Re: [TLS] Breaking into TLS to protect customers

"Ackermann, Michael" <> Thu, 15 March 2018 21:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 697E5126CC4 for <>; Thu, 15 Mar 2018 14:50:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.089
X-Spam-Status: No, score=-4.089 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)"
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id HkJqUPQSrC47 for <>; Thu, 15 Mar 2018 14:50:32 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C22141241FC for <>; Thu, 15 Mar 2018 14:50:32 -0700 (PDT)
Received: from (ZixVPM []) by (Proprietary) with SMTP id EA99A1C0990 for <>; Thu, 15 Mar 2018 16:50:31 -0500 (CDT)
Received: from ( []) by (Proprietary) with SMTP id EBC7F1C0616; Thu, 15 Mar 2018 16:50:30 -0500 (CDT)
Received: from (unknown []) by IMSVA (Postfix) with ESMTP id A4D4892053; Thu, 15 Mar 2018 17:50:30 -0400 (EDT)
Received: from (unknown []) by IMSVA (Postfix) with ESMTP id 6BB7A9206E; Thu, 15 Mar 2018 17:50:30 -0400 (EDT)
Received: from (unknown []) by (Postfix) with ESMTPS; Thu, 15 Mar 2018 17:50:30 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1-bcbsm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=rA4WG6AH/TG+dSP9OMmVIf4ftwJYLGCaHRYOg44qNK0=; b=SE0c6BCoa1H9pE0poclyWKCpZJ+lT8CjCrOwFQ3Mjw1RPprYcjFCq8W/ucF7Mi7Ab11JaI6pRNr3eb/0rzWFhrMoUu+K3w5Ef67labvZnmavLMieX+qreHZ/1GdBjExRsbSFajht0b931gHu7QTtb0UnRFD/5ZOdgi2WgHrni2Q=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Thu, 15 Mar 2018 21:50:28 +0000
Received: from ([fe80::b16b:85b4:3e2:e0a2]) by ([fe80::b16b:85b4:3e2:e0a2%13]) with mapi id 15.20.0548.021; Thu, 15 Mar 2018 21:50:28 +0000
From: "Ackermann, Michael" <>
To: Yoav Nir <>, Rich Salz <>
CC: "" <>
Thread-Topic: [TLS] Breaking into TLS to protect customers
Thread-Index: AQHTvA3iixHTI7nuzEOVKDOY2Cg356PQvDUAgAEanAA=
Date: Thu, 15 Mar 2018 21:50:28 +0000
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN7PR14MB2193; 7:lyZW0IMV/Xw7UjnpefZCjH3sAim39QZX+mrwGjPw9nVWVPiDskAtb3UXs2UCc7lvihagnTTxGKHnROH763d0xLSdyfbgFLeI8fLsqjt+E0MmmgI3tDOJz9Dwea6egDh1QTXwCO182n0zD6YL7/waJxaUtl/JTMM52P8VKKkc9tP16XEcdmfroiJXdeLRk/j9E2iq0K+RzQur4vzI4Re4tmILVrChNx5+k3vPTg8S+6c4GGLCS+6LkHWaFiZIrBlz; 20:1y4uGxPtqHBVWMyCYrBKzfFQzM2qWb1QQwM5krOckdg+6tbELCuWjvPwubnT7QNGGFGFkkY0QVCT0vdhtFjE5qPE+afcsWuW1d+tE+ZB7R6vEb2frKPB/5lIF4jZlhlXs8uk3tJzdH0TyB9fsYo0e6MOQr0U2WDHnaES4aLquig=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 634c9f08-9adb-404e-a990-08d58abec42c
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(3008032)(4534165)(7168020)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BN7PR14MB2193;
x-ms-traffictypediagnostic: BN7PR14MB2193:
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(72170088055959)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(3231221)(944501244)(52105095)(93006095)(93001095)(3002001)(10201501046)(6041310)(20161123558120)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(6072148)(201708071742011); SRVR:BN7PR14MB2193; BCL:0; PCL:0; RULEID:; SRVR:BN7PR14MB2193;
x-forefront-prvs: 0612E553B4
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39380400002)(346002)(376002)(39860400002)(366004)(396003)(199004)(189003)(53936002)(606006)(790700001)(3280700002)(8936002)(55016002)(8676002)(26005)(236005)(5250100002)(86362001)(6306002)(106356001)(19609705001)(81156014)(6116002)(316002)(54896002)(6246003)(4326008)(81166006)(55236004)(25786009)(186003)(97736004)(2900100001)(9686003)(39060400002)(59450400001)(7736002)(110136005)(966005)(102836004)(105586002)(74316002)(80792005)(99286004)(3846002)(72206003)(53546011)(68736007)(6436002)(5660300001)(66066001)(6506007)(14454004)(2950100002)(478600001)(3660700001)(33656002)(2906002)(229853002)(76176011)(7696005); DIR:OUT; SFP:1102; SCL:1; SRVR:BN7PR14MB2193;; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None ( does not designate permitted sender hosts)
x-microsoft-antispam-message-info: +hWny0J5kVZIH23La1n5Xo+YMuIPylADAg+YZduahQgYoRLBC4shXd2DwGM95dIv+JY1fhfx0V7DOibrqCsFu+ReZVH6q6pIFhenMfIko7eHM9419Zwgc8uvn1nvYdJP4jxF4iD+7wF8DFRH/+NF2Fg9BBMrLZg6JUbBsUXXAHmLd6LovXAUG/1eUKcVXyyDKSwKZn63wIdZ/CtHuB0CVidggxoOn2BieExKuhlLygLymFh86J+ODPdLCAeMJaH5FCIktvLDwO93jEYUv3hD0tcvL5WlPAtwi46Kg4LYdj3j4uUGxvBMWNPMCY0YXv9mL77/bXrVydMKtxod8KBgdQ==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BN7PR14MB23698A785363CC424A981A15D7D00BN7PR14MB2369namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 634c9f08-9adb-404e-a990-08d58abec42c
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Mar 2018 21:50:28.2005 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 6f56d3fa-5682-4261-b169-bc0d615da17c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR14MB2193
X-VPM-GROUP-ID: 2d68ed5a-70f9-4eb8-8f29-1c21387ca2eb
X-VPM-MSG-ID: ebd81ba3-0f0e-4706-b501-67dcd199f74c
Archived-At: <>
Subject: Re: [TLS] Breaking into TLS to protect customers
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 15 Mar 2018 21:50:37 -0000

Good point Yoav.

And this positive side effect holds true in the health care and insurance industries as well,  and is not an accident.  It is one of the primary reasons this monitoring is performed.

From: TLS [] On Behalf Of Yoav Nir
Sent: Thursday, March 15, 2018 12:58 AM
To: Rich Salz <>
Subject: Re: [TLS] Breaking into TLS to protect customers

Hi, Rich.

You are conflating customers and users. The customer that may be protected by breaking TLS in a bank’s server farm is the bank itself. An IPS system with visibility into the traffic may detect bots that are there to steal data or mine cryptocurrencies or whatever.

If the customers of the bank are protected, it’s a happy side effect (collateral benefit?). The object is to protect the system integrity and the data.


On 15 Mar 2018, at 5:29, Salz, Rich <<>> wrote:

Some on this list have said that they need to break into TLS in order to protect customers.

The thing customers seem to need the most protection is having their personal data stolen.  It seems to happen with amazing and disappointing regularity on astounding scales.  Some examples include
·         retailer Target, presumably subject to PCI-DSS rules
·         Anthem health insurance, presumably a regulated industry
·         Equifax, a financial-business organization (but apparently not regulated)
·         Yahoo, a company created on and by and for the Internet (one would think they know better)
We could, of course, go on and on and on.

NONE of those organizations are using TLS 1.3.

So what kind of “protect the customer” requires breaking TLS?  And what benefits and increased protection will customers see?

TLS mailing list<>

The information contained in this communication is highly confidential and is intended solely for the use of the individual(s) to whom this communication is directed. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. Please notify the sender, by electronic mail or telephone, of any unintended receipt and delete the original message without making any copies.
 Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association.