8198; Count:39
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [GKXHAk6yc+Z8KRfWw+8zBEzl4YYgDCTJ]
x-incomingheadercount: 39
x-eopattributedmessage: 0
x-microsoft-exchange-diagnostics: 1; BY2NAM03HT238; 6:yHPGIOJUJIF1/FcXVJN+YjsCdcJPF21Gq/FBgjSQ1I6cRynMYSOUA1no6EDxUR03fUB6BgGCbY3Q+etnHD/IcuXeQf/Rvzg18YeeROzCKTdoejrZ2WaBCCwZsWl2bvYWFuOE/+rq76WNiOMh0N6NuPne8MTRz/I3ytJb7/bcEwWIKiSqsh3zBUXp5LWoLoEi0M8jDESrgs13f93mWO2lshBT9EieKo7inpZtCOy3dpbXqXGa5WLKncp4NVuqMCIdnzA1oy/WfZC22ZwFQYNS6EvbxCEeiEQa7K1uhCFurYg=; 5:QaZWa39JGRL6cwYrirlX9fhFqq7Ge/vuC2wbISvrq4aeZIL99dcGy6E2nmt1RWTCpHSbXixwtxcvlUV0eF5XChnSXyKZcns0hDQM1jKKbWleK0EfF9kuUt8v8MkQC14G5/O1/U2gSXYfv6FphyLBkQ==; 24:2wmA+C1em5WhbNWvcARaG65QxMsvIL/LLbbtzyb7wFGBYpTLoGe52YqbIitSkT68MygsohUdLhuW12ei4vh5Sj8Kft8m9JxLC+dgys1jMiw=; 7:Ods5rtN7z/Y4iGKp4h8F4ed/HuSbEGEOpoFLG8JColS6fOyTHkIQdo13X6HTXr5FhKbeaW4r390NlcEEELs5eP6LrGKuc3mAuPp/fSkTIQiiOi9yofRw1N8NI6yTsnUw2Jmn1J6e7d7TfnaYYg4pADm/abHy5xkqGbcHpdx+2UXxIJSZ8zObwH1ryHEkMHw+bMLmNGqD5Jjf/yA2cFRg+Se0CbSQ4EIz6jYVCuch4LNxVOEQZsVBzJgRVaEDT0qKR4sv/XBUXUZmY7kxFeUNXwlqodIk//9FuuydINQaiVa6tnT68Ln+JYvHSli2tbep
x-forefront-antispam-report: EFV:NLI; SFV:NSPM; SFS:(10019020)(98900003); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2NAM03HT238;; FPR:; SPF:None; LANG:en;
x-ms-office365-filtering-correlation-id: 2deaaa78-b29d-453b-783c-08d3e649618e
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(1601124038)(1603103081)(1601125047); SRVR:BY2NAM03HT238;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(432015012)(82015046); SRVR:BY2NAM03HT238; BCL:0; PCL:0; RULEID:; SRVR:BY2NAM03HT238;
x-forefront-prvs: 00770C4423
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY1PR15MB0778F7828DF1BB92D27E3C85FFCD0CY1PR15MB0778namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Sep 2016 20:12:03.1848 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2NAM03HT238
X-OriginalArrivalTime: 26 Sep 2016 20:12:07.0615 (UTC) FILETIME=[41A85CF0:01D21832]
Archived-At: <>
Cc: "" <>
Subject: Re: [TLS] Industry Concerns about TLS 1.3
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 26 Sep 2016 20:12:10 -0000


Then I think your option is to persuade the regulators not to require TLS 1.3 for internal networks. Also, unlike SSL 3.0 – TLS 1.1, TLS 1.2 is not currently known to be weak or insecure, if properly implemented and not using insecure cipher suites. So in my opinion, it makes sense to keep using TLS 1.2 internally.



From: BITS Security<>
Sent: Monday, September 26, 2016 3:02 PM
To: Peter Bowen<>
Subject: Re: [TLS] Industry Concerns about TLS 1.3


Outbound TLS connections require MITM for decryption.  Inbound or internal TLS connections can be decrypted with an RSA private key under TLS 1.2.

The PCI DSS is already requiring TLS 1.2 for financial institutions that participate in the Payment Card Industry.  .BANK (exclusive top level banking domain) is also planning to require TLS 1.2.   We're anticipating that a regulatory body like these will require TLS 1.3 at some point in the future.  Financial institutions then have to comply if they want to continue to do business with the companies represented by the regulatory body (like large credit card companies in the case of PCI).


-----Original Message-----
From: Peter Bowen []
Sent: Friday, September 23, 2016 7:18 PM
To: BITS Security <>
Cc: Yaron Sheffer <>;
Subject: Re: [TLS] Industry Concerns about TLS 1.3

On Fri, Sep 23, 2016 at 2:10 PM, BITS Security <> wrote:
>  we need a better option than TLS 1.2 that will, perhaps sooner than we might expect, be deprecated.

I'm somewhat confused here.  The concern over RSA for key exchange versus DH for key exchange would only seem to apply when the network tapping system has access to the RSA key, right?  So the part of this about monitoring the network for external chat and such doesn't really change if the client is using TLS 1.1 or 1.3, as you still can't decrypt the connection just from monitoring, right?

If that is true, then it implies that the server is at least somewhat under control of the monitor, so it can support TLS 1.2 as long as needed.  TLS 1.0 came out in 1999 and is still now (in 2016) widely deployed.  While I hope TLS 1.3 deployment is speedy, I don't forsee browsers dropping TLS 1.2 and earlier support any time soon.

TLS mailing list