Re: [TLS] draft-rhrd (Was: Re: Update on TLS 1.3 Middlebox Issues)
"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Sun, 08 October 2017 22:38 UTC
Return-Path: <prvs=1454e9faa1=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A51A6134654 for <tls@ietfa.amsl.com>; Sun, 8 Oct 2017 15:38:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lq_npWEIh0yb for <tls@ietfa.amsl.com>; Sun, 8 Oct 2017 15:38:43 -0700 (PDT)
Received: from llmx2.ll.mit.edu (LLMX2.LL.MIT.EDU [129.55.12.48]) by ietfa.amsl.com (Postfix) with ESMTP id 5B1A9133061 for <tls@ietf.org>; Sun, 8 Oct 2017 15:38:42 -0700 (PDT)
Received: from LLE2K10-HUB01.mitll.ad.local (LLE2K10-HUB01.mitll.ad.local) by llmx2.ll.mit.edu (unknown) with ESMTP id v98MccjU023320; Sun, 8 Oct 2017 18:38:40 -0400
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
CC: Eric Rescorla <ekr@rtfm.com>, Randy Bush <randy@psg.com>, Transport Layer Surveillance WG <tls@ietf.org>
Thread-Topic: [TLS] draft-rhrd (Was: Re: Update on TLS 1.3 Middlebox Issues)
Thread-Index: AQHTQIWKSfKQiJJn7kaUAa5dNa4k+KLazYGA
Date: Sun, 08 Oct 2017 22:35:32 +0000
Message-ID: <C679B34E-613F-4C2B-AF5E-9C08FD344DB2@ll.mit.edu>
References: <m2shetiafc.wl-randy@psg.com> <CABcZeBPA885itU+O-X+ri_P7Zxqbs1qXUmQFbE9Fc3h5YQfSMw@mail.gmail.com> <1854f9e7-7264-bd1a-9ae4-0407b682b731@cs.tcd.ie>
In-Reply-To: <1854f9e7-7264-bd1a-9ae4-0407b682b731@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Content-Type: multipart/signed; boundary="Apple-Mail-227D29BA-6CAE-452A-973F-4A3C1105A486"; protocol="application/pkcs7-signature"; micalg="sha1"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-10-08_05:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1710080333
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/tcxIMynxP6liK9JwIO8iwBVey64>
Subject: Re: [TLS] draft-rhrd (Was: Re: Update on TLS 1.3 Middlebox Issues)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Oct 2017 22:38:46 -0000
+1 to Stephen. Regards, Uri Sent from my iPhone > On Oct 8, 2017, at 18:34, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > > >> On 08/10/17 23:22, Eric Rescorla wrote: >> You seem to be responding to some other thread. > > Yep. I changed the subject line. > > Randy's substantive message however is crystal clear. And is > one that WG participants ought take to heart IMO. Pretending > that some changes to TLS would magically be limited in scope > to so-called "data centres" is BS. I'm really really puzzled > that some otherwise sensible folks appear unable to see that. > > S > > >> As both Adam Langley and I >> mentioned, none of the changes that anyone is investigating for reducing >> middlebox-induced breakage affect the cryptographic properties of TLS. >> >> -Ekr >> >> >>> On Sun, Oct 8, 2017 at 2:42 PM, Randy Bush <randy@psg.com> wrote: >>> >>> there are a lot of us lurkers out here a bit horrified watching this wg >>> go off the rails. >>> >>> it would help if vendors of devices which break privacy would stop >>> speaking for 'datacenters' and let datacenters speak for themselves. i >>> have not seen any doing so. my $dayjob has >10 medium sized datacenters >>> serving everything from banks to telcos to scaled cloud services. i can >>> not find folk in our datacenter groups who see a need to break e2e >>> encryption. >>> >>> if the interception proposals ensured that user is notified and able to >>> prevent session interception, then i would believe this. but if they do >>> not, then let's face it, this is all about selling surveillance gear to >>> snooping enterprises and repressive regiemes where people with guns take >>> you away at 3am because your session was decoded. >>> >>> can we please provide real end to end privacy or call this wg something >>> else? >>> >>> randy >>> >>> _______________________________________________ >>> TLS mailing list >>> TLS@ietf.org >>> https://www.ietf.org/mailman/listinfo/tls >>> >> >> >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >> > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] Update on TLS 1.3 Middlebox Issues Eric Rescorla
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Salz, Rich
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Carl Mehner
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Hanno Böck
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Ilari Liusvaara
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Yoav Nir
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Eric Rescorla
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Nick Sullivan
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Salz, Rich
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Watson Ladd
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Richard Barnes
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Eric Rescorla
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Eric Rescorla
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Salz, Rich
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Jeffrey Walton
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Hanno Böck
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Eric Rescorla
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Ilari Liusvaara
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Salz, Rich
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Adam Langley
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Yoav Nir
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Ilari Liusvaara
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Randy Bush
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Eric Rescorla
- [TLS] draft-rhrd (Was: Re: Update on TLS 1.3 Midd… Stephen Farrell
- Re: [TLS] draft-rhrd (Was: Re: Update on TLS 1.3 … Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Randy Bush
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Salz, Rich
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Martin Rex
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Martin Rex
- Re: [TLS] draft-rhrd (Was: Re: Update on TLS 1.3 … Stephen Farrell
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Ilari Liusvaara
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Martin Rex
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Hannes Tschofenig
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Ilari Liusvaara
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Ilari Liusvaara
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Martin Rex
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Hubert Kario
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Loganaden Velvindron
- Re: [TLS] Update on TLS 1.3 Middlebox Issues Matt Caswell