Re: [TLS] TLS@IETF101 Agenda Posted

Stephen Farrell <> Wed, 14 March 2018 23:16 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9797E126CF6 for <>; Wed, 14 Mar 2018 16:16:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id FOLP0WC6ofc8 for <>; Wed, 14 Mar 2018 16:16:35 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 423B2126CD6 for <>; Wed, 14 Mar 2018 16:16:34 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id E56A0BE4D; Wed, 14 Mar 2018 23:16:32 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Wo6qdVlraDMq; Wed, 14 Mar 2018 23:16:31 +0000 (GMT)
Received: from [] ( []) by (Postfix) with ESMTPSA id 56F84BE24; Wed, 14 Mar 2018 23:16:31 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=mail; t=1521069391; bh=En51GRRflYxzSMJllUfa3AcoZ6IKp9VLaZI+0PYMPB0=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=hX6TqX0ey6zQJdMpShzqwS1rMtrGlpyLNMK7ZnaI9BeQHulbyoQSNWwsIGUIA1Wnq 9OYwWZtRVhy53eDlyPK0qdXMz3QUvruGJQg3ODsRI1Xs9LWPYyk1XxdswJzEhsGlCS TUzyk9elp3k2qLBYYf4hLIL+Mko4OGBfIEBfg/nk=
To: nalini elkins <>, Artyom Gavrichenkov <>
Cc: "<>" <>, Benjamin Kaduk <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <>
From: Stephen Farrell <>
Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url=
Message-ID: <>
Date: Wed, 14 Mar 2018 23:16:30 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="tg549xWFfd8m2ZQs8gweW3bra4WBjX2rv"
Archived-At: <>
Subject: Re: [TLS] TLS@IETF101 Agenda Posted
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 14 Mar 2018 23:16:37 -0000

On 14/03/18 23:00, nalini elkins wrote:
> The simple explanation is that people think they will have serious
> issues with TLS1.3 and actually, TLS1.2 when it is DH only.

Of course some people who are used to MitMing connections will
have problems and will have to change.

But that does not mean that their problems ought to be solved
by any change to TLS.

IMO the costs to the broader Internet of breaking TLS like that
are far too high to optimse for these folks. It's understandable
that they'd prefer otherwise.

People with such problems should IMO look elsewhere for
solutions and not be fixated on breaking TLS.

Lastly, bear in mind that even if the people with whom you
are dealing have the best intentions, there really are people
who are paid large amounts of money to weaken Internet security
(see [1] for scant detail of just one country's efforts in
that regard) and that we have IETF consensus to oppose such
efforts, as far as it's in the IETF's remit to do so.

So it doesn't really help the discussion to claim that
such-and-such a (set of person(s) is/are good actors - we do
assume that, but also that there are others who would like
the same changes to happen who do not share the IETF's goals
of making Internet security better as far as we can.