Re: [TLS] chairs - please shutdown wiretapping discussion...

Stephen Farrell <> Tue, 11 July 2017 19:31 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 51E821317B7 for <>; Tue, 11 Jul 2017 12:31:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id BP6Bkt2r2Foo for <>; Tue, 11 Jul 2017 12:31:37 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3040613175A for <>; Tue, 11 Jul 2017 12:31:36 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id C03B6BF2E; Tue, 11 Jul 2017 20:31:34 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nST81AR5aM6n; Tue, 11 Jul 2017 20:31:33 +0100 (IST)
Received: from [] ( []) by (Postfix) with ESMTPSA id 7232ABF27; Tue, 11 Jul 2017 20:31:33 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=mail; t=1499801493; bh=uD/JFea/WUkuYHsS28qOlrp7+nglBi1WGtBy6y8j2Gw=; h=Subject:To:References:From:Date:In-Reply-To:From; b=OsXVtpOOyiSFXVqRpT7FDxr6q4vl+T5566DEGYsEd34IQ7R9ryEKA7ewxDL/C9xNx Nr5hvanth+KKtsuexPMG7MMrP+3n1lkn3I+gupSbzlNp1msDSsdp1gytbYBjMjdewX /4MRiEK1s2J8Wbme4zPmMOf+jIQxVDksoUAD2Orc=
To: Michael StJohns <>,
References: <> <> <> <> <>
From: Stephen Farrell <>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <>
Date: Tue, 11 Jul 2017 20:31:32 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="7XqdMEJsF1eJsLnqUvMkjkD7qdiVV4xTB"
Archived-At: <>
Subject: Re: [TLS] chairs - please shutdown wiretapping discussion...
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 11 Jul 2017 19:31:39 -0000

On 11/07/17 20:01, Michael StJohns wrote:
> Basically, 2804 is woefully out of date with respect to the current
> state of the world.

As I said before I do think the authors of this draft should
indeed have said that it needs to obsolete 2804 as that is
required for them to get the standards track status that they
requested in the draft header.

I also think that's going about things arseways - if 2804 needs
to be updated, that should happen first.

And for the current discussion, if the WG consensus is (as it
ought be) to not adopt this draft based on 2804, then there is
an IETF-level (and not TLS WG level!) question as to how to
handle drafts that are inconsistent with 2804 - ISTM that 2804
only envisages those being sent to the ISE and not being IETF
work items at all, otherwise the IETF would indeed be developing
wiretapping specifications which is clearly and obviously not
what 2804 says. And that matches my recollection of the debate
at the time, but I've not gone back to the raven archive to
check. (And 2804 pre-dating RFC streams won't help there I'm
sure in terms of clarity.)

So I'd also object to this WG attempting a supposed "compromise"
of pursuing an informational RFC as a work item. Doing do would
create an almost certainly huge but repeated debate on this
aspect during such a WG process and during IETF last call. That
specific question could maybe be figured out via an IESG note,
and might not need a full-on 2804bis debate, not sure.

No doubt such a debate would be a non-trivial undertaking, but
if we could reach a new consensus on a 2804bis that strengthened
Internet security and privacy, that would be a good thing. (I'm
not sure if folks would really be up for that though.)