Re: [TLS] Industry Concerns about TLS 1.3
Eric Rescorla <ekr@rtfm.com> Fri, 23 September 2016 20:43 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A45C12B4FA for <tls@ietfa.amsl.com>; Fri, 23 Sep 2016 13:43:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UAd7Li67ywdy for <tls@ietfa.amsl.com>; Fri, 23 Sep 2016 13:43:56 -0700 (PDT)
Received: from mail-yb0-x22a.google.com (mail-yb0-x22a.google.com [IPv6:2607:f8b0:4002:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B07B912B13B for <tls@ietf.org>; Fri, 23 Sep 2016 13:43:56 -0700 (PDT)
Received: by mail-yb0-x22a.google.com with SMTP id u125so71764780ybg.3 for <tls@ietf.org>; Fri, 23 Sep 2016 13:43:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=IE5nM9vYxUWZ4WO/d2X4ryo9bATdmP727hn1fNFc0m8=; b=Z+Houtez4OCMc/xFxpK98hZoT9cdm9rcIzFnTxcDwGJSPglgjlS1e9jIHfr/xCEFnK TdtnZfb3ieq9tWOH1I4IUEqyrQ377BS4Sh8bBAfXeTc4LhEMmX/ABEIXFyP4YhBKucuL OCOCPMCHdV4/LBtmvcYtPIs6/zMNvgQDygtspKMSjUaJMD5HgtHEeAINaNEYxJa/xTJY AxC+Ep4NRnA5/r6xwaZFK3zxLwjk0u+zNr36YbZFac021VmgeIBnd79vIhvNlMj1bx4S B/XJmEiybi6vG+dtHAcQYfOjW2e2NfVvV7t0krH02zVAry6WPKQd/tNr3IbLZfZwjfhx U5Jg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=IE5nM9vYxUWZ4WO/d2X4ryo9bATdmP727hn1fNFc0m8=; b=ENoF6uLVSjyq5NmP29ZbjgBFj28W5DjfR2sbg+YxTUiZ1/7pLbw4vfpkgEbIfm0hVI gE5ylUbb0TXrN+x5Bvz3Bcmzu9P9p5UpVbieeSIS0wNGzbNaZAg/OrHVUwZMECVP0W2t 7emzyamuq2AmvDNiQ9CwoxdjWuW4fCSiwnFyhAomjncLVo+d/aGl1GtRHttQ83uPQG9J LvMcgh3eZ1IvsyPL7/2Bv2gH+XTZ/UOsKnklhlefUsGGkXfwXjAchGAfOK8UDdGkk246 qG1sUYFi5oGA/p3wChdJdqurnr0hr5zj2P1d/G//DCysl7EhmTf15KDG4bN2XZrKP2KB qavw==
X-Gm-Message-State: AE9vXwPKyEQMyYpDwlV3uvdtrot0YoZ3R2JfLHURc7Y5OcnS9qXVx2C78bUZ3lUIWyA5rp0usFObOESi6HvsIg==
X-Received: by 10.37.80.17 with SMTP id e17mr7407449ybb.105.1474663435883; Fri, 23 Sep 2016 13:43:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.160.10 with HTTP; Fri, 23 Sep 2016 13:43:15 -0700 (PDT)
In-Reply-To: <DM5PR11MB141926C5806296FFD7252A45F4C80@DM5PR11MB1419.namprd11.prod.outlook.com>
References: <DM5PR11MB1419B782D2BEF0E0A35E420DF4C90@DM5PR11MB1419.namprd11.prod.outlook.com> <CO1PR07MB283F2C414B6478E993675DEC3C90@CO1PR07MB283.namprd07.prod.outlook.com> <394611bf-208f-03d3-620c-79aaf169645b@cs.tcd.ie> <4FC37E442D05A748896589E468752CAA0DBC66AE@PWN401EA120.ent.corp.bcbsm.com> <CAH8yC8kgYzYXwJ01NkK7WYxD-diponWEQOd+MNHssm+bLHE54w@mail.gmail.com> <4FC37E442D05A748896589E468752CAA0DBC699B@PWN401EA120.ent.corp.bcbsm.com> <CACsn0c=5vjzQmr=ah6sH1JzTj3peaKad7aCPertcqD4B2DLKiA@mail.gmail.com> <72011214.413503.1474650126973@mail.yahoo.com> <e24a06b8d0d04ccc80b9a55d83bf5606@usma1ex-dag1mb1.msg.corp.akamai.com> <DM5PR11MB141926C5806296FFD7252A45F4C80@DM5PR11MB1419.namprd11.prod.outlook.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 23 Sep 2016 13:43:15 -0700
Message-ID: <CABcZeBNCoB6hd-c-x8tzT3k7ZFKs85NS04Fs-_CO+U4YZ-WjQg@mail.gmail.com>
To: BITS Security <BITSSecurity@fsroundtable.org>
Content-Type: multipart/alternative; boundary="001a113eac7c428ab6053d32d600"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/t_Pn_ElVyTzqIxfSs1XoRxxHmkY>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Industry Concerns about TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Sep 2016 20:43:59 -0000
Andrew, What would probably be most helpful here would be if you tried to describe what you think your requirements are in some sort of protocol-neutral fashion. -Ekr On Fri, Sep 23, 2016 at 1:31 PM, BITS Security < BITSSecurity@fsroundtable.org> wrote: > Rich (et al.) -- I understand where you are coming from but I will poke a > little bit at this portrayal. > > We are not here hat-in-hand asking for a return to RSA key exchange to the > proposed standard. We do however want to raise our concern (and hopefully > your awareness) of what appears to be an unintended consequence of the move > to PFS-only choices. > > What is happening from our perspective is choice is being removed and an > adequate replacement has (seemingly) not been identified. This lack of > choice may not affect everyone and every use-case but it will predictably > affect large, complex, highly regulated enterprises in a serious manner. > This is a classic case of security requirement being in conflict with a > different security requirement. > > IETF protocols are run extensively both on the public Internet and within > private enterprises. Any decisions made by the TLS Working Group will > affect both environments, and the needs and requirements of both > environments should be considered. > > -Andrew > > > -----Original Message----- > From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Salz, Rich > Sent: Friday, September 23, 2016 3:08 PM > To: nalini.elkins@insidethestack.com > Cc: tls@ietf.org > Subject: Re: [TLS] Industry Concerns about TLS 1.3 > > > > It would be very interesting to get the network diagnostic and > operations people (rather than the architects) of the above companies > involved in this conversation. > > Nothing has ever stopped them. Never. Participation is as simple as > joining a mailing list. The IETF has been doing SSL and TLS for nearly 20 > years. It is not a secret. It was incumbent on them to reach out and get > involved. > > > Why don't we listen to each other? I know at IETF, I often hear that > we don't get enough operators to comment and give feedback. Well, here you > have some. It may be that these companies have problems that are different > from Google's (just as an example). > > Don't try to equate "listen to each other" with "meet my requirement." > The message has been stated, very clearly, from individuals, WG members, > through document editors and WG chairs and up to Security Directors: > static RSA is not coming back to TLS 1.3 . Since before the last IETF this > was the message, consistently. So perhaps you should answer the question > first -- why aren't *you* listening? :) > > PFS is also possible in TLS 1.1 and later. What does, say USBank, do to > prevent PFS in their existing deployment? Why won't additional controls to > prevent TLS 1.3 and its mandatory PFS be expected to work here as well? So > far all I've seen is "maybe there's bugs in TLS 1.2 and we'll be forced to > move to TLS 1.3" Shrug. There are bugs everywhere. Maybe there's bugs > in TLS 1.3 too. > > Look, pretty much the entire world is being spied on by national-scale > adversaries who are recording all traffic for eventual decryption and > correlation. *Almost everyone* is having their traffic surveilled. The > problems of debugging a set of enterprise apps doesn’t amount to a hill of > beans in that world. It just doesn't. Same for a particular industry's > regulatory requirements. > > > Isn't our goal to have the best standards possible? Any organism > (including the IETF), needs feedback to thrive. > > Oxygen, coke, and cookies too. > > -- > Senior Architect, Akamai Technologies > IM: richsalz@jabber.at Twitter: RichSalz ______________________________ > _________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Yuhong Bao
- Re: [TLS] Industry Concerns about TLS 1.3 Watson Ladd
- Re: [TLS] Industry Concerns about TLS 1.3 Paterson, Kenny
- Re: [TLS] Industry Concerns about TLS 1.3 Kyle Rose
- Re: [TLS] Industry Concerns about TLS 1.3 Salz, Rich
- Re: [TLS] Industry Concerns about TLS 1.3 Dave Garrett
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Yoav Nir
- Re: [TLS] Industry Concerns about TLS 1.3 Yuhong Bao
- Re: [TLS] Industry Concerns about TLS 1.3 Andrei Popov
- Re: [TLS] Industry Concerns about TLS 1.3 Xiaoyin Liu
- Re: [TLS] Industry Concerns about TLS 1.3 Hugo Krawczyk
- Re: [TLS] Industry Concerns about TLS 1.3 Colm MacCárthaigh
- Re: [TLS] Industry Concerns about TLS 1.3 Hugo Krawczyk
- Re: [TLS] Industry Concerns about TLS 1.3 Ryan Carboni
- Re: [TLS] Industry Concerns about TLS 1.3 Colm MacCárthaigh
- Re: [TLS] Industry Concerns about TLS 1.3 Geoffrey Keating
- Re: [TLS] Industry Concerns about TLS 1.3 Eric Rescorla
- Re: [TLS] Industry Concerns about TLS 1.3 Thijs van Dijk
- Re: [TLS] Industry Concerns about TLS 1.3 Stephen Farrell
- [TLS] debugging tools [was: Industry Concerns abo… Nikos Mavrogiannopoulos
- Re: [TLS] debugging tools [was: Industry Concerns… Stephen Farrell
- Re: [TLS] debugging tools [was: Industry Concerns… Hubert Kario
- Re: [TLS] Industry Concerns about TLS 1.3 nalini.elkins
- Re: [TLS] Industry Concerns about TLS 1.3 Ackermann, Michael
- Re: [TLS] Industry Concerns about TLS 1.3 Jeffrey Walton
- Re: [TLS] Industry Concerns about TLS 1.3 Dan Brown
- Re: [TLS] Industry Concerns about TLS 1.3 Ackermann, Michael
- Re: [TLS] Industry Concerns about TLS 1.3 Watson Ladd
- Re: [TLS] Industry Concerns about TLS 1.3 Ackermann, Michael
- Re: [TLS] Industry Concerns about TLS 1.3 nalini.elkins
- Re: [TLS] Industry Concerns about TLS 1.3 Eric Rescorla
- Re: [TLS] Industry Concerns about TLS 1.3 Salz, Rich
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Jeffrey Walton
- Re: [TLS] Industry Concerns about TLS 1.3 Yaron Sheffer
- Re: [TLS] Industry Concerns about TLS 1.3 Tony Arcieri
- Re: [TLS] Industry Concerns about TLS 1.3 Ilari Liusvaara
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Yoav Nir
- Re: [TLS] Industry Concerns about TLS 1.3 Eric Rescorla
- Re: [TLS] Industry Concerns about TLS 1.3 Salz, Rich
- Re: [TLS] Industry Concerns about TLS 1.3 Xiaoyin Liu
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Stephen Farrell
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Watson Ladd
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Jeffrey Walton
- Re: [TLS] Industry Concerns about TLS 1.3 Adam Caudill
- Re: [TLS] Industry Concerns about TLS 1.3 Peter Bowen
- Re: [TLS] Industry Concerns about TLS 1.3 Bill Frantz
- Re: [TLS] Industry Concerns about TLS 1.3 Salz, Rich
- Re: [TLS] Industry Concerns about TLS 1.3 Salz, Rich
- Re: [TLS] Industry Concerns about TLS 1.3 Pawel Jakub Dawidek
- Re: [TLS] Industry Concerns about TLS 1.3 Ackermann, Michael
- Re: [TLS] Industry Concerns about TLS 1.3 Ilari Liusvaara
- Re: [TLS] Industry Concerns about TLS 1.3 Salz, Rich
- Re: [TLS] Industry Concerns about TLS 1.3 Brian Sniffen
- Re: [TLS] Industry Concerns about TLS 1.3 Ackermann, Michael
- Re: [TLS] Industry Concerns about TLS 1.3 Watson Ladd
- Re: [TLS] Industry Concerns about TLS 1.3 Hovav Shacham
- Re: [TLS] Industry Concerns about TLS 1.3 Martin Rex
- Re: [TLS] Industry Concerns about TLS 1.3 Pascal Urien
- Re: [TLS] Industry Concerns about TLS 1.3 Salz, Rich
- Re: [TLS] Industry Concerns about TLS 1.3 Martin Rex
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Xiaoyin Liu
- Re: [TLS] Industry Concerns about TLS 1.3 Andrei Popov
- Re: [TLS] Industry Concerns about TLS 1.3 Geoffrey Keating
- Re: [TLS] Industry Concerns about TLS 1.3 Viktor Dukhovni
- Re: [TLS] Industry Concerns about TLS 1.3 Eric Rescorla
- Re: [TLS] Industry Concerns about TLS 1.3 Viktor Dukhovni
- Re: [TLS] Industry Concerns about TLS 1.3 Judson Wilson
- Re: [TLS] Industry Concerns about TLS 1.3 Peter Gutmann
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Seth David Schoen
- Re: [TLS] Industry Concerns about TLS 1.3 Ilari Liusvaara
- Re: [TLS] Industry Concerns about TLS 1.3 Yoav Nir
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Michał Staruch
- Re: [TLS] Industry Concerns about TLS 1.3 Watson Ladd
- Re: [TLS] Industry Concerns about TLS 1.3 Tony Arcieri
- Re: [TLS] Industry Concerns about TLS 1.3 Ronald del Rosario
- Re: [TLS] Industry Concerns about TLS 1.3 Seth David Schoen
- Re: [TLS] Industry Concerns about TLS 1.3 Stephen Farrell
- Re: [TLS] Industry Concerns about TLS 1.3 Hannes Tschofenig
- Re: [TLS] Industry Concerns about TLS 1.3 Martin Rex
- Re: [TLS] Industry Concerns about TLS 1.3 Joachim Strömbergson
- Re: [TLS] Industry Concerns about TLS 1.3 Martin Rex
- Re: [TLS] Industry Concerns about TLS 1.3 Martin Rex
- Re: [TLS] Industry Concerns about TLS 1.3 Dan Brown
- Re: [TLS] Industry Concerns about TLS 1.3 Jeffrey Walton
- Re: [TLS] Industry Concerns about TLS 1.3 Yoav Nir
- Re: [TLS] Industry Concerns about TLS 1.3 Dan Brown
- Re: [TLS] Industry Concerns about TLS 1.3 Bill Frantz
- Re: [TLS] Industry Concerns about TLS 1.3 Melinda Shore
- Re: [TLS] Industry Concerns about TLS 1.3 Tony Arcieri
- Re: [TLS] Industry Concerns about TLS 1.3 Melinda Shore
- Re: [TLS] Industry Concerns about TLS 1.3 Tony Arcieri
- Re: [TLS] Industry Concerns about TLS 1.3 Bill Frantz
- Re: [TLS] Industry Concerns about TLS 1.3 Ryan Carboni
- Re: [TLS] Industry Concerns about TLS 1.3 Hannes Tschofenig
- Re: [TLS] Industry Concerns about TLS 1.3 Hubert Kario
- Re: [TLS] Industry Concerns about TLS 1.3 Peter Gutmann
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Jeffrey Walton
- Re: [TLS] Industry Concerns about TLS 1.3 Watson Ladd
- Re: [TLS] Industry Concerns about TLS 1.3 Tony Arcieri
- Re: [TLS] debugging tools [was: Industry Concerns… Florian Weimer
- Re: [TLS] Industry Concerns about TLS 1.3 Florian Weimer
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Sean Turner
- Re: [TLS] Industry Concerns about TLS 1.3 Ryan Carboni