Re: [TLS] TLS@IETF101 Agenda Posted

Stan Kalisch <stan@glyphein.mailforce.net> Thu, 15 March 2018 15:04 UTC

Return-Path: <stan@glyphein.mailforce.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3F7B12D87C for <tls@ietfa.amsl.com>; Thu, 15 Mar 2018 08:04:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mailforce.net header.b=j02JbOyc; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=mMMTulvH
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dOgop8PmUQFL for <tls@ietfa.amsl.com>; Thu, 15 Mar 2018 08:04:48 -0700 (PDT)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0F64124D6C for <tls@ietf.org>; Thu, 15 Mar 2018 08:04:48 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id ECD1820D87; Thu, 15 Mar 2018 11:04:47 -0400 (EDT)
Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Thu, 15 Mar 2018 11:04:47 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailforce.net; h=cc:content-transfer-encoding:content-type:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=pNOT6FACyAOJfI9pP qWa/jdseOXvjVNotRyw7t47nno=; b=j02JbOyctu34jSsATmTSn1vt0i+didqQa BVSkeOvbl361aQES8cCwiVdKRk8bP0agLPqfvapYuGg/yuTGDYgit7JO/FX0yy7m punHE8LRL6r2tuABfDzXNNxoG5zhIAd+L0hvc4/n+EWTY13UQZWIrTerGoQ2rxUJ ESenUrE5XG0x0UZ+7Vb0+sNxfA5t4xAxq9ov3NI82j7Oh/NmChiMvGUXRXC8sBUV +g1bwNItouXCIjuEyH38PiAniGYfj4oQYge4GCueeicQRCapW2WnM0hzrQ2HvnNF Ui8AWhUNPUdy3JHuZ0f13InWc/k3VAh1/xAa/ZHCTw8Ob6GndM97Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=pNOT6F ACyAOJfI9pPqWa/jdseOXvjVNotRyw7t47nno=; b=mMMTulvHdhb/NDPT2+lGRj Gbco1BuQoSxWWKkSuK4lX6I/3lzJzoAhVg1Mpxv0iscCQwowvbaDnf91X9zdim+V lc3ZD9yaJFpkX13Vumqjw1DHP0WXOlM4T6axQEB8yRceRMk1uVA6A3IfYVJmJkYb 4+JooUu/rmkz171mC043OUlFZL2fEHBWlVhc4sbfuTHmE4GguVxUoWvDliVkfpGP cJRPShuXH5O635D5ZcK6dJYAGTdu3iYvQdehqn+lTcQjsyvQ3TWMM+Y12qCY9cn/ mlE+foF6DuAnPJQPVTVLsrc6NuCyryn0dA6a48yP05NDEsHksWRgYo3lM7YHlMPA ==
X-ME-Sender: <xms:j4uqWnFFCv_7yfgQItDmnzsQdd0orPGtm93DcpInDI2OIKw-pEkmXA>
Received: from [192.168.1.71] (108-84-31-27.lightspeed.tukrga.sbcglobal.net [108.84.31.27]) by mail.messagingengine.com (Postfix) with ESMTPA id 9DD5E7E263; Thu, 15 Mar 2018 11:04:46 -0400 (EDT)
References: <6140B7A6-A1C7-44BC-9C65-9BE0D5E1B580@sn3rd.com> <986797a7-81b0-7874-5f39-afe83c86635b@cs.tcd.ie> <CAOgPGoBYc7O+qmjM-ptkRkE6mRsOYgc5O7Wu9pm3drFp3TVa6Q@mail.gmail.com> <d7dfdc1a-2c96-fd88-df1b-3167fe0f804b@cs.tcd.ie> <CAHbuEH7E8MhFcMt2GSngSrGxN=6bU6LD49foPC-mdoUZboH_0Q@mail.gmail.com> <1a024320-c674-6f75-ccc4-d27b75e3d017@nomountain.net> <2ed0gc.p5dcxd.31eoyz-qmf@mercury.scss.tcd.ie> <d7ec110f-2a0b-cf97-94a3-eeb5594d8c24@cs.tcd.ie> <CAOgPGoDpreyWcaLG_bMvEmMk1KvMQEGhXB+Ro+f1BKf3p_DxOA@mail.gmail.com> <4e1ab8ca-e977-7273-358b-3df3670d0ee5@cs.tcd.ie> <D1FFA72D-28B8-4435-B069-5EE1563E26B2@fugue.com> <CALZ3u+Z6DWMwKF6eoDJ2h5ABRGpeYrqZUyesnYhHP5g1d8rQ1Q@mail.gmail.com> <CAPsNn2Xtkjzkvwhmr6ZYvZ+VqjDFnnKM4QvqKVkXvt+WHZ4iJw@mail.gmail.com> <dabb224c-f679-2bf9-77f7-44c905b9887d@cs.tcd.ie> <CAPsNn2W-YQpwq_W_G0M5LZRnmN=DoG-Ufmcz-Kf-HQN_ckKSmg@mail.gmail.com> <964d23e3-fe80-f785-f3d6-aa0a3cda4470@cs.tcd.ie> <CAPsNn2Vn=7jkF=sfpm5XRFMYRj0qM-Uvfm0FtbRHVCwirOqm6Q@mail.gmail.com> <02680005-ccc6-14b2-324e-e953beb8ee3e@cs.tcd.ie> <CAPsNn2WfRZx9RS8LEH_FDiseEzPSsTQrW2y8QZrKjJ+SwpT3eQ@mail.gmail.com>
In-Reply-To: <CAPsNn2WfRZx9RS8LEH_FDiseEzPSsTQrW2y8QZrKjJ+SwpT3eQ@mail.gmail.com>
Mime-Version: 1.0 (1.0)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative; boundary="Apple-Mail-97BB3C72-F69D-4C78-B3CE-8E082A0FFC09"
Message-Id: <9E50A432-8673-44E6-89D0-D339D46ED325@glyphein.mailforce.net>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "<tls@ietf.org>" <tls@ietf.org>
X-Mailer: iPhone Mail (13G36)
From: Stan Kalisch <stan@glyphein.mailforce.net>
Date: Thu, 15 Mar 2018 11:04:43 -0400
To: nalini elkins <nalini.elkins@e-dco.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/d9Wo4gBaM2hahyGUIEhO1iUs5cM>
Subject: Re: [TLS] TLS@IETF101 Agenda Posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Mar 2018 15:04:53 -0000

[top-posted because the bulk of the quoted material really is necessary for context]

Hi Nalini,

It seems to me your and Stephen's recollections of events have two essential points in common (well, in my view they do) that I'd like to highlight here:

1.  A number of your consortium's parties are, at minimum, reticent to come, or are restricted from coming, forward in this large public IETF forum.

2.  Your consortium is trying to prove a negative:  that some fundamental feature doesn't exist in the TLS 1.3 draft.  I say "some fundamental feature" because I'm not sure those for or opposed can say exactly what that technical feature is.  We know it allows the inspection of data, and we know there are theories on how that would securely work.

Here, I think, is a substantial part of the problem:  your consortium isn't pushing a specific technical feature, and the WG doesn't know specifically who they are.  I think this speaks to much of the difficulty the WG has in engaging with you regarding the TLS 1.3 and so-called "visibility" drafts.


Thanks,
Stan

> On Mar 15, 2018, at 4:47 AM, nalini elkins <nalini.elkins@e-dco.com> wrote:
> 
> On 15/03/18 00:05, nalini elkins wrote:
> >> There is no question of a smokey back room.
> 
> >I'm sorry to disagree so bluntly, but while I was an
> >AD some of the people involved here requested that I
> >meet them in private to discuss this topic before it
> >had been raised on the list, and without telling me
> >ahead of time who, from what "enterprises," would be
> >in the room looking for what. As an AD I was always
> >happy to meet folks and have quiet discussions about
> >how to engage with the IETF or explore some detail of
> >how to get something done, I definitely did draw a
> >line well before private meetings aiming to overthrow
> >established WG consensus.
> 
> >While that all might be put down to a tactical error
> >in which advice to follow with whom when initially
> >engaging with the IETF, from my POV it was the epitome
> >of a request for a smokey-back room discussion.
> 
> >So yes, I do find that there are questions here about
> >smokey back rooms indeed. 
> 
> 1.  With respect, I contend that you are conflating what happened then with what I am suggesting now.
> 
> 2.  Also, your description of what happened then does not match with my memory.  We may
> have an honest disagreement or recollection of events.  I believe I have the original
> email chain somewhere & can try to find it, if necessary.
> 
> My version of the events is:
> 
> 1.  A couple of years ago, I was involved with some "enterprises" who felt they had an 
> issue with the upcoming TLS1.3 standard.  In particular, the deprecation of RSA.   
> 
> 
> 2.   They were concerned about the reputational risk to their company of speaking
> in a public forum.   (This is a huge issue for many companies.)  Also, they
> were not used to writing Internet Drafts or presenting at an IETF group.
> 
> 
> 3.  I had no experience with such a situation so I was not sure what to do either.
> My own work is in IPPM (if anyone is interested, you can look at my work 
> in RFC8250), so I was not involved with the TLS group very much either. 
> (A situation which has since been corrected.  I now am happy to know 
> many of you quite well.) (Still no claims to being a crypto expert, though!)
> 
> I asked a former Chair of the IETF for advice.  He suggested asking for a 
> session with the leadership of the TLS group under Chatham House rules.
> 
> I did so.
> 
> As I recall, I asked to have a discussion of the issues to see what we should do.
> I never asked for any consensus of the WG to be overturned.  I may be a dim
> bulb but I am not a complete idiot.   I do have some idea of how things work as
> far as WG consensus.
> 
> Again, as I recall, you replied at some length about "subverting the process".
> After a few more somewhat emotional emails back and forth, where I was not able to convey 
> my point adequately or to reach an understanding, I gave up on that route.
> 
> It is completely possible that I did not ask correctly or convey the right information.
> It was a new situation to me & as I say, I was not sure what to do.  I did my best.
> 
> If needed, I can look for the original email chain.
> 
> 
> 4.  Then, I went back to these "enterprises".  They had to go all the way to the
> CEO of their company to get authority to speak publicly.   They did so at 
> the Chicago IETF.
> 
> And, you know what, I am going to do everything I can to help these guys.
> They have a point of view that deserves to be represented.  They have 
> put in a huge amount of time and effort to try to present what they feel
> will be a real problem for their company.  They are not doing it for any
> other reason.
> 
> Again, they are not used to writing Internet drafts.  And, I am not as much
> as help as I could be to them in writing drafts for TLS as that is not where 
> I live, so to speak.  If this was an issue in performance metrics, I could 
> write the drafts for them.  But, this is TLS, so we have to get others to help.
> We have tried as much as we can to follow the process.   We are all
> imperfect, we are doing our best.
> 
> 
> 5.  This issue with people being able to speak publicly is real.  It needs to
> be recognized.  Not everyone works for an academic institution or 
> companies which support speaking openly about network architecture
> issues.   
> 
> Even some of the network product vendors who are starting to speak
> openly on this issue have had to talk to their CEOs before commenting.
> Not everyone will go to such lengths.  They will mostly just give up.
> Which is unfortunate for everyone.  Including the IETF.
> 
> I completely understand why deliberations of something as important 
> as TLS need to be public and in the open.  I support that.  I am just
> saying that there is an important constituency for whom speaking in
> an open forum is a real issue.  Frankly, this is why we formed the
> "consortium".
> 
> Nalini
> 
>> On Wed, Mar 14, 2018 at 5:13 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
>> 
>> 
>> On 15/03/18 00:05, nalini elkins wrote:
>> > There is no question of a smokey back room.
>> 
>> I'm sorry to disagree so bluntly, but while I was an
>> AD some of the people involved here requested that I
>> meet them in private to discuss this topic before it
>> had been raised on the list, and without telling me
>> ahead of time who, from what "enterprises," would be
>> in the room looking for what. As an AD I was always
>> happy to meet folks and have quiet discussions about
>> how to engage with the IETF or explore some detail of
>> how to get something done, I definitely did draw a
>> line well before private meetings aiming to overthrow
>> established WG consensus.
>> 
>> While that all might be put down to a tactical error
>> in which advice to follow with whom when initially
>> engaging with the IETF, from my POV it was the epitome
>> of a request for a smokey-back room discussion.
>> 
>> So yes, I do find that there are questions here about
>> smokey back rooms indeed.
>> 
>> S.
> 
> 
> 
> -- 
> Thanks,
> Nalini Elkins
> President
> Enterprise Data Center Operators
> www.e-dco.com
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls