Re: [TLS] TLS@IETF101 Agenda Posted

Ryan Sleevi <> Wed, 14 March 2018 23:30 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EC516126CF6 for <>; Wed, 14 Mar 2018 16:30:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 1.01
X-Spam-Level: *
X-Spam-Status: No, score=1.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_BL=0.01, RCVD_IN_MSPIKE_L4=2.999] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id OfUwzo1JTNgT for <>; Wed, 14 Mar 2018 16:30:50 -0700 (PDT)
Received: from ( []) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2EE00124D68 for <>; Wed, 14 Mar 2018 16:30:50 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id 5A2661406B3C for <>; Wed, 14 Mar 2018 16:30:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h=mime-version :in-reply-to:references:from:date:message-id:subject:to:cc :content-type;; bh=UG4rvAqQ5sY7ADZk8stlKqYRmeo=; b= Up0kpXiz6wjVOWxiZzT2Inek8QrgrfIrf2Ptftw1uznqX7em9cIqumA0+9DgD0rn C5tczZP8DHmRCuwL+tV/IZFSENPPeKhMdxFtO1RLcfmuHfbEHoZhKgPsGBbNJZvG wU2QWy2lYn5f2XdOdyitvn0lMwoWNAXnhdpsf4OILGo=
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: by (Postfix) with ESMTPSA id 2DEA41406B2F for <>; Wed, 14 Mar 2018 16:30:49 -0700 (PDT)
Received: by with SMTP id d13-v6so6759911itf.0 for <>; Wed, 14 Mar 2018 16:30:49 -0700 (PDT)
X-Gm-Message-State: AElRT7Ea5u3Y4ntHip4KRvK66wtBHjgJ6F6exLG60LZHoOATfsfQbnV6 zafa1VWijJhOaHFJI8jzhTWMWDKnGHxZ8lvOBFA=
X-Google-Smtp-Source: AG47ELvz5op+TJQCnj9s/+9J4dO6GwuRvk2a9SDof5wUF6qch0ik+QNeMTG06+12Or9WaOINcvl7g5J/d2JQbsCo5bw=
X-Received: by with SMTP id j195mr4042984ite.1.1521070248395; Wed, 14 Mar 2018 16:30:48 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Wed, 14 Mar 2018 16:30:47 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
From: Ryan Sleevi <>
Date: Wed, 14 Mar 2018 19:30:47 -0400
X-Gmail-Original-Message-ID: <>
Message-ID: <>
To: nalini elkins <>
Cc: Ryan Sleevi <>, Andrei Popov <>, "<>" <>
Content-Type: multipart/alternative; boundary="94eb2c0efbbad58bd2056767c35c"
Archived-At: <>
Subject: Re: [TLS] TLS@IETF101 Agenda Posted
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 14 Mar 2018 23:30:52 -0000

On Wed, Mar 14, 2018 at 7:17 PM, nalini elkins <>

>>    - > Nalini, why don't you (the consortium) define the standard, then?
>> > Indeed, if a “TLS13-visibility” standard has to be defined, it would
>> make sense for the consortium (rather than the TLS WG) to define it.
>> I completely disagree.   Here is why I would not prefer that route:
>> 1.  Multiple standards are likely to diverge.
>> Take the case of India, we have over 700 dialects.  Many of them started
>> with the same root language.  It has gotten so villages 10 miles apart
>> cannot talk to each other.  We use English (a clearly non-native language!)
>> to communicate.
>> I could see the same happening with TLS and Consortium-TLS.   Not a happy
>> thought for interoperability.
> >Why is there any need for interoperability between TLS and
> Consortium-TLS? TLS is designed to be secure and reliable, and it's clear
> that Consortium-TLS finds such goals problematic. Yet I fail to see why
> that's a problem, since the claimed goal >is that Consortium-TLS would only
> be used within a single enterprise/datacenter, and thus would never need to
> interoperate with a world that valued security and privacy.
> Enterprises value security and privacy.   They have a different job to
> do.  What they are trying to do is to protect against leakage of data, do
> fraud monitoring, protect against malware and many other things.   When
> this gets into the medical arena, it can even be lives.  I don't even see
> how you can say what you are saying.
> Let me ask you then, what are the use cases you find to be valid?  Saying
> that enterprises don't value security and privacy is really not terribly
> useful to resolving any discussion.

Isn't it the core of the discussion though? Whether the enterprise case -
which understandably and fundamentally weakens the security assurances,
both to servers and to clients - is justified, given the ecosystem risk it
poses? And the specific proposals, as demonstrated, have negative impacts
both in the design and deployment of TLS.

Given that, and given the ample discussion on-list motivating PFS, and
given the stated reasoning, it doesn't seem that "inter-protocol
interoperability" is necessary nor desirable. It's true that enterprises
don't value the same security and privacy properties that have been
discussed on the list - we wouldn't be having this discussion if that was
not the case. This isn't unproductive or not useful - this is based on the
statements from those advocating for the weakening of security of the

As such, the need for interoperability is not a goal that's supported by
the discussion to date, and thus the concerns - that TLS and consortium-TLS
would diverge - does not seem supported by the arguments. So I do hope you
can answer - why is interoperability between TLS and Consortium-TLS
necessary, given that the use cases to date of Consortium-TLS state they'll
be limited to the enterprise or datacenter, for which the only
interoperability concerns that arise are between devices supporting
Consortium-TLS, which by speccing in a Consortium as suggested, you could