Re: [TLS] Industry Concerns about TLS 1.3
Pascal Urien <pascal.urien@gmail.com> Mon, 26 September 2016 08:28 UTC
Return-Path: <pascal.urien@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81BB212B09D for <tls@ietfa.amsl.com>; Mon, 26 Sep 2016 01:28:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y9txqp0AFIb8 for <tls@ietfa.amsl.com>; Mon, 26 Sep 2016 01:28:31 -0700 (PDT)
Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 604FF12B00A for <tls@ietf.org>; Mon, 26 Sep 2016 01:28:31 -0700 (PDT)
Received: by mail-oi0-x230.google.com with SMTP id t83so199191779oie.3 for <tls@ietf.org>; Mon, 26 Sep 2016 01:28:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=2eZAV1OL2Xn2B/PptR3WYC4Wd/AYHPnqM0HN/icDPRM=; b=hrXNxI19lBVmaJ70fOJ/DiIYiNM8FGwTyde/zyWhPL3V0l0/gkqtBpH1QT/3AbvUqq 4hfc5gANvUTyTpRUALfwUXa18yogh+oiWKy+Hyh/MemCAKUkKBH8TmUMXNOtrwDIfuD4 BqYBLkP4qKQHiS8fT94c65vq5/Se6Cao1YTpKxJPnkD3WTElRTEGpX4g7U05lPmhyr5l 7MlLsi+tFq7GLKxllhTAEZsMImexpA2mDEm+BX3CyNDjZSbk2o5zAD1l6PuYS9tsZuMv TWqc/ODJtURAWw8WNrbf/kvBidSNHI2k5PYYJlZwLURSKTKfyiur0MFUz/s1bpYvDK5W iRig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=2eZAV1OL2Xn2B/PptR3WYC4Wd/AYHPnqM0HN/icDPRM=; b=jsaDrNW6ounr8dd3CfzP+jzukunWAC7W4lH7jcn0gOW6N0GwaqADf1WlMF/sIt9U/C G7vo3O1MuCD7BvrPnQi9eIgMgPIDuydS5dtL4Zku5zx3rSXIwMrym819X09XdF3HfSst EcLFRA/R+TUOhUshNl3RKlSAOJZp7U62ON86l1ZpwqlEVZtMQjXCm5Gs1LK3iNrUC9Pn uQ4cxXHU1skfwMK8p+LJ+wyTe6BBFAH2i2mhHvkSddFJ0bjT3P5ww30Q275PBJpaEeQb WTCNIlu5vQgnB4y6Z5mu1lCU0mup6P2uCTjjqqflLNKs6JHqSOQ4OjxS0G1hKPRic6op Ui5Q==
X-Gm-Message-State: AA6/9Rm/JRxlKPRspuNVUrFBG9i12P+fTMWoPn8e+f/VtEekpGtNFoKgHQXYcpg/9UKbZGacn/xHzSj+BN65nA==
X-Received: by 10.202.231.4 with SMTP id e4mr13426901oih.28.1474878510771; Mon, 26 Sep 2016 01:28:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.202.181.131 with HTTP; Mon, 26 Sep 2016 01:28:29 -0700 (PDT)
In-Reply-To: <4FC37E442D05A748896589E468752CAA0DBCBA55@PWN401EA120.ent.corp.bcbsm.com>
References: <DM5PR11MB1419B782D2BEF0E0A35E420DF4C90@DM5PR11MB1419.namprd11.prod.outlook.com> <CO1PR07MB283F2C414B6478E993675DEC3C90@CO1PR07MB283.namprd07.prod.outlook.com> <394611bf-208f-03d3-620c-79aaf169645b@cs.tcd.ie> <4FC37E442D05A748896589E468752CAA0DBC66AE@PWN401EA120.ent.corp.bcbsm.com> <CAH8yC8kgYzYXwJ01NkK7WYxD-diponWEQOd+MNHssm+bLHE54w@mail.gmail.com> <4FC37E442D05A748896589E468752CAA0DBC699B@PWN401EA120.ent.corp.bcbsm.com> <CACsn0c=5vjzQmr=ah6sH1JzTj3peaKad7aCPertcqD4B2DLKiA@mail.gmail.com> <4FC37E442D05A748896589E468752CAA0DBC6CAC@PWN401EA120.ent.corp.bcbsm.com> <fd4ad423-3614-5330-b687-1b5848e839f0@wheelsystems.com> <4FC37E442D05A748896589E468752CAA0DBC9732@PWN401EA120.ent.corp.bcbsm.com> <b24efbbb594040e794f7513b7e62b3c7@usma1ex-dag1mb1.msg.corp.akamai.com> <4FC37E442D05A748896589E468752CAA0DBCBA55@PWN401EA120.ent.corp.bcbsm.com>
From: Pascal Urien <pascal.urien@gmail.com>
Date: Mon, 26 Sep 2016 10:28:29 +0200
Message-ID: <CAEQGKXRgDU8rv4qFd=5_xzfUX92m9dn-Y+4=0VsP7N4U26pJvg@mail.gmail.com>
To: "Ackermann, Michael" <MAckermann@bcbsm.com>
Content-Type: multipart/alternative; boundary="001a1141b674b8b4a3053d64e94b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ymdmTvWG2d5Zr8doYEwrpsDdTyI>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Industry Concerns about TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Sep 2016 08:28:34 -0000
Hi All There is a smart way to recover DH secret by a third party It is DH tripartite base on EC paring https://tools.ietf.org/html/draft-urien-tls-dh-tripartite-00 Rgs Pascal 2016-09-25 23:20 GMT+02:00 Ackermann, Michael <MAckermann@bcbsm.com>: > I understand your concern over what the nation-state actors are doing but > it is not the same as what Enterprises do to manage their private servers, > networks and clients. > > Your final paragraph is quite a constructive question. "What > specifically would you have us do? What do you want in the protocol that > enables your needs, but doesn't make it possible for everyone in the world > to be surveilled? Please, make some specific suggestions." > > My personal perspective would be, that the approach to achieving an answer > to that important question, would start with: > > 1. Gathering protocol neutral requirements from all involved factions, > (with help and suggestions from people on the TLS list) > > 2. Brainstorming session(s) with people on the TLS list as well > potential users/operators, with objectives that include the design of a > solution that meets (hopefully) all known requirements. > > What I would like to see come out of the debate we seem to be currently > involved in, is the realization that significant operational/management > issues exist with TLS 1.3 and that the IETF is taking them seriously enough > to at least begin dialogue intended to address these issues, and > potentially work together to craft related solution(s). In my view this > issue is far too complex & pervasive to believe that any one person or > group's perspective would produce a viable overall solution. > > Again, let me restate, I don't think anyone is saying that we MUST have > RSA. But, we, as the clients of the IETF TLS protocol, would like to > work with you to assure we have workable, manageable and affordable > solutions, that meets our needs as well as the needs of others. > > -----Original Message----- > From: Salz, Rich [mailto:rsalz@akamai.com] > Sent: Saturday, September 24, 2016 10:10 PM > To: Ackermann, Michael <MAckermann@bcbsm.com>; Pawel Jakub Dawidek < > p.dawidek@wheelsystems.com>; tls@ietf.org > Subject: RE: [TLS] Industry Concerns about TLS 1.3 > > > This lack of scope, depth and detail [in MITM infrastructures] are > > what drove us to install the packet collection infrastructures > > (debugging networks I think some are saying). > > At the risk of repeating myself and flogging this dead horse... What you > are doing is exactly what the nation-state actors are doing. I bet that > some even use that exact phrase of "packet collection infrastructure." > > I understand that if you want to use TLS 1.3, it is going to be expensive > and/or inconvenient; you're going to have to educate regulators and get > bespoke TLS endpoint solutions from vendors. Perhaps you can get the NSA's > to stop collecting everyone's Internet traffic for future decoding? > > Less flippantly, what specifically would you have us do? What do you want > in the protocol that enables your needs, but doesn't make it possible for > everyone in the world to be surveilled? Please, make some specific > suggestions. > > > > > The information contained in this communication is highly confidential and > is intended solely for the use of the individual(s) to whom this > communication is directed. If you are not the intended recipient, you are > hereby notified that any viewing, copying, disclosure or distribution of > this information is prohibited. Please notify the sender, by electronic > mail or telephone, of any unintended receipt and delete the original > message without making any copies. > > Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are > nonprofit corporations and independent licensees of the Blue Cross and Blue > Shield Association. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Yuhong Bao
- Re: [TLS] Industry Concerns about TLS 1.3 Watson Ladd
- Re: [TLS] Industry Concerns about TLS 1.3 Paterson, Kenny
- Re: [TLS] Industry Concerns about TLS 1.3 Kyle Rose
- Re: [TLS] Industry Concerns about TLS 1.3 Salz, Rich
- Re: [TLS] Industry Concerns about TLS 1.3 Dave Garrett
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Yoav Nir
- Re: [TLS] Industry Concerns about TLS 1.3 Yuhong Bao
- Re: [TLS] Industry Concerns about TLS 1.3 Andrei Popov
- Re: [TLS] Industry Concerns about TLS 1.3 Xiaoyin Liu
- Re: [TLS] Industry Concerns about TLS 1.3 Hugo Krawczyk
- Re: [TLS] Industry Concerns about TLS 1.3 Colm MacCárthaigh
- Re: [TLS] Industry Concerns about TLS 1.3 Hugo Krawczyk
- Re: [TLS] Industry Concerns about TLS 1.3 Ryan Carboni
- Re: [TLS] Industry Concerns about TLS 1.3 Colm MacCárthaigh
- Re: [TLS] Industry Concerns about TLS 1.3 Geoffrey Keating
- Re: [TLS] Industry Concerns about TLS 1.3 Eric Rescorla
- Re: [TLS] Industry Concerns about TLS 1.3 Thijs van Dijk
- Re: [TLS] Industry Concerns about TLS 1.3 Stephen Farrell
- [TLS] debugging tools [was: Industry Concerns abo… Nikos Mavrogiannopoulos
- Re: [TLS] debugging tools [was: Industry Concerns… Stephen Farrell
- Re: [TLS] debugging tools [was: Industry Concerns… Hubert Kario
- Re: [TLS] Industry Concerns about TLS 1.3 nalini.elkins
- Re: [TLS] Industry Concerns about TLS 1.3 Ackermann, Michael
- Re: [TLS] Industry Concerns about TLS 1.3 Jeffrey Walton
- Re: [TLS] Industry Concerns about TLS 1.3 Dan Brown
- Re: [TLS] Industry Concerns about TLS 1.3 Ackermann, Michael
- Re: [TLS] Industry Concerns about TLS 1.3 Watson Ladd
- Re: [TLS] Industry Concerns about TLS 1.3 Ackermann, Michael
- Re: [TLS] Industry Concerns about TLS 1.3 nalini.elkins
- Re: [TLS] Industry Concerns about TLS 1.3 Eric Rescorla
- Re: [TLS] Industry Concerns about TLS 1.3 Salz, Rich
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Jeffrey Walton
- Re: [TLS] Industry Concerns about TLS 1.3 Yaron Sheffer
- Re: [TLS] Industry Concerns about TLS 1.3 Tony Arcieri
- Re: [TLS] Industry Concerns about TLS 1.3 Ilari Liusvaara
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Yoav Nir
- Re: [TLS] Industry Concerns about TLS 1.3 Eric Rescorla
- Re: [TLS] Industry Concerns about TLS 1.3 Salz, Rich
- Re: [TLS] Industry Concerns about TLS 1.3 Xiaoyin Liu
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Stephen Farrell
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Watson Ladd
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Jeffrey Walton
- Re: [TLS] Industry Concerns about TLS 1.3 Adam Caudill
- Re: [TLS] Industry Concerns about TLS 1.3 Peter Bowen
- Re: [TLS] Industry Concerns about TLS 1.3 Bill Frantz
- Re: [TLS] Industry Concerns about TLS 1.3 Salz, Rich
- Re: [TLS] Industry Concerns about TLS 1.3 Salz, Rich
- Re: [TLS] Industry Concerns about TLS 1.3 Pawel Jakub Dawidek
- Re: [TLS] Industry Concerns about TLS 1.3 Ackermann, Michael
- Re: [TLS] Industry Concerns about TLS 1.3 Ilari Liusvaara
- Re: [TLS] Industry Concerns about TLS 1.3 Salz, Rich
- Re: [TLS] Industry Concerns about TLS 1.3 Brian Sniffen
- Re: [TLS] Industry Concerns about TLS 1.3 Ackermann, Michael
- Re: [TLS] Industry Concerns about TLS 1.3 Watson Ladd
- Re: [TLS] Industry Concerns about TLS 1.3 Hovav Shacham
- Re: [TLS] Industry Concerns about TLS 1.3 Martin Rex
- Re: [TLS] Industry Concerns about TLS 1.3 Pascal Urien
- Re: [TLS] Industry Concerns about TLS 1.3 Salz, Rich
- Re: [TLS] Industry Concerns about TLS 1.3 Martin Rex
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Xiaoyin Liu
- Re: [TLS] Industry Concerns about TLS 1.3 Andrei Popov
- Re: [TLS] Industry Concerns about TLS 1.3 Geoffrey Keating
- Re: [TLS] Industry Concerns about TLS 1.3 Viktor Dukhovni
- Re: [TLS] Industry Concerns about TLS 1.3 Eric Rescorla
- Re: [TLS] Industry Concerns about TLS 1.3 Viktor Dukhovni
- Re: [TLS] Industry Concerns about TLS 1.3 Judson Wilson
- Re: [TLS] Industry Concerns about TLS 1.3 Peter Gutmann
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Seth David Schoen
- Re: [TLS] Industry Concerns about TLS 1.3 Ilari Liusvaara
- Re: [TLS] Industry Concerns about TLS 1.3 Yoav Nir
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Michał Staruch
- Re: [TLS] Industry Concerns about TLS 1.3 Watson Ladd
- Re: [TLS] Industry Concerns about TLS 1.3 Tony Arcieri
- Re: [TLS] Industry Concerns about TLS 1.3 Ronald del Rosario
- Re: [TLS] Industry Concerns about TLS 1.3 Seth David Schoen
- Re: [TLS] Industry Concerns about TLS 1.3 Stephen Farrell
- Re: [TLS] Industry Concerns about TLS 1.3 Hannes Tschofenig
- Re: [TLS] Industry Concerns about TLS 1.3 Martin Rex
- Re: [TLS] Industry Concerns about TLS 1.3 Joachim Strömbergson
- Re: [TLS] Industry Concerns about TLS 1.3 Martin Rex
- Re: [TLS] Industry Concerns about TLS 1.3 Martin Rex
- Re: [TLS] Industry Concerns about TLS 1.3 Dan Brown
- Re: [TLS] Industry Concerns about TLS 1.3 Jeffrey Walton
- Re: [TLS] Industry Concerns about TLS 1.3 Yoav Nir
- Re: [TLS] Industry Concerns about TLS 1.3 Dan Brown
- Re: [TLS] Industry Concerns about TLS 1.3 Bill Frantz
- Re: [TLS] Industry Concerns about TLS 1.3 Melinda Shore
- Re: [TLS] Industry Concerns about TLS 1.3 Tony Arcieri
- Re: [TLS] Industry Concerns about TLS 1.3 Melinda Shore
- Re: [TLS] Industry Concerns about TLS 1.3 Tony Arcieri
- Re: [TLS] Industry Concerns about TLS 1.3 Bill Frantz
- Re: [TLS] Industry Concerns about TLS 1.3 Ryan Carboni
- Re: [TLS] Industry Concerns about TLS 1.3 Hannes Tschofenig
- Re: [TLS] Industry Concerns about TLS 1.3 Hubert Kario
- Re: [TLS] Industry Concerns about TLS 1.3 Peter Gutmann
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Jeffrey Walton
- Re: [TLS] Industry Concerns about TLS 1.3 Watson Ladd
- Re: [TLS] Industry Concerns about TLS 1.3 Tony Arcieri
- Re: [TLS] debugging tools [was: Industry Concerns… Florian Weimer
- Re: [TLS] Industry Concerns about TLS 1.3 Florian Weimer
- Re: [TLS] Industry Concerns about TLS 1.3 BITS Security
- Re: [TLS] Industry Concerns about TLS 1.3 Sean Turner
- Re: [TLS] Industry Concerns about TLS 1.3 Ryan Carboni