[TLS] WG actions (was Encrypt-then-MAC again (was padding bug))

Juho Vähä-Herttua <juhovh@iki.fi> Thu, 05 December 2013 10:53 UTC

Return-Path: <juhovh@iki.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 5BECD1ADEBB for <tls@ietfa.amsl.com>; Thu, 5 Dec 2013 02:53:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.301
X-Spam-Status: No, score=-2.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 65HAoG-ic-9n for <tls@ietfa.amsl.com>; Thu, 5 Dec 2013 02:53:21 -0800 (PST)
Received: from gw01.mail.saunalahti.fi (gw01.mail.saunalahti.fi []) by ietfa.amsl.com (Postfix) with ESMTP id 705911ADF26 for <tls@ietf.org>; Thu, 5 Dec 2013 02:53:21 -0800 (PST)
Received: from [] (85-76-17-24-nat.elisa-mobile.fi []) by gw01.mail.saunalahti.fi (Postfix) with ESMTP id 46F4B151462; Thu, 5 Dec 2013 12:53:12 +0200 (EET)
Mime-Version: 1.0 (1.0)
From: =?utf-8?Q?Juho_V=C3=A4h=C3=A4-Herttua?= <juhovh@iki.fi>
Content-Type: text/plain; charset=us-ascii
X-Mailer: iPhone Mail (11B554a)
Message-Id: <79C48EEB-9FCE-4AE5-96C0-8AA2193A9354@iki.fi>
Date: Thu, 5 Dec 2013 12:49:33 +0200
Content-Transfer-Encoding: quoted-printable
To: Peter Gutmann <p.gutmann@auckland.ac.nz>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: [TLS] WG actions (was Encrypt-then-MAC again (was padding bug))
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Dec 2013 10:53:23 -0000

> On 5.12.2013, at 5.24, Peter Gutmann <p.gutmann@auckland.ac.nz> wrote:
> Eric Rescorla <ekr@rtfm.com> writes:
>> This topic was discussed at the TLS WG meeting in Vancouver (since you 
>> declined to attend,
> In any case the WG consists of people on this mailing list, not a select 
> few folks in some back-room in Vancouver.

I think the accusation of intentionally organizing meetings so that some members cannot attend might be better handled outside this list, since it sounds a bit personal.

However, I think the comment above about who is a memer of the WG is valid. I would like to put a bit of emphasis on what RFC 2418 says.

"All working group actions shall be taken in a public forum, and wide participation is encouraged. A working group will conduct much of its business via electronic mail distribution lists but may meet periodically to discuss and review task status and progress, to resolve specific issues and to direct future activities."

Unfortunately I haven't had a chance to take part in any of the face-to-face meetings, so my views are purely from mailing list perspective. The mailing list has extremely good discussion and interesting points, but I get the feeling that many decisions are coming from the "top" (face-to-face meetigs) down here.

When people meet regularly and know each other well, they will share more views, this is inevitable. However, IMHO minimizing the gap between the mailing list and meetings, and facilitating communication both ways should be one of the top priorities of WG chairs. 

Finding ways to get reliable votes instead of vague second hand summaries might be a good way to resolve these conflicts. All it would take in its smallest form would be to open a thread at the list for voting (with no discussion, it should be mostly done at this point), give a certain timebox for the voting and conclude the results on the list. This could be then taken to the face-to-face meetings.

Does someone know why we don't do this?