Re: [TLS] New Version Notification for draft-rhrd-tls-tls13-visibility-01.txt

Stephen Farrell <> Fri, 02 March 2018 22:07 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E8124124239 for <>; Fri, 2 Mar 2018 14:07:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Dqc0onVHJSX2 for <>; Fri, 2 Mar 2018 14:07:41 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 17BC512025C for <>; Fri, 2 Mar 2018 14:07:41 -0800 (PST)
Received: from localhost (localhost []) by (Postfix) with ESMTP id DCD1DBE51 for <>; Fri, 2 Mar 2018 22:07:39 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id KznmPYsUp2hx for <>; Fri, 2 Mar 2018 22:07:38 +0000 (GMT)
Received: from [] (unknown []) by (Postfix) with ESMTPSA id 031E0BE3E for <>; Fri, 2 Mar 2018 22:07:37 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=mail; t=1520028458; bh=fNC9V2DoYHEDCdLd4F8KwwmTpvWaQC66xKoiFZnaTyw=; h=Subject:To:References:From:Date:In-Reply-To:From; b=qZxNJq76IWBM6UCRJDZ1K4HY/BpQV33JF6tYKD/NsGuX3MJNAKKXd0AkibW9bnIrM H1iRKkSclmV7WcG04lBKtHpcF15sdnaSnRPSK9QAGmF42Iaz0YQnEwyRkSPsDCgyZ7 TbdBlXHjmHXh/6Zv58mmzCgW/8hPn3cJUdJQt8SQ=
References: <> <>
From: Stephen Farrell <>
Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url=
Message-ID: <>
Date: Fri, 02 Mar 2018 22:07:36 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="pQyPscar3NTEFaqZGa4Bv7xkhxmgDGVqm"
Archived-At: <>
Subject: Re: [TLS] New Version Notification for draft-rhrd-tls-tls13-visibility-01.txt
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 02 Mar 2018 22:07:44 -0000

With no dis-respect to Russ or Ralph (but with zero
acceptance/respect for the main concept espoused by this

I request that the WG chairs not waste yet more time on
agenda items dealing with proposals for breaking TLS - a
working group that spends so many f2f hours (yes, hours,
multiplied by a few hundred travelling people in a room)
on ways in which the core purpose of the WG (read the
abstract of the tls1.3 draft if you doubt that) could be
subverted *by the WG itself* seems really really weird to

Enough, already.

Given the (lack of) potential for any of these (IMO bad)
ideas to garner rough consensus, I really think this would
be a *terribly* bad waste of f2f time and participant cycles,
no matter who proposes we waste time in that manner.

If time is regrettably granted for this yet again then I
also request time to propose not breaking TLS. (I don't care
if the presenter for that rebuttal slot is me or someone
else with the same views that the WG charter is clear that
the WG exists to make TLS better and not to break it.)

If a rebuttal slot is not considered appropriate then I
request a slot to help us reach consensus on whether or
not there's value in documenting the reasons to not break
TLS. (I believe the chairs agreed to try figure out if
the WG have consensus that that'd be worthwhile a couple
of meetings ago, but we've not done that so far.)

To be clear: given a choice of (a) not wasting yet more WG
time on this and (b) another bun-fight with an inevitable
outcome - I prefer (a) but will engage in (b) as necessary
(and enthusiastically, whilst grimacing;-)


PS: That Russ requests a few minutes for an update does not
affect the above - I for one do not agree that this draft
ought get any WG time and allocating a few minutes for an
update would IMO normalise what ought be considered entirely
abnormal. The number of "proponent minutes this time" is not
a valid agenda-planning consideration IMO.

On 02/03/18 21:00, Russ Housley wrote:
> A few minutes at the TLS WG session in London have been requested to talk about this draft.
> Russ
>> From:
>> Subject: New Version Notification for draft-rhrd-tls-tls13-visibility-01.txt
>> Date: March 2, 2018 at 3:58:35 PM EST
>> To: "Ralph Droms" <>, "Russ Housley" <>
>> A new version of I-D, draft-rhrd-tls-tls13-visibility-01.txt
>> has been successfully submitted by Ralph Droms and posted to the
>> IETF repository.
>> Name:		draft-rhrd-tls-tls13-visibility
>> Revision:	01
>> Title:		TLS 1.3 Option for Negotiation of Visibility in the Datacenter
>> Document date:	2018-03-02
>> Group:		Individual Submission
>> Pages:		11
>> URL:  
>> Status:
>> Htmlized:
>> Htmlized:
>> Diff: 
>> Abstract:
>>   Current drafts of TLS 1.3 do not include the use of the RSA
>>   handshake.  While (EC) Diffie-Hellman is in nearly all ways an
>>   improvement over the TLS RSA handshake, the use of (EC)DH has impacts
>>   certain enterprise network operational requirements.  The TLS
>>   Visibility Extension addresses one of the impacts of (EC)DH through
>>   an opt-in mechanism that allows a TLS client and server to explicitly
>>   grant access to the TLS session plaintext.
>> Please note that it may take a couple of minutes from the time of submission
>> until the htmlized version and diff are available at
>> The IETF Secretariat
> _______________________________________________
> TLS mailing list