Re: [TLS] Industry Concerns about TLS 1.3

BITS Security <> Mon, 26 September 2016 19:23 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 74E2212B004 for <>; Mon, 26 Sep 2016 12:23:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id TJrcdGXNrYUT for <>; Mon, 26 Sep 2016 12:23:30 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 13C85127076 for <>; Mon, 26 Sep 2016 12:23:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1-fsroundtable-org; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=QZ5fnSXxxM+MLFYTPRs0wtXfuJ7Eu6OjeW4ZRry+fgE=; b=cmVtGoPOyPAc7zPCq82IhOUn8OwMxM0pNgHAMc/N1KQJHoXpETMPRfuNzCr8tga4rPSiEwi23drbUvZLnPBqQNaoQCweP709VilmQngrXWKJOzxrpXpWqDwKKUKi0186H7ex0lqLsmWINjEWyJVLbGxRrZCtc7pJ6QiE73XCjZY=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.619.10; Mon, 26 Sep 2016 19:23:28 +0000
Received: from ([]) by ([]) with mapi id 15.01.0619.011; Mon, 26 Sep 2016 19:23:28 +0000
From: BITS Security <>
To: Bill Frantz <>
Thread-Topic: [TLS] Industry Concerns about TLS 1.3
Thread-Index: AdIU8WqWM9WBapZoQzyfqxiOaK25faCHl8IAgABEtwCABEucYA==
Date: Mon, 26 Sep 2016 19:23:28 +0000
Message-ID: <>
References: <> <r470Ps-10116i-4C64C69C85D443BF91A20D2FDB8F48E9@Williams-MacBook-Pro.local>
In-Reply-To: <r470Ps-10116i-4C64C69C85D443BF91A20D2FDB8F48E9@Williams-MacBook-Pro.local>
Accept-Language: en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: []
x-ms-office365-filtering-correlation-id: b12ceac5-f2e9-41d2-b4d2-08d3e6429854
x-microsoft-exchange-diagnostics: 1; DM5PR11MB1420; 6:uHVAjNFMUn97rQENB2siDEJ7cIAt8+XBozRD1SN/qDCkEKEKBFTEjwEUgkw3RZAqPYLqo/VLRSjfA+VzZ0qNqLEQ/CcvzL/mAKWoXWae+oEppPjGxMVEnup/P0C6gMakpRahWftTjj3hwFFspwvMVJ11ltC76X10onSzmviullIIW7R1MyREBWpjF/NleloA/cEJTp3iRwnpJt36I0KXy1P2G5PhV3jkYA43HNwtKqFN9ofQdVJlWlCxJc01ABAa+5IJzDP4KZZb4gn3HopwCpSQw3LebPBfIKXy3N6b2ECqoWp71rt9mVOJXlQyrKHp; 5:bNK0Yn32MxNBL+lnvIkXZabqPRsik8KgpO9n5vlTPKyw4tVDlGcTU9IU48yYqFwrtVKWywxNe0KRo9ycz0TxtEXzgYDEmdWBqZXPLzTOYnmsFdzYch1mT5U1z5Sh5Ymd1MQNeOhAga5ejz0yyq3PZA==; 24:2n12rEwtYFS9dSYQBOWPJjSG/1pc/Xl1LAIYSiZh4+W1mOz/7rWODzMH0Ogdkg8yDS/2XM07/LLxjj1SReb6ZCmiTvPYYu9ne8XeBbUor/k=; 7:Bi7zDvE6XpXGy7atze7qq1UkJWkJr+DQ8w2UnRoMBGT0pWLe9rLXpFYAAK1+EzfjhO7XOg3XXfxxLn6EWXTU38D2g5/hKbZf1GJ/dBIAeAGoEiiAIh5VnYeniBPtX3kshT3VyAJBJpI/nr3gpOrBGHhU2WxcsChLNerYSya7h8bGLHGkIi496HhAcMv3H7mToZWwjkURzl2C91a3sp01/iMFVzDncWwZVLiZuyg0LTHakqsiQ+bEni+z0ElUEQXjZL04LGQh4k5llW8aVq92tKVPjIVyK0DIje85LAJijvmEtQEvoE3pf30RXQBmHo5B
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM5PR11MB1420;
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:(148322886591682)(72170088055959)(192374486261705)(788757137089)(81227570615382)(21532816269658)(231250463719595)(17755550239193);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6042046)(6043046); SRVR:DM5PR11MB1420; BCL:0; PCL:0; RULEID:; SRVR:DM5PR11MB1420;
x-forefront-prvs: 00770C4423
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(7916002)(377454003)(189002)(199003)(13464003)(24454002)(6116002)(7846002)(10400500002)(81166006)(11100500001)(2906002)(86362001)(7736002)(87936001)(110136003)(81156014)(76176999)(122556002)(7696004)(66066001)(8676002)(2950100002)(2900100001)(50986999)(5002640100001)(15974865002)(76576001)(101416001)(77096005)(54356999)(3280700002)(4326007)(305945005)(19580405001)(99286002)(3660700001)(74316002)(102836003)(586003)(3846002)(105586002)(106356001)(19580395003)(80792005)(97736004)(8936002)(9686002)(33656002)(92566002)(5660300001)(6916009)(189998001)(68736007); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR11MB1420;; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None ( does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Sep 2016 19:23:28.5408 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 841de5a0-73e8-4cbc-8142-f80b225ef22d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1420
Archived-At: <>
Cc: "" <>
Subject: Re: [TLS] Industry Concerns about TLS 1.3
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 26 Sep 2016 19:23:32 -0000

Bill--We believe it isn't a binary choice between maximizing public Internet security and minimizing enterprise risk.  I am not advocating for a particular solution but if social media chooses to use PFS only that is fine with us and likely we would use PFS is many public Internet situations as well.  

That said, at least one of the sites you mentioned was known to have an APT inside their perimeter (Operation Aurora) for about a month and part of the tactics within that attack which was publicly reported was the use of "SSL" to mask C&C communications.  That's the type of threat we are concerned about inside of the enterprise network and we need visibility (and flexibility appropriate to our network design and risk tolerance) to solve for these issues in way that protects people like the ones you mentioned.  

End-point monitoring while useful has a lot of limitations:  logging issues, often can't meet packet capture requirements, etc.  We are not against end-point monitoring and do consider it a tool in the toolkit but it simply can't adequately replace robust network security monitoring tools.  

- Andrew 

-----Original Message-----
From: Bill Frantz [] 
Sent: Friday, September 23, 2016 9:31 PM
To: BITS Security <>
Subject: Re: [TLS] Industry Concerns about TLS 1.3

On 9/23/16 at 2:24 PM, (BITS
Security) wrote:

>But general-purpose messaging services (and other collaboration
>services) which don’t have an explicit man-in-the-middle (and don’t 
>permit server-side access to user plaintext and can’t be observed by 
>other means) can’t be used in supervised environments. This rules out 
>many cloud-hosted services today.

I see a train wreck coming and it looks like this:

The public internet, Google, Cloud services, Facebook, Twitter, etc. etc. move in the direction of improving security using things like PFS, because the idea of protecting human rights advocates in the parts of the world where people are routinely tortured sells well to the general public, people like me, and others on this list.

On the other hand, some major enterprises continue to depend on being able to break the security of their employees to monitor their networks in ways that the bad guys can easily use, as opposed to installing endpoint or gateway monitoring.

This train wreck results in fewer and fewer public internet services being available to users within these enterprises. 
Eventually, employees give up on the corporate network and start using their cell phones to communicate with customers, research investments etc., completely bypassing the regulatory required monitoring.

This scenario says it doesn't matter whether TLS 1.3 and successors allows RSA. If they have any PFS modes, these will be the only ones public internet servers will accept. If they are turned off in enterprise clients, they will not be able to connect without going through a gateway which turns them on.

My conclusion is that enterprises that depend on being able to decrypt traffic without involving the endpoints should start moving to systems that do involve the endpoints.

Cheers - Bill

Bill Frantz        | Ham radio contesting is a    | Periwinkle
(408)356-8506      | contact sport.               | 16345 
Englewood Ave |  - Ken Widelitz K6LA / VY2TT | Los Gatos, CA 95032