Re: [TLS] draft-rhrd (Was: Re: Update on TLS 1.3 Middlebox Issues)

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Sun, 08 October 2017 22:38 UTC

Return-Path: <prvs=1454e9faa1=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A51A6134654 for <tls@ietfa.amsl.com>; Sun, 8 Oct 2017 15:38:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lq_npWEIh0yb for <tls@ietfa.amsl.com>; Sun, 8 Oct 2017 15:38:43 -0700 (PDT)
Received: from llmx2.ll.mit.edu (LLMX2.LL.MIT.EDU [129.55.12.48]) by ietfa.amsl.com (Postfix) with ESMTP id 5B1A9133061 for <tls@ietf.org>; Sun, 8 Oct 2017 15:38:42 -0700 (PDT)
Received: from LLE2K10-HUB01.mitll.ad.local (LLE2K10-HUB01.mitll.ad.local) by llmx2.ll.mit.edu (unknown) with ESMTP id v98MccjU023320; Sun, 8 Oct 2017 18:38:40 -0400
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
CC: Eric Rescorla <ekr@rtfm.com>, Randy Bush <randy@psg.com>, "Transport Layer Surveillance WG" <tls@ietf.org>
Thread-Topic: [TLS] draft-rhrd (Was: Re: Update on TLS 1.3 Middlebox Issues)
Thread-Index: AQHTQIWKSfKQiJJn7kaUAa5dNa4k+KLazYGA
Date: Sun, 8 Oct 2017 22:35:32 +0000
Message-ID: <C679B34E-613F-4C2B-AF5E-9C08FD344DB2@ll.mit.edu>
References: <m2shetiafc.wl-randy@psg.com> <CABcZeBPA885itU+O-X+ri_P7Zxqbs1qXUmQFbE9Fc3h5YQfSMw@mail.gmail.com> <1854f9e7-7264-bd1a-9ae4-0407b682b731@cs.tcd.ie>
In-Reply-To: <1854f9e7-7264-bd1a-9ae4-0407b682b731@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Content-Type: multipart/signed; boundary="Apple-Mail-227D29BA-6CAE-452A-973F-4A3C1105A486"; protocol="application/pkcs7-signature"; micalg=sha1
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-10-08_05:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1710080333
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/tcxIMynxP6liK9JwIO8iwBVey64>
Subject: Re: [TLS] draft-rhrd (Was: Re: Update on TLS 1.3 Middlebox Issues)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Oct 2017 22:38:46 -0000

+1 to Stephen.

Regards,
Uri

Sent from my iPhone

> On Oct 8, 2017, at 18:34, Stephen Farrell <stephen.farrell@cs.tcd.ie>; wrote:
> 
> 
> 
>> On 08/10/17 23:22, Eric Rescorla wrote:
>> You seem to be responding to some other thread. 
> 
> Yep. I changed the subject line.
> 
> Randy's substantive message however is crystal clear. And is
> one that WG participants ought take to heart IMO. Pretending
> that some changes to TLS would magically be limited in scope
> to so-called "data centres" is BS. I'm really really puzzled
> that some otherwise sensible folks appear unable to see that.
> 
> S
> 
> 
>> As both Adam Langley and I
>> mentioned, none of the changes that anyone is investigating for reducing
>> middlebox-induced breakage affect the cryptographic properties of TLS.
>> 
>> -Ekr
>> 
>> 
>>> On Sun, Oct 8, 2017 at 2:42 PM, Randy Bush <randy@psg.com>; wrote:
>>> 
>>> there are a lot of us lurkers out here a bit horrified watching this wg
>>> go off the rails.
>>> 
>>> it would help if vendors of devices which break privacy would stop
>>> speaking for 'datacenters' and let datacenters speak for themselves.  i
>>> have not seen any doing so.  my $dayjob has >10 medium sized datacenters
>>> serving everything from banks to telcos to scaled cloud services.  i can
>>> not find folk in our datacenter groups who see a need to break e2e
>>> encryption.
>>> 
>>> if the interception proposals ensured that user is notified and able to
>>> prevent session interception, then i would believe this.  but if they do
>>> not, then let's face it, this is all about selling surveillance gear to
>>> snooping enterprises and repressive regiemes where people with guns take
>>> you away at 3am because your session was decoded.
>>> 
>>> can we please provide real end to end privacy or call this wg something
>>> else?
>>> 
>>> randy
>>> 
>>> _______________________________________________
>>> TLS mailing list
>>> TLS@ietf.org
>>> https://www.ietf.org/mailman/listinfo/tls
>>> 
>> 
>> 
>> 
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>> 
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls