Re: [TLS] TLS@IETF101 Agenda Posted
nalini elkins <nalini.elkins@e-dco.com> Wed, 14 March 2018 23:32 UTC
Return-Path: <nalini.elkins@e-dco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2A0F12DA02 for <tls@ietfa.amsl.com>; Wed, 14 Mar 2018 16:32:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=e-dco-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ebu48TZDPd99 for <tls@ietfa.amsl.com>; Wed, 14 Mar 2018 16:32:26 -0700 (PDT)
Received: from mail-io0-x22d.google.com (mail-io0-x22d.google.com [IPv6:2607:f8b0:4001:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CEE412DA08 for <tls@ietf.org>; Wed, 14 Mar 2018 16:32:26 -0700 (PDT)
Received: by mail-io0-x22d.google.com with SMTP id v6so6368715iog.7 for <tls@ietf.org>; Wed, 14 Mar 2018 16:32:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=e-dco-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=awW/XThU4SzonTBcS77sYTMKPFycJt9YhIV5v53wuno=; b=ZO33b/DeqBfZ5wu7iwBNOleqFKFr7l4jmyV0xJ1MHXIAsivEw0vP8actiytDgNzytr zt6YVf435Nao2jD7YYnBu4epjHEEKR/aG6iGiFoiT2qSIyJPDTYSUNYm8R46SLMQN4Dy PEiA6LjI0Bmdq75o6Vi0coISmLgNtKlPy+zTM3k2VIRU4WmsyAxBJXN0L1BGX04Mylan LvSvZAtGsdLQ0qxt6ToVtmT0MmA89ZCjiaXy9FP/U/nrBrHcDRNqEX4YJX4UAdm/DGZV N/SW2JZc+SWOZUYVljEuyVRwtkHdGZWTDtcxhsv4Qmof8GX1hbnKxKLaogW5mb70pWqr q+ZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=awW/XThU4SzonTBcS77sYTMKPFycJt9YhIV5v53wuno=; b=b2OlQcA4WuEWWV6VnpE94cm+QZvNUXlEMltQ4S5lumS8uMWqPM8s5uACJbVd9PZRff VgxJ9Cq325q9QJ4W2DKmuy+dhnr8dHIpy2bP4v8c/7mxrLbTQmKfGx5MRipcRl166F8h mkItU8qVJRCPQMZ7gbP2U3PB5b7jRQgvxNxpJ3ohA//oZY4xewKErEXiJFGLMf/YoCmw BlU44xYOf+1fUgJh7/fx6GHVlsZyAo2qrwybH3jWQUQOvRuel31TnCyUfV9MqeOc8t1w Diz5l//WKn+NAv7+sGEMcXqa24wmzm7hcNaPVMxluh3SZKFlzwaBXJs5qJC6ieabP/G+ rZrQ==
X-Gm-Message-State: AElRT7F0lwc1+LjP9/XhCI0qiFPHLczC1qMLgft3RK0rJLpGLE4XrB3j KURD1k9OkkotO29gJM9CYGq85K2l+uM8Ssn/AhgSPQ==
X-Google-Smtp-Source: AG47ELvGYoNnak0JG1C8zYjD9AJFHmYwdvT/4RXQh02m2zkUWMfrHmoNv6ZhU6sM6cdlvZnB/StpkBS+Q5/2t/Vx/1k=
X-Received: by 10.107.33.72 with SMTP id h69mr6608680ioh.209.1521070345487; Wed, 14 Mar 2018 16:32:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.2.29.138 with HTTP; Wed, 14 Mar 2018 16:32:25 -0700 (PDT)
In-Reply-To: <dabb224c-f679-2bf9-77f7-44c905b9887d@cs.tcd.ie>
References: <6140B7A6-A1C7-44BC-9C65-9BE0D5E1B580@sn3rd.com> <986797a7-81b0-7874-5f39-afe83c86635b@cs.tcd.ie> <CAOgPGoBYc7O+qmjM-ptkRkE6mRsOYgc5O7Wu9pm3drFp3TVa6Q@mail.gmail.com> <d7dfdc1a-2c96-fd88-df1b-3167fe0f804b@cs.tcd.ie> <CAHbuEH7E8MhFcMt2GSngSrGxN=6bU6LD49foPC-mdoUZboH_0Q@mail.gmail.com> <1a024320-c674-6f75-ccc4-d27b75e3d017@nomountain.net> <2ed0gc.p5dcxd.31eoyz-qmf@mercury.scss.tcd.ie> <d7ec110f-2a0b-cf97-94a3-eeb5594d8c24@cs.tcd.ie> <CAOgPGoDpreyWcaLG_bMvEmMk1KvMQEGhXB+Ro+f1BKf3p_DxOA@mail.gmail.com> <4e1ab8ca-e977-7273-358b-3df3670d0ee5@cs.tcd.ie> <D1FFA72D-28B8-4435-B069-5EE1563E26B2@fugue.com> <CALZ3u+Z6DWMwKF6eoDJ2h5ABRGpeYrqZUyesnYhHP5g1d8rQ1Q@mail.gmail.com> <CAPsNn2Xtkjzkvwhmr6ZYvZ+VqjDFnnKM4QvqKVkXvt+WHZ4iJw@mail.gmail.com> <dabb224c-f679-2bf9-77f7-44c905b9887d@cs.tcd.ie>
From: nalini elkins <nalini.elkins@e-dco.com>
Date: Wed, 14 Mar 2018 16:32:25 -0700
Message-ID: <CAPsNn2W-YQpwq_W_G0M5LZRnmN=DoG-Ufmcz-Kf-HQN_ckKSmg@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Artyom Gavrichenkov <ximaera@gmail.com>, "<tls@ietf.org>" <tls@ietf.org>, Benjamin Kaduk <kaduk@mit.edu>
Content-Type: multipart/alternative; boundary="001a1140f5e69f1f88056767c987"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Xek74XNhKY9Kt1Ak3F2x7kuDNZI>
Subject: Re: [TLS] TLS@IETF101 Agenda Posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Mar 2018 23:32:31 -0000
Stephen, >So it doesn't really help the discussion to claim that >such-and-such a (set of person(s) is/are good actors - we do >assume that, but also that there are others who would like >the same changes to happen who do not share the IETF's goals >of making Internet security better as far as we can. You know, I actually find myself in agreement with some of your points (not all!) I lived for a number of years in a country which was a military dictatorship with no freedom of speech. I am well aware of what some people who want to hang on to power at all costs and place no value on human life are prepared to do to others. And, their power can be multiplied and further weaponized with the Internet. I know that you and many others in the TLS WG are saying what you are saying because you are trying to protect others who cannot protect themselves. I know. I respect that. I spent two of the happiest years of my life in sub-saharan Africa in the Peace Corps. I totally get the point of view of trying to help people and keep them safe. But, it is a very difficult issue. If I can use a different analogy, if the City of Monterey built a new sewer system and told me that to connect to it, I had to build a new house, I would scream! TLS is used in many, many places. The Internet is critical to the businesses of the world. You can't just say use something other than TLS. Or don't use the Internet. It's not so easy. I wish we could actually talk to each other quietly and reasonably. This is a very, very difficult problem. Nalini On Wed, Mar 14, 2018 at 4:16 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > > On 14/03/18 23:00, nalini elkins wrote: > > The simple explanation is that people think they will have serious > > issues with TLS1.3 and actually, TLS1.2 when it is DH only. > > Of course some people who are used to MitMing connections will > have problems and will have to change. > > But that does not mean that their problems ought to be solved > by any change to TLS. > > IMO the costs to the broader Internet of breaking TLS like that > are far too high to optimse for these folks. It's understandable > that they'd prefer otherwise. > > People with such problems should IMO look elsewhere for > solutions and not be fixated on breaking TLS. > > Lastly, bear in mind that even if the people with whom you > are dealing have the best intentions, there really are people > who are paid large amounts of money to weaken Internet security > (see [1] for scant detail of just one country's efforts in > that regard) and that we have IETF consensus to oppose such > efforts, as far as it's in the IETF's remit to do so. > > So it doesn't really help the discussion to claim that > such-and-such a (set of person(s) is/are good actors - we do > assume that, but also that there are others who would like > the same changes to happen who do not share the IETF's goals > of making Internet security better as far as we can. > > S. > > [1] https://en.wikipedia.org/wiki/Bullrun_(decryption_program) > -- Thanks, Nalini Elkins President Enterprise Data Center Operators www.e-dco.com
- [TLS] TLS@IETF101 Agenda Posted Sean Turner
- Re: [TLS] TLS@IETF101 Agenda Posted Stephen Farrell
- Re: [TLS] TLS@IETF101 Agenda Posted Artyom Gavrichenkov
- Re: [TLS] TLS@IETF101 Agenda Posted Joseph Salowey
- Re: [TLS] TLS@IETF101 Agenda Posted Darin Pettis
- Re: [TLS] TLS@IETF101 Agenda Posted Artyom Gavrichenkov
- Re: [TLS] TLS@IETF101 Agenda Posted Stephen Farrell
- Re: [TLS] TLS@IETF101 Agenda Posted Kathleen Moriarty
- Re: [TLS] TLS@IETF101 Agenda Posted Stephen Farrell
- Re: [TLS] TLS@IETF101 Agenda Posted Melinda Shore
- Re: [TLS] TLS@IETF101 Agenda Posted stephen.farrell
- Re: [TLS] TLS@IETF101 Agenda Posted Stephen Farrell
- [TLS] draft-rhrd-tls-tls13-visibility at IETF101 Jim Reid
- Re: [TLS] TLS@IETF101 Agenda Posted Colm MacCárthaigh
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Salz, Rich
- Re: [TLS] TLS@IETF101 Agenda Posted Joseph Salowey
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Joseph Salowey
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Artyom Gavrichenkov
- Re: [TLS] TLS@IETF101 Agenda Posted Salz, Rich
- Re: [TLS] TLS@IETF101 Agenda Posted Melinda Shore
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Ackermann, Michael
- Re: [TLS] TLS@IETF101 Agenda Posted Salz, Rich
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Richard Barnes
- Re: [TLS] draft-rhrd-tls-tls13-visibility at IETF… Melinda Shore
- Re: [TLS] TLS@IETF101 Agenda Posted Eric Rescorla
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted George Palmer
- Re: [TLS] TLS@IETF101 Agenda Posted Artyom Gavrichenkov
- Re: [TLS] TLS@IETF101 Agenda Posted Sean Turner
- Re: [TLS] TLS@IETF101 Agenda Posted Salz, Rich
- Re: [TLS] TLS@IETF101 Agenda Posted Ted Lemon
- Re: [TLS] TLS@IETF101 Agenda Posted Artyom Gavrichenkov
- Re: [TLS] TLS@IETF101 Agenda Posted Artyom Gavrichenkov
- Re: [TLS] TLS@IETF101 Agenda Posted Andrei Popov
- Re: [TLS] draft-rhrd-tls-tls13-visibility at IETF… Kathleen Moriarty
- Re: [TLS] draft-rhrd-tls-tls13-visibility at IETF… Melinda Shore
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Ackermann, Michael
- Re: [TLS] draft-rhrd-tls-tls13-visibility at IETF… Kathleen Moriarty
- Re: [TLS] TLS@IETF101 Agenda Posted Ted Lemon
- Re: [TLS] TLS@IETF101 Agenda Posted Stan Kalisch
- Re: [TLS] draft-rhrd-tls-tls13-visibility at IETF… Russ Housley
- Re: [TLS] TLS@IETF101 Agenda Posted Ackermann, Michael
- Re: [TLS] TLS@IETF101 Agenda Posted Darin Pettis
- Re: [TLS] TLS@IETF101 Agenda Posted Russ Housley
- Re: [TLS] TLS@IETF101 Agenda Posted Andrei Popov
- Re: [TLS] TLS@IETF101 Agenda Posted Stephen Farrell
- Re: [TLS] TLS@IETF101 Agenda Posted Salz, Rich
- Re: [TLS] TLS@IETF101 Agenda Posted Russ Housley
- Re: [TLS] TLS@IETF101 Agenda Posted Andrei Popov
- Re: [TLS] TLS@IETF101 Agenda Posted Ted Lemon
- Re: [TLS] TLS@IETF101 Agenda Posted Salz, Rich
- Re: [TLS] TLS@IETF101 Agenda Posted Ted Lemon
- Re: [TLS] TLS@IETF101 Agenda Posted Salz, Rich
- Re: [TLS] draft-rhrd-tls-tls13-visibility at IETF… Stephen Farrell
- Re: [TLS] TLS@IETF101 Agenda Posted Artyom Gavrichenkov
- Re: [TLS] TLS@IETF101 Agenda Posted Stan Kalisch
- Re: [TLS] TLS@IETF101 Agenda Posted Russ Housley
- Re: [TLS] draft-rhrd-tls-tls13-visibility at IETF… Russ Housley
- Re: [TLS] TLS@IETF101 Agenda Posted Kathleen Moriarty
- Re: [TLS] TLS@IETF101 Agenda Posted Russ Housley
- Re: [TLS] draft-rhrd-tls-tls13-visibility at IETF… Stan Kalisch
- Re: [TLS] draft-rhrd-tls-tls13-visibility at IETF… Stephen Farrell
- Re: [TLS] draft-rhrd-tls-tls13-visibility at IETF… Ted Lemon
- Re: [TLS] TLS@IETF101 Agenda Posted Ted Lemon
- Re: [TLS] TLS@IETF101 Agenda Posted Hubert Kario
- Re: [TLS] TLS@IETF101 Agenda Posted Kathleen Moriarty
- Re: [TLS] TLS@IETF101 Agenda Posted Russ Housley
- Re: [TLS] TLS@IETF101 Agenda Posted Ted Lemon
- Re: [TLS] TLS@IETF101 Agenda Posted Hubert Kario
- Re: [TLS] TLS@IETF101 Agenda Posted Salz, Rich
- Re: [TLS] TLS@IETF101 Agenda Posted Peter Bowen
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Ryan Sleevi
- Re: [TLS] TLS@IETF101 Agenda Posted Stephen Farrell
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Ryan Sleevi
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Salz, Rich
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Stephen Farrell
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Andrei Popov
- Re: [TLS] TLS@IETF101 Agenda Posted Stephen Farrell
- Re: [TLS] TLS@IETF101 Agenda Posted Artyom Gavrichenkov
- Re: [TLS] TLS@IETF101 Agenda Posted Stephen Farrell
- Re: [TLS] TLS@IETF101 Agenda Posted Ralph Droms
- Re: [TLS] TLS@IETF101 Agenda Posted Artyom Gavrichenkov
- Re: [TLS] TLS@IETF101 Agenda Posted Ralph Droms
- Re: [TLS] TLS@IETF101 Agenda Posted Salz, Rich
- Re: [TLS] TLS@IETF101 Agenda Posted nalini elkins
- Re: [TLS] TLS@IETF101 Agenda Posted Ted Lemon
- Re: [TLS] TLS@IETF101 Agenda Posted Stan Kalisch
- Re: [TLS] TLS@IETF101 Agenda Posted Russ Housley
- Re: [TLS] TLS@IETF101 Agenda Posted Andrei Popov
- Re: [TLS] TLS@IETF101 Agenda Posted Russ Housley
- Re: [TLS] TLS@IETF101 Agenda Posted Stephen Farrell