Re: [TLS] draft-green-tls-static-dh-in-tls13-01

Ted Lemon <> Fri, 14 July 2017 19:15 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 421491316A8 for <>; Fri, 14 Jul 2017 12:15:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 567SwoWSifci for <>; Fri, 14 Jul 2017 12:15:21 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400e:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 17F41131690 for <>; Fri, 14 Jul 2017 12:15:21 -0700 (PDT)
Received: by with SMTP id j186so49742961pge.2 for <>; Fri, 14 Jul 2017 12:15:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=UePewbRvoDVav4WwzV0ZHk0hkOLnxMEUDnjLP1Ws570=; b=OdWgTey1GIua+tFxFJ4AFEhAfw5LOsWClh11rv8OywEIqIlnUMVv349y1Zwr+L28mg Bu/7rh5yx3MQqkLFsk6WvfHFcWZWR+u0toTTsBk+QKOKys0QO7Z2tFnTInGq0lEj5O6E 5+WKq3zKF/Oh16j82eeMRhL8Hxl0NleR7dob6mh6OTsl+l3jBy6Z8PIm6+d8fHnb0UE3 giRQulvPyhfaKJVu5ZvtJs/cVcNW8qFE5W/wYn+DfkrV+OIIYsmIcPxUkBL5Qn3UN8D8 OPvWNb5Rbfx2O83NkRFeaka9fWX+Y20EN0r+l1zOAWsCYURs+kOTjLNccN5HiNWao9CQ dYXA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=UePewbRvoDVav4WwzV0ZHk0hkOLnxMEUDnjLP1Ws570=; b=R74h78v6/OUEb0dwRsd2lS2aqPVsFW7/2vA5YqiAk9uLxCvgz8O4G9NdAhZTpmUALV fWcfPVX9kN6cLk6Rac0uB2iDhnli7Oi8g5HhwXITTKnZvxBmHfdhpFFpiO4iDE0YO8td LQpYVbRbsTOndZ6XTv9TGgwsTn1HnCnzi1hHIQ2CdguV6wtS1b60AgtYx/xs6p86e1hD LhO/Kmupv+s9jk/HHOarBaKE8asBSfYQUMqpLsB5l23juTr4cHLWSOC/EKO/Qyc8gncP 1u/D2TckUBA0qoTCeBTZRCOZ6kwsZSfsPyUvT+tEK6mj2IncFomD4QTQLcL3hop9eaas Hv1w==
X-Gm-Message-State: AIVw110YbjryLmiz+j0Lzf2LOWu4V+ouwIIugxWxklwQSB+yvujmX83p FnxHLr64kBcfhh1KhLe/C8fGnAH9Blap
X-Received: by with SMTP id e4mr16787315pgc.228.1500059720529; Fri, 14 Jul 2017 12:15:20 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Fri, 14 Jul 2017 12:15:19 -0700 (PDT)
Received: by with HTTP; Fri, 14 Jul 2017 12:15:19 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <>
From: Ted Lemon <>
Date: Fri, 14 Jul 2017 21:15:19 +0200
Message-ID: <>
To: Roland Dobbins <>
Cc: "<>" <>
Content-Type: multipart/alternative; boundary="94eb2c140dcec8cee905544bde94"
Archived-At: <>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 14 Jul 2017 19:15:23 -0000

It seems to me that all the use cases you just described require the
*client* to have a static key, since the client is the thing that the
operator controls. If the client uses an unknown key, is malware or

On Jul 14, 2017 20:42, "Roland Dobbins" <> wrote:

> On 15 Jul 2017, at 1:01, Melinda Shore wrote:
> It might make sense to kick it over to ops for a discussion with people
>> whose meat and potatoes is monitoring, management, and
>> measurement.
> As someone who is ops-focused, I think this is an excellent suggestion!
> There have been several assertions posted to the list recently regarding
> various aspects of security and their intersection with encryption.  It may
> be useful to take a moment and clarify a few of them.
> With regards to DDoS mitigation as it relates to encrypted attack traffic,
> only a subset of attacks in a subset of situations can actually be
> adequately mitigated without full visibility into (and often the ability to
> interact with) the traffic within the cryptostream.  There are various ways
> to approach this issue, including full session termination and
> 'transparent' detection/classification, the latter of which isn't of course
> feasible in a PFS scenario.  Each of these general approaches has its
> advantages and drawbacks.
> Very specifically, fingerprints of encrypted streams are not in fact
> adequate for DDoS defense; again, they're only useful for a subset of
> attack types in a subset of situations.
> In the case of detecting and classifying hostile activity within a given
> network - which isn't limited to malware spreading, but includes data
> extraction, attempts at unauthorized access, attempts at subverting
> additional devices, et. al. - the same basic caveats apply.  It is not in
> fact possible to adequately detect and classify all, or even a large
> subset, of hostile network traffic without visibility into the
> cryptostream.  There are some gross behaviors which can be
> detected/classified whilst standing outside the tunnel, but assertions to
> the effect that all or most of what's required in this arena is possible
> without visibility (one way or another) into the relevant encrypted traffic
> are incorrect.
> It's also important to understand that inserting proxies into multiple
> points of a network topology is not cost-free, nor an unalloyed good.  It
> is impractical in many circumstances, and has highly unwelcome side-effects
> in many more, including a negative impact on reliability, performance, and
> availability, as well as broadening the potential attack surface.  Endpoint
> monitoring does not scale well, is often impossible to implement due to
> both technical and administrative challenges - and one can't really trust
> endpoints to self-report, anyways, as they can be subverted.
> In many scenarios, one form or another of network-based visibility into
> encrypted traffic streams within the span of administrative control of a
> single organization is legitimate, vital and necessary.  It is not
> 'wiretapping', any more than tools such as tcpdump or telemetry formats
> such as IPFIX and PSAMP can be categorized as 'wiretapping'.  The fact is,
> the availability, confidentiality, and integrity of systems, applications,
> and networks that everyone on this list relies upon is highly dependent
> upon the ability of organizations to have visibility into encrypted traffic
> streams within their own networks, for purposes of security as well as
> testing and troubleshooting.
> How this can be accomplished is a matter for further discussion.  But it's
> important that everyone focused on this topic understands that it is simply
> not possible to successfully defend against many forms of DDoS attacks nor
> to detect and classify hostile network traffic in the context of encrypted
> communications without visibility into the traffic in question, via some
> mechanism.  The same goes for troubleshooting complex problems.
> Those with operational experience at scale will likely recognize and
> acknowledge the difficulties and challenges noted above; others may wish to
> consider these factors and their impact on the operational community and
> the networks, services, and applications for which they are responsible,
> and upon which we all depend, every day.
> -----------------------------------
> Roland Dobbins <>
> _______________________________________________
> TLS mailing list