Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00

Ted Lemon <> Fri, 20 October 2017 14:08 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4FF3313339A for <>; Fri, 20 Oct 2017 07:08:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id r6t5WgqiTZx4 for <>; Fri, 20 Oct 2017 07:08:48 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400d:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7C2C1132C3F for <>; Fri, 20 Oct 2017 07:08:48 -0700 (PDT)
Received: by with SMTP id b15so14428876qkg.9 for <>; Fri, 20 Oct 2017 07:08:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=N2YGfET3HehIYcjSpYN13KPcooV1/Ogi7w/JdTRDk+Y=; b=QDDwM7+M9jPbXXYD0ZTEh9btfK7xurI/OPMgKMZDA9z5iu5aeIkVE1p0JU7WBFQmwq KpIqJTn++nio6XC8vHT13gFAvc+jbQZvt2VvtVkYKjVlkjBrA/BFSCFO9gVC2R5PthcV sFkGOyrr88JEkpnIzJsGSSOTQXjQ+2RtFMRRTYnL/E4BLPvmjXk83QTgjCrjua0kNFHl jzGSaZkrSf5Dd8ekyKkcIYLfJ3W9q2wa9l6rZg8UxrdHflaE8ds3MPvkvE4o6NswZtYJ Q7SUqNFz8Uepho+HseOtBsPhljwdmc6i9k8mQqbLyLjn9YhQMY/c3/Nr2q6extU0PBYp fEoA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=N2YGfET3HehIYcjSpYN13KPcooV1/Ogi7w/JdTRDk+Y=; b=U91p1KGYEJlJARoBKBbMRTzCyQhT4rOd0vnl2fMtVR7DbmTNoRADlI18sKA6vF+ZMy B3aKq7//OXJufm45vLzg3cNi3DM/D9gGzLlTflSiuT2147aKtRJ85X01FLRiCjl30iLJ wJHXbNZOWePoVX2cxw7/FyS85Ydb984VrI6EjGWyFdwcvfVzC1funZXXEkg3RKMa3W1O UWYJrrkMibjQO7fxcocHNy/YUlHjZYb8D7lfRXV4xkpN3T4Tmm/IUIkfvVMvcqSwnLzn HF+ewoGCtCGw6hCgCE93RDJwrAfdUA9HIe7Gry+RqXezcnuWlw/aorHDTu+BaLMBd4/R WTCg==
X-Gm-Message-State: AMCzsaW2iiQYxI2z1WTLd0b7rRICPHCtWzLtwcoi6WI8VPmEDJWnPg+I CgSkKRhEP6r03TXzt/Ye5jxWtw==
X-Google-Smtp-Source: ABhQp+SqGYdP4hiIEkngD/iz+fIJQzCA2E3GVNIq1qngaTTpBq0SRJZnHrPeFgaQhnyQbfbKR30tIA==
X-Received: by with SMTP id c189mr7250892qkf.211.1508508527540; Fri, 20 Oct 2017 07:08:47 -0700 (PDT)
Received: from cavall.lan ( []) by with ESMTPSA id v30sm639387qtg.88.2017. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 Oct 2017 07:08:46 -0700 (PDT)
From: Ted Lemon <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_E291C3C7-0089-4B6E-9D28-2C1ED3111FB5"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Fri, 20 Oct 2017 10:08:44 -0400
In-Reply-To: <>
Cc: "Salz, Rich" <>, Darin Pettis <>, "" <>
To: Stephen Farrell <>
References: <> <> <> <> <000501d348e5$1f273450$5d759cf0$> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
X-Mailer: Apple Mail (2.3273)
Archived-At: <>
Subject: Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 20 Oct 2017 14:08:50 -0000

On Oct 20, 2017, at 9:54 AM, Stephen Farrell <>; wrote:
> Others did
> comment that the lack of client opt-in was a
> bad aspect of draft-green, but I'm not sure
> that anyone clearly said "I do want draft-green
> snooping, but with client opt-in."

I can say for myself that there was a really strong hard sell on the notion of doing this in Prague.   Not being sufficiently paranoid, my general sympathy for people facing hard problems led me to consider what they were proposing, but each time they came up with something, someone with more paranoia fu than I have pointed out a hole in it.   During that period there were several periods when I was reluctantly willing to consider some less-bad version of draft-green.   This is a long way from "want," and even a pretty long way from "support."

My personal feeling having been peeled off the herd and hard-sold like this is that there is some really powerful motivated reasoning going on here, and that the working group should just stop entertaining this process.   Weakening TLS is not the right way to approach the problem that has been described here.

I hasten to add that I don't think the people doing the hard sell are bad people, or that they didn't have good reason for trying to do it.   My point is simply that we've been collectively sucked close to a black hole here, and we need to take a step back from it.   In the same sense that LEOs who want key escrow have good reason for wanting it and are not bad people for wanting it, so too with the people pushing this proposal.   But like key escrow, this proposal is not beneficial for end-users or for security as a whole.

In order for it to make sense to go forward with this proposal, two things would have to be true that I don't think are true.   First, we would have to agree that user security is not a primary goal.   And second, we would have to agree that overall network security is not a primary goal.   Discussing the details of how much security we are willing to give up, what attack surfaces that we could remove we are willing to leave in, only makes sense if we are willing to drop those two primary goals.

Watching this conversation has been a really good learning experience for me, so I don't regret it, but I think we should stop.