Re: [TLS] Update on TLS 1.3 Middlebox Issues

[Randy Bush <randy@psg.com>]

> You seem to be responding to some other thread. As both Adam Langley and I
> mentioned, none of the changes that anyone is investigating for reducing
> middlebox-induced breakage affect the cryptographic properties of TLS.

my apologies.  i can only plead low caffeine (6:45 am tokyo time).

the proper threads would have been
  draft-green-tls-static-dh-in-tls13
  draft-rhrd-tls-tls13-visibility
  etc etc etc

it's getting to be that you can smell a red herring by the word
'datacenter' when it's really vendors of surveillance gear and three
letter agencies.

> On Sun, Oct 8, 2017 at 2:42 PM, Randy Bush <randy@psg.com> wrote:
                         ^^^^^^^  that's your clock, not mine :)
> 
>> there are a lot of us lurkers out here a bit horrified watching this wg
>> go off the rails.
>>
>> it would help if vendors of devices which break privacy would stop
>> speaking for 'datacenters' and let datacenters speak for themselves.  i
>> have not seen any doing so.  my $dayjob has>10 medium sized datacenters
>> serving everything from banks to telcos to scaled cloud services.  i can
>> not find folk in our datacenter groups who see a need to break e2e
>> encryption.
>>
>> if the interception proposals ensured that user is notified and able to
>> prevent session interception, then i would believe this.  but if they do
>> not, then let's face it, this is all about selling surveillance gear to
>> snooping enterprises and repressive regiemes where people with guns take
>> you away at 3am because your session was decoded.
>>
>> can we please provide real end to end privacy or call this wg something
>> else?

randy