Re: [TLS] chairs - please shutdown wiretapping discussion...

Kyle Rose <> Wed, 12 July 2017 14:35 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B5327129B7A for <>; Wed, 12 Jul 2017 07:35:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id mbCh64I7ZiM0 for <>; Wed, 12 Jul 2017 07:35:37 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400d:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 25D3E127058 for <>; Wed, 12 Jul 2017 07:35:37 -0700 (PDT)
Received: by with SMTP id a66so12152989qkb.0 for <>; Wed, 12 Jul 2017 07:35:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=2szMinqXiaw+lSBx8lPgqNWCdJom0Fq2oDXOKR4NdAg=; b=AmAvH2RegpwbQQDW5GqDNOgYnfyyOqRKMcbH7Xv9euPoBtiyQG3IChcYtXNb5xxn7M Smfs0BnJfYpOnbxjq32XoXsXGMeLYcegp1RKaHn7tPkoxKftsiFDMWV7gdP1vIu+SNoy OAreW9CjGbz/uNE4T1eU36KH6f8rqhIHNn4DQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=2szMinqXiaw+lSBx8lPgqNWCdJom0Fq2oDXOKR4NdAg=; b=JZmr1JrvpdRA1GZZqTro4ZKZWgi4zhVhljANyrySEhcnkEds7af47k/ED+XKlsrOwM zSi/O130kx/rJQFUqOtQh/MFURZBjqcHopYLc07tQ/bQiF8AkCcIawW79DEO48i63T3n 2DH/9CnY3FYCtL8DqVfvUx7ZtKz1LHn9dQ+k6+VbZB5A9EtKyVdFFYZxV4l6dtuJaPRS J8H8l4CyAQAltFXSUTBOriYLmy+G4iW3pKJit4mOehtqfh2ROFhs/WK7wcUU7VZbIwSo vN1yQLvmy4DoG/DCxecg7dkNQ8YIvfUWiL6TRyfSwrMcvR8ImCVlc/bMnuNyGfVyWbFA SHZg==
X-Gm-Message-State: AIVw110t/gYHx/Wo4hN6k5JvIhHQWDgJV30AKE6XtvEmYzOBXeUPFEag GuNSf59EgRozYimdxBVgZbyF7oOz8Mbl
X-Received: by with SMTP id v13mr6190605qkb.107.1499870136149; Wed, 12 Jul 2017 07:35:36 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Wed, 12 Jul 2017 07:35:34 -0700 (PDT)
X-Originating-IP: []
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <>
From: Kyle Rose <>
Date: Wed, 12 Jul 2017 10:35:34 -0400
Message-ID: <>
To: Ted Lemon <>
Content-Type: multipart/alternative; boundary="94eb2c057606acbea205541fba11"
Archived-At: <>
Subject: Re: [TLS] chairs - please shutdown wiretapping discussion...
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 12 Jul 2017 14:35:39 -0000

On Wed, Jul 12, 2017 at 10:22 AM, Ted Lemon <>; wrote:

> On Jul 12, 2017, at 10:18 AM, Kyle Rose <>; wrote:
> We need to dispel the myth that mere inaction on our part will on its own
> prevent implementation of these mechanisms, if for no other reason but to
> redirect energy to the political arena where the pervasive monitoring
> battles *are* actually fought.
> Inaction on our part will prevent the code from going into the common
> distributions.   That's not worthless.

Which will have zero impact on pervasive surveillance until some government
decides they want to use this mechanism or something like it and mandates
that it be implemented universally within their borders. Then it will
appear in short order, even if the government has to hire their own code
monkeys to do it, at which point it will continue to have zero impact on
pervasive surveillance.

Again, I'm not recommending any TLS distribution implement this, only that
we stop fooling ourselves into believing that refusing to standardize a
mechanism like this will prevent one from being implemented when someone
decides they want it.

This is fundamentally different from the question of standardizing
potentially privacy-violating protocol extensions that need to survive
end-to-end on the internet to be useful to the third party: this entire
functionality can be implemented at a single endpoint without anyone else's
permission or custom interop.