Re: [TLS] chairs - please shutdown wiretapping discussion...

Stephen Farrell <> Mon, 10 July 2017 19:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EB84113188A for <>; Mon, 10 Jul 2017 12:29:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id WZz7Qr-IMMep for <>; Mon, 10 Jul 2017 12:29:32 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4D57E131866 for <>; Mon, 10 Jul 2017 12:29:31 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id EABE9BE38; Mon, 10 Jul 2017 20:29:29 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id QAqliOAvuyYc; Mon, 10 Jul 2017 20:29:28 +0100 (IST)
Received: from [] ( []) by (Postfix) with ESMTPSA id 1EB0DBDCC; Mon, 10 Jul 2017 20:29:28 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=mail; t=1499714968; bh=oD67jyYpPbHLYUU5eQHCjx31rPUjzoLc1V72BGzS01A=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=A6ue9Mstg2B1pkThoRYTT5qeNCJDMs7aCxDsPOdJBas6XP7cSz0xiQoz2qhuFY1iw X7X209r8swweVGJmEv7DkYgPCrQotWzC5p0lLjtF68OZ78sg/b2rG5ikA48g7j8E2G WS+4GcSrjLCoAjC3SdpPqo9jjTBelyV8FVW1uwBM=
To: Sean Turner <>
Cc: TLS Chairs <>, "" <>
References: <> <>
From: Stephen Farrell <>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <>
Date: Mon, 10 Jul 2017 20:29:26 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="borphw5ls8GrlWiI8RCgCQ2OKBSoSjAhE"
Archived-At: <>
Subject: Re: [TLS] chairs - please shutdown wiretapping discussion...
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 10 Jul 2017 19:29:35 -0000

On 10/07/17 17:57, Sean Turner wrote:
> Stephen,
> After some discussion amongst the chairs, we have decided to not shut
> down the discussion about draft-green-tls-static-dh-in-tls13.  

Ok, that's your call. But a bad call IMO.

This topic, if not the specific draft, was already the subject
of significant debate during which the use of static DH values
was raised. I think you are putting the WG participants through
repetitive calls here for no good reason. (The fact that a -01
was emitted and new authors added is not IMO a good reason.)

So I'd ask that you review the previous related threads and
consider again if the basic idea behind this hasn't already
been rejected by the WG in the recent past.

In text below I'll assume you do that but decide to have an
adoption call nonetheless (though I hope you review the mail
archive and decide to reconsider).

> We are
> not shutting down this discussion because this topic is relevant to
> the constituents on both sides of the issue in the working group and
> there is a concrete proposal to discuss. 

That seems to me to be a recipe for whack-a-mole - we have seen
these break-tls proposals over and over and handling it your way
seems like it'll encourage more of 'em.

> Now that we know the
> authors are going to ask for WG adoption, the resulting working
> group's consensus or lack of consensus on this approach will be
> useful information for other discussions that will happen in the
> broader IETF community regardless of the outcome.  

I have no idea of the process problems that that'll create if
the WG go crazy and decide to adopt this despite it conflicting
with 2804 and given all the inevitable follow up wiretapping
additions that'll be proposed for quic and pretty much everything
else, if the TLS wg are seen to "fold." Seems like a recipe for
lots of confused process lawyering to me, but hopefully that'll
not turn out to be an issue.

> Further, we intend
> for consensus on the issue to be called quickly.

I'm against it:-)

> We also do not believe that this discussion is derailing the TLS1.3
> draft, we are consistently surprised by the WG’s bandwidth and the
> draft is out for a 2nd targeted WGLC.  As far as DTLS1.3, the
> specification is coming along but is not at a critical point where we
> believe this discussion will greatly detract from its development.

You did not respond about the Prague agenda. I continue to ask that
you not give this bad idea more f2f time. If you do give it time,
then I'd ask for equal time to debunk this bad idea. But better to
have zero time.


> J&S
>> On Jul 8, 2017, at 05:17, Stephen Farrell
>> <>; wrote:
>> Sean/Joe,
>> This is a request that you, as chairs, shut down the distracting 
>> wiretapping discussion, at least until DTLS1.3 is done.
>> I have planned to spend time reading draft 21 and DTLS, but that 
>> won't happen if we keep having to fight off the latest attempts to
>> break TLS. I'd not be surprised if I weren't the only one finding
>> that distraction an irritating waste of time. Finishing TLS1.3 and
>> getting DTLS1.3 on the way surely needs to not be constantly
>> de-railed by these attempts to break TLS.
>> Therefore I'd ask that you declare this discussion closed for at 
>> least that long (i.e until DTLS1.3 is done).
>> I'd also ask that you not allocate agenda time for wiretapping in
>> Prague.
>> Thanks, S.
>> _______________________________________________ TLS mailing list