Re: [TLS] TLS@IETF101 Agenda Posted

Stephen Farrell <> Thu, 15 March 2018 18:47 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 26BA9120724 for <>; Thu, 15 Mar 2018 11:47:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.31
X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id N2hifTJtDdWQ for <>; Thu, 15 Mar 2018 11:47:13 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9BAA8124D37 for <>; Thu, 15 Mar 2018 11:47:13 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 68077BE4D; Thu, 15 Mar 2018 18:47:11 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nOd0X6Vmfw9m; Thu, 15 Mar 2018 18:47:06 +0000 (GMT)
Received: from [] ( []) by (Postfix) with ESMTPSA id 4FBF1BE38; Thu, 15 Mar 2018 18:47:06 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=mail; t=1521139626; bh=/oKfrJu0rJbsQX0ydTI2vw+pyb/1T7jgMTX+hO3Bxk8=; h=Subject:To:References:From:Date:In-Reply-To:From; b=NHId0aTJW20Xjo2EKNF+KLvjcGpNTaLnPCszadY8ZKzVQpUrDwJst+aU/TTmKDZz6 kDU/a5fIc1u2qEYTKrjQUlwzwJ5Ek9C0WmLGiFybHsxNaIMPJavrpTZGukEokBAMZ3 GpuZN3gkJ7kAm16FmYRtX+gJ+rMlTkOjs5dHX8UE=
To: Russ Housley <>, IETF TLS <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
From: Stephen Farrell <>
Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url=
Message-ID: <>
Date: Thu, 15 Mar 2018 18:47:05 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="puyZFbw9Up2K8VA5Zx6Gb0fiMm0U8nRy8"
Archived-At: <>
Subject: Re: [TLS] TLS@IETF101 Agenda Posted
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 15 Mar 2018 18:47:16 -0000


On 15/03/18 17:29, Russ Housley wrote:
>>> Nalini, why don't you (the consortium) define the standard,
>>> then?
>> Indeed, if a “TLS13-visibility” standard has to be defined, it
>> would make sense for the consortium (rather than the TLS WG) to
>> define it.
> In fact, my mistake that was caught by Martin is exactly the reason
> that we want the experts in the TLS WG to review the document.

Two things:-

1. I disagree with your assertion. Broad review to improve
security is well worthwhile and is a reason to bring work
to the IETF. Figuring out the how to controversially yet
diligently make TLS (or any IETF protocol) *weaker* is not
part of our process, and would IMO be extremely long-term
damaging to the argument that IETF security review is a
benefit of work being done via the IETF's processes.

2. Having had that fairly fundamental error pointed out,
and given the serious amount of analysis done for TLS1.3,
and *not done* for this MitM enabler, (e.g. the >1 snooper
issue has some showstoppers IMO no matter how any MitM
capability proposal tries to tackle or avoid it) - would you
not now agree that your draft is far too far from baked to
be worth the WG's f2f time in London, even if the WG had
consensus to consider the topic, which I think we've all
acknowledged is not the case? (*)


(*) I considered not making this point - it could suit my
arguments better if the WG have a sequence of drafts like
this and draft-green to dismiss I guess but in fairness
and just in case you're now happy to withdraw your request
for a slot, I figured it worth asking, as I continue to
think that the way this topic is being mishandled is a bad
plan for all concerned.

> Russ
> _______________________________________________ TLS mailing list