Re: [TLS] chairs - please shutdown wiretapping discussion...

Michael StJohns <> Tue, 11 July 2017 19:01 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 60F251317A8 for <>; Tue, 11 Jul 2017 12:01:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id GIJ-C_KVPbdU for <>; Tue, 11 Jul 2017 12:01:39 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400d:c0d::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A9A1713179C for <>; Tue, 11 Jul 2017 12:01:23 -0700 (PDT)
Received: by with SMTP id r30so1144183qtc.0 for <>; Tue, 11 Jul 2017 12:01:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=9+m0kTs460hcrqt87hGM4/lEEwx+bNMLe0dXdG2vVeM=; b=E6uhu+hGL6vaRkE7NdrVuKqZ8Nnot7jC6rJw2NtNY/4zGhJ3riLkzDQkv5hNZHd/kX Mv/nMOPWJHgupg+1xwkvA7Ta/oDk2AQ3JaHXzYVc/mahWBCiaS6FanRoeFBoVlrNbNGt mpAQ06eMnoFaRhHPJzztKzxOKsXqBe0H7Ntp+0fr7Ad1lDdiFWDk3Rw1/PJ30oCecIeO OPCH70pY4U6z5PbFPvAJAJn8ctv93KMADKsGMlqv9uMC0MeXBNA7H8VU5qNgetNqjkqr NqvieMyAgdpxIg/yQNAudUNTbztgcu91ESHzewFSpjtiXl6MXE/Qm10UI0yTDC2eoq8Y xkMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=9+m0kTs460hcrqt87hGM4/lEEwx+bNMLe0dXdG2vVeM=; b=cInMJuWQtJiTxnHZMu9CVLrFLHlhLgT+0HYLv8zEl9OwLS6LxdbAvQVBsxCIJwBDvs 8FLOj9psLSEoDirCRPdGmnlLPxpXPi4rjv2xqbxUhifv77zUWLblzsb9nw3jVl4jWaHh 6O8DmgrJM5xQfFLkEtz5Lwnd+tjfNSaHJlnmuOTr6ZFuaGwuiFBK4mZuJzM/jJRoqtS7 xKGYf0dDbBtVzIHJ4vgSltyvfYDQ8lgjoy1Vc4s4lUARSoy0dF0s3EtBqbFQbHWMd77E NW8CS9pSghAQ4sUjSiHbMo/heUkPRHVW7pW56QtAKLNRTdA08irqvajxiTyZ62ITafql w4MQ==
X-Gm-Message-State: AIVw1102OZ/k0uK/wsoXlvV26TTblS+yBRCuvA8RK9JpcRfPyiVEp/zq ycz5iuBMMAhk2GtDh8s=
X-Received: by with SMTP id p24mr1771948qtf.81.1499799682361; Tue, 11 Jul 2017 12:01:22 -0700 (PDT)
Received: from ?IPv6:2601:152:4400:dbdc:cd7e:c56c:755f:6862? ([2601:152:4400:dbdc:cd7e:c56c:755f:6862]) by with ESMTPSA id g204sm73266qkb.27.2017. for <> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 11 Jul 2017 12:01:20 -0700 (PDT)
References: <> <> <> <>
From: Michael StJohns <>
Message-ID: <>
Date: Tue, 11 Jul 2017 15:01:18 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------F3222EE5E563696A84BF96C5"
Content-Language: en-US
Archived-At: <>
Subject: Re: [TLS] chairs - please shutdown wiretapping discussion...
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 11 Jul 2017 19:01:42 -0000

On 7/10/2017 3:38 PM, Stephen Farrell wrote:
> On 10/07/17 17:42, Colm MacCárthaigh wrote:
>> It's clear that there is a strong distaste here for the kind of MITM being
>> talked about
> It is not (only) "distaste," it is IETF policy as a result of
> a significant debate on wiretapping.

It is a policy some 17 years ago promulgated with respect to some very 
specific layer 9 threats and was pretty black and white.   In 17 years 
we've gone from workstation class systems homed to application class 
servers to smart phones and the cloud.  The SNI RFC was still three 
years out and strangely all the privacy stuff we're worried about now 
wasn't even part of the security considerations.  TOR was still a DOD 
project.  Basically, 2804 is woefully out of date with respect to the 
current state of the world.

What this discussion has shown me is that we probably a) need to take 
another look at 2804 with a view to updating it with respect to the 
IETF's general views on persistent threats of all kinds, b) need to have 
whatever revision we make of 2804 provide for the concept that the owner 
of the data is not necessarily the sender/receiver of the data and has a 
vested interest in being able to control the flow of that information or 
protect themselves against persistent system threats (e.g. masked 
attackers) implicit in protecting against persistent privacy threats, 
and c) follow the general IETF model of not reading each and every word 
in any given RFC as if it were immutable truth handed down for all 
eternity and trust that we can - if we have the discussion - find a way 
forward through consensus building not bullying.

Later, Mike

> S
> _______________________________________________
> TLS mailing list