Re: [TLS] Industry Concerns about TLS 1.3

2016-09-23 Thread BITS Security
that will, perhaps sooner than we might expect, be deprecated. -Andrew -Original Message- From: Yaron Sheffer [mailto:yaronf.i...@gmail.com] Sent: Friday, September 23, 2016 3:52 PM To: BITS Security <bitssecur...@fsroundtable.org>; Watson Ladd <watsonbl...@gmail.com>; Ackerm

Re: [TLS] Industry Concerns about TLS 1.3

2016-09-23 Thread BITS Security
onbl...@gmail.com] Sent: Thursday, September 22, 2016 3:06 PM To: BITS Security <bitssecur...@fsroundtable.org> Cc: tls@ietf.org Subject: Re: [TLS] Industry Concerns about TLS 1.3 On Thu, Sep 22, 2016 at 10:19 AM, BITS Security <bitssecur...@fsroundtable.org> wrote: > To: IETF TL

Re: [TLS] Industry Concerns about TLS 1.3

2016-09-23 Thread BITS Security
ilto:xiaoyi...@outlook.com] Sent: Friday, September 23, 2016 5:00 PM To: BITS Security <bitssecur...@fsroundtable.org>; Salz, Rich <rs...@akamai.com>; nalini.elk...@insidethestack.com Cc: tls@ietf.org Subject: Re: [TLS] Industry Concerns about TLS 1.3 Andrew,   I don't understand wh

Re: [TLS] Industry Concerns about TLS 1.3

2016-09-26 Thread BITS Security
body (like large credit card companies in the case of PCI). -Andrew -Original Message- From: Peter Bowen [mailto:pzbo...@gmail.com] Sent: Friday, September 23, 2016 7:18 PM To: BITS Security <bitssecur...@fsroundtable.org> Cc: Yaron Sheffer <yaronf.i...@gmail.com>;

Re: [TLS] Industry Concerns about TLS 1.3

2016-09-26 Thread BITS Security
Thanks >> >> Mike >> >> >> >> -Original Message- >> From: Jeffrey Walton [mailto:noloa...@gmail.com] >> Sent: Friday, September 23, 2016 10:55 AM >> To: Ackermann, Michael <mackerm...@bcbsm.com> >> Cc: BITS Security <bit

Re: [TLS] Industry Concerns about TLS 1.3

2016-10-05 Thread BITS Security
as the canary in the coalmine... but here we are now at least. - Andrew -Original Message- From: Florian Weimer [mailto:f...@deneb.enyo.de] Sent: Wednesday, October 5, 2016 2:17 PM To: BITS Security <bitssecur...@fsroundtable.org> Cc: tls@ietf.org Subject: Re: [TLS] Industry Concerns abo

Re: [TLS] Industry Concerns about TLS 1.3

2016-09-23 Thread BITS Security
ncerned about the same unmanageable future they described. Do Akami, Cloudlflare and Google magically not have these problems? > > Thanks > > Mike > > > > -Original Message----- > From: Jeffrey Walton [mailto:noloa...@gmail.com] > Sent: Friday, September 23,

Re: [TLS] Industry Concerns about TLS 1.3

2016-09-23 Thread BITS Security
Rich (et al.) -- I understand where you are coming from but I will poke a little bit at this portrayal. We are not here hat-in-hand asking for a return to RSA key exchange to the proposed standard. We do however want to raise our concern (and hopefully your awareness) of what appears to be

[TLS] Industry Concerns about TLS 1.3

2016-09-22 Thread BITS Security
To: IETF TLS 1.3 Working Group Members My name is Andrew Kennedy and I work at BITS, the technology policy division of the Financial Services Roundtable (http://www.fsroundtable.org/bits). My organization represents approximately 100 of the top 150 US-based financial services companies

Re: [TLS] Industry Concerns about TLS 1.3

2016-09-22 Thread BITS Security
this functionality, which is a problem in a TLS 1.3 only environment. -Andrew From: Yuhong Bao [mailto:yuhongbao_...@hotmail.com] Sent: Thursday, September 22, 2016 2:36 PM To: BITS Security <bitssecur...@fsroundtable.org>; tls@ietf.org Subject: Re: Industry Concerns about TLS 1.3 Thi

Re: [TLS] Industry Concerns about TLS 1.3

2016-10-03 Thread BITS Security
could undermine this solution. Appreciate it. - Andrew -Original Message- From: Seth David Schoen [mailto:sch...@eff.org] Sent: Tuesday, September 27, 2016 2:30 PM To: BITS Security <bitssecur...@fsroundtable.org> Cc: tls@ietf.org Subject: Re: [TLS] Industry Concerns

Re: [TLS] Industry Concerns about TLS 1.3

2016-10-03 Thread BITS Security
rs. - Andrew From: Tony Arcieri [mailto:basc...@gmail.com] Sent: Tuesday, September 27, 2016 4:17 PM To: BITS Security <bitssecur...@fsroundtable.org> Cc: Peter Bowen <pzbo...@gmail.com>; tls@ietf.org Subject: Re: [TLS] Industry Concerns about TLS 1.3 On Mon, Sep 26, 2016 at 12:

Re: [TLS] Industry Concerns about TLS 1.3

2016-09-27 Thread BITS Security
PM To: BITS Security <bitssecur...@fsroundtable.org> Cc: Salz, Rich <rs...@akamai.com>; nalini.elk...@insidethestack.com; tls@ietf.org Subject: Re: [TLS] Industry Concerns about TLS 1.3 Andrew, What would probably be most helpful here would be if you tried to describe what yo

Re: [TLS] Industry Concerns about TLS 1.3

2016-09-27 Thread BITS Security
this to our attention. - Andrew From: hugok...@gmail.com [mailto:hugok...@gmail.com] On Behalf Of Hugo Krawczyk Sent: Thursday, September 22, 2016 7:41 PM To: BITS Security <bitssecur...@fsroundtable.org> Cc: tls@ietf.org Subject: Re: [TLS] Industry Concerns about TLS 1.3 If the p

Re: [TLS] Industry Concerns about TLS 1.3

2016-09-27 Thread BITS Security
] Sent: Tuesday, September 27, 2016 2:24 PM To: BITS Security <bitssecur...@fsroundtable.org> Cc: Eric Rescorla <e...@rtfm.com>; tls@ietf.org Subject: Re: [TLS] Industry Concerns about TLS 1.3 On Tue, Sep 27, 2016 at 06:07:28PM +, BITS Security wrote: > Hi Eric--Thank you

Re: [TLS] datacenter TLS decryption as a three-party protocol

2017-07-19 Thread BITS Security
> It seems like we would be rejecting a good opportunity to make what the > network operators want work in a better and more secure way, while making it > harder for passive observers and coercive authorities, to use the same > mechanism for other purposes. What do we gain? beyond a hollow