Re: [TLS] Industry Concerns about TLS 1.3

Bill Frantz <frantz@pwpconsult.com> Wed, 28 September 2016 23:09 UTC

Return-Path: <frantz@pwpconsult.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B85B512B0AA for <tls@ietfa.amsl.com>; Wed, 28 Sep 2016 16:09:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.62
X-Spam-Level:
X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oozMewk_afmH for <tls@ietfa.amsl.com>; Wed, 28 Sep 2016 16:09:06 -0700 (PDT)
Received: from elasmtp-dupuy.atl.sa.earthlink.net (elasmtp-dupuy.atl.sa.earthlink.net [209.86.89.62]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F15212B023 for <tls@ietf.org>; Wed, 28 Sep 2016 16:09:04 -0700 (PDT)
Received: from [47.143.125.162] (helo=Williams-MacBook-Pro.local) by elasmtp-dupuy.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <frantz@pwpconsult.com>) id 1bpNy3-00052n-Ph; Wed, 28 Sep 2016 19:08:48 -0400
Date: Wed, 28 Sep 2016 16:08:37 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: mrex@sap.com
X-Priority: 3
In-Reply-To: <20160928090143.7C30F1A558@ld9781.wdf.sap.corp>
Message-ID: <r470Ps-10116i-D1400872992D4A999C16CBD8D0E8C6D1@Williams-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.4 (470)
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec7966e21539bfd0363ef6c8477fec93aa9d350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 47.143.125.162
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/yMEmUe1g5iGL7C33nss5oGVgT5Q>
Cc: tls@ietf.org
Subject: Re: [TLS] Industry Concerns about TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Sep 2016 23:09:08 -0000

On 9/28/16 at 2:01 AM, mrex@sap.com wrote:

>I'm sorry, but I'm still violently opposed to the IETF endorsing
>backdooring of security protocols.

I find myself in violent agreement with Martin, and many others 
in the IETF.

The last major backdoored encryption protocol I can remember 
came from the National Security Agency. After a few years of 
examination, serious flaws were found in the backdoor mechanism 
which would allow attackers to open the backdoors and read the 
plaintext. When the best in the business can't get these 
protocols right, I don't think we can either.

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | Since the IBM Selectric, keyboards have gotten
408-356-8506       | steadily worse. Now we have touchscreen keyboards.
www.pwpconsult.com | Can we make something even worse?