Re: [TLS] TLS@IETF101 Agenda Posted

[nalini elkins <nalini.elkins@e-dco.com>]

Stephen,

>So it doesn't really help the discussion to claim that
>such-and-such a (set of person(s) is/are good actors - we do
>assume that, but also that there are others who would like
>the same changes to happen who do not share the IETF's goals
>of making Internet security better as far as we can.

You know, I actually find myself in agreement with some of your points (not
all!)

I lived for a number of years in a country which was a military
dictatorship with no freedom of speech.  I am well aware of what some
people who want to hang on to power at all costs and place no value on
human life are prepared to do to others.  And, their power can be
multiplied and further weaponized with the Internet.

I know that you and many others in the TLS WG are saying what you are
saying because you are trying to protect others who cannot protect
themselves.   I know.  I respect that.  I spent two of the happiest years
of my life in sub-saharan Africa in the Peace Corps.  I totally get the
point of view of trying to help people and keep them safe.

But, it is a very difficult issue.   If I can use a different analogy, if
the City of Monterey built a new sewer system and told me that to connect
to it, I had to build a new house, I would scream!

TLS is used in many, many places.  The Internet is critical to the
businesses of the world.   You can't just say use something other than
TLS.   Or don't use the Internet.  It's not so easy.

I wish we could actually talk to each other quietly and reasonably.  This
is a very, very difficult problem.

Nalini






On Wed, Mar 14, 2018 at 4:16 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie>
wrote:

>
>
> On 14/03/18 23:00, nalini elkins wrote:
> > The simple explanation is that people think they will have serious
> > issues with TLS1.3 and actually, TLS1.2 when it is DH only.
>
> Of course some people who are used to MitMing connections will
> have problems and will have to change.
>
> But that does not mean that their problems ought to be solved
> by any change to TLS.
>
> IMO the costs to the broader Internet of breaking TLS like that
> are far too high to optimse for these folks. It's understandable
> that they'd prefer otherwise.
>
> People with such problems should IMO look elsewhere for
> solutions and not be fixated on breaking TLS.
>
> Lastly, bear in mind that even if the people with whom you
> are dealing have the best intentions, there really are people
> who are paid large amounts of money to weaken Internet security
> (see [1] for scant detail of just one country's efforts in
> that regard) and that we have IETF consensus to oppose such
> efforts, as far as it's in the IETF's remit to do so.
>
> So it doesn't really help the discussion to claim that
> such-and-such a (set of person(s) is/are good actors - we do
> assume that, but also that there are others who would like
> the same changes to happen who do not share the IETF's goals
> of making Internet security better as far as we can.
>
> S.
>
> [1] https://en.wikipedia.org/wiki/Bullrun_(decryption_program)
>



-- 
Thanks,
Nalini Elkins
President
Enterprise Data Center Operators
www.e-dco.com