Re: [TLS] Fwd: I-D Action: draft-lemon-tls-blocking-alert-00.txt

Brian Smith <> Tue, 07 June 2016 20:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3CE6E12B02A for <>; Tue, 7 Jun 2016 13:05:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nOKZmBmD8k_V for <>; Tue, 7 Jun 2016 13:05:21 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4001:c0b::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9413A12D14D for <>; Tue, 7 Jun 2016 12:55:59 -0700 (PDT)
Received: by with SMTP id z123so105523090itg.0 for <>; Tue, 07 Jun 2016 12:55:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=Jm53TEr7NpJ4gSMfj/OHuX6Q53fPyABLVwBH4nQN3S4=; b=hm+RywB4VnQeHHIBJAE7e8LKSpHioUr64JcScdjYQGViccPmxFlYBSlqCQpvOkwxlf y3V5AVf2lOo5V0mDtTzgOc0RH615bD4ssQMre0F7VN0wPsSb+UNAPPV/qTsPECwwcfuv 8W3Zs5YCQDMTUNOZ5ldJ+Bl9IMF1Hyrip5XsBxdq67/G7JbePQN00fySwLH9jAky6n96 JbtVrOviOMPWNB8xTwUvbGbEvSf9DLCCq7fGFlYNit9ikeI4aClcs3FbEC7Ufy5yIg2E Z8P3IZ3XmWWRD+HElKrVhr+kIiWHeGEHq9ztPLSvboyUfNY3tv2hSt2bQLrnhe3Pha9l R+pA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=Jm53TEr7NpJ4gSMfj/OHuX6Q53fPyABLVwBH4nQN3S4=; b=h8jjxRm+2NfX/EILpaA2NN5Fex5aXtSm1Gk3l//eUsz4+wONXSvnB4zelMjl4S16HA NYo8rfUpfOd7Pnt6ifxu8iN8D0TyFd4dQtmGoBZB7Jrlfhtg40SboKQXJLfr9ribDEX3 AqLnrU7yJSP0NAiLqRL4+6XfvnvR8sTipVGLVw0LbC0Pvzv+AWasWegC9vFHM7/c8sbG gaVdXYIeIUpBWxjozzGWvMrMg6MQLSKgtfOFbdAeA+JyU2uXn/3qWfZ6QpiY9+Bqaq5W zMCNrAgmHFwNIDUQiHu4Pfl0GG/rVErzFuoHqIiovFgxqvMJXxPqRjMbDAetIH+e8Xcp +xVA==
X-Gm-Message-State: ALyK8tL1/RlIt03TsAvetXrMME6qQgFf3qR0HrXPZSyw0ig7JfMidwUX737MyBHuF7r5j+VAGzUdNIfr0mDLgw==
MIME-Version: 1.0
X-Received: by with SMTP id 75mr2449181iok.51.1465329358875; Tue, 07 Jun 2016 12:55:58 -0700 (PDT)
Received: by with HTTP; Tue, 7 Jun 2016 12:55:58 -0700 (PDT)
In-Reply-To: <>
References: <> <>
Date: Tue, 7 Jun 2016 09:55:58 -1000
Message-ID: <>
From: Brian Smith <>
To: Ted Lemon <>
Content-Type: multipart/alternative; boundary=001a113f89b4ea51ff0534b593a3
Archived-At: <>
Cc: "<>" <>
Subject: Re: [TLS] Fwd: I-D Action: draft-lemon-tls-blocking-alert-00.txt
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 07 Jun 2016 20:05:22 -0000

On Mon, Jun 6, 2016 at 7:21 AM, Ted Lemon <>; wrote:

> I've posted a new document to the datatracker that adds some TLS alert
> codes that can be sent to indicate that a particular TLS request has been
> blocked by the network.   This attempts to address the problem of notifying
> the user of what went wrong when a site is blocked, without creating a
> channel that can be used by a hostile network to attack a user.

This is a bad idea in general, and we shouldn't do things like this.

Standardizing and implementing things like this signals, politically, that
we accept and even encourage censorship like we see in China and many other
places already in the world. That, on its own, makes this a non-starter.

The inconvenience, confusion, and unreliability of current methods of (not)
notifying the user about the filtering is a strong disincentive towards
people thinking about deploying filtering that is abusive.

Perhaps there is some kind of filtering that isn't abusive, but IMO the
gain from improving that doesn't outweigh any loss, politically or
otherwise, from, intentionally or unintentionally supporting the abusive