Re: [TLS] TLS@IETF101 Agenda Posted

Stephen Farrell <> Tue, 13 March 2018 14:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B086812D868 for <>; Tue, 13 Mar 2018 07:21:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.31
X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id oefvsnz-q1Rm for <>; Tue, 13 Mar 2018 07:21:33 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B05DA1200B9 for <>; Tue, 13 Mar 2018 07:21:32 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id EE354BE56 for <>; Tue, 13 Mar 2018 14:21:29 +0000 (GMT)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5QBxOcakEo6V for <>; Tue, 13 Mar 2018 14:21:29 +0000 (GMT)
Received: from [] ( []) by (Postfix) with ESMTPSA id A0FF1BE2F for <>; Tue, 13 Mar 2018 14:21:29 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=mail; t=1520950889; bh=Z5MgQIKI7mFT8kdt8MYJifziIaLEqoCXfXMqHwer0O8=; h=Subject:References:To:From:Date:In-Reply-To:From; b=xhUWgpIKvuEO197n0ryvuLmtwGjI6vTU7Z2fA5DtFBAMTvjOwzdbJl6kDj1QNJXo6 BTXBEsqGRdO6tQ8ytVfG7sdg5lpLTEsdEXSBmBH4rUFWz1CqtMhO02OD2O7rloK6wO GUuu/uC/9SY5gavB/VQtvo9757B9bF+JYd73QX7M=
References: <> <> <> <> <> <> <>
From: Stephen Farrell <>
Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url=
Message-ID: <>
Date: Tue, 13 Mar 2018 14:21:28 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="YzXrs6zrKvKaBpu0tOOkqPj9zKigw2TJf"
Archived-At: <>
Subject: Re: [TLS] TLS@IETF101 Agenda Posted
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 13 Mar 2018 14:21:36 -0000


Just to be clear: I'm still waiting for the chairs and/or
AD to explain how the proposed discussion of this draft
is consistent with IETF processes, given the results of
the discussion in Prague (a very clear lack of consensus
to even work on this topic), and the discussion of the
-00 version of this late last year. IOW, I don't consider
my objection has been answered.

In case people haven't got all the mails from last year
at the front of their minds, I went through them for you
and have provided links and selected quotes below. Yes,
the quotes are selected but I think do indicate that the
opposition to these ideas is as before. And there were
also the usual voices in support of weakening TLS in this
manner as well - a read of the thread clearly indicates
to me that discussion of this draft in London will, as
before, be a divisive waste of time and energy.

Chairs: Please drop the agenda item, or explain how any
of this fits our process, because I'm just not getting


me, "IMO the WG shouldn't touch this terrible proposal with a

Randy Bush: "there are a lot of us lurkers out here a bit horrified
watching this wg go off the rails." (Different thread, but same topic)

Uri Blumenthal: "+1 to Stephen"

Rich Salz: "put this on hold for a year or two after TLS 1.3 is done"

Ion Larranaga Azcue, "I really don't feel confortable with the approach
taken in this draft."

Hubert Kario: "to be clear: me too" (replying about hating the idea)

Rich Salz: "I am opposed to the basic concept of injecting a third-party
into the E2E TLS process."

Florian Weimer: "I don't understand why this complicated approach is

Ben Kaduk: "I do not see any potential for a workable solution."

Uri Blumenthal: "why do we spend time discussing this draft?"

Christian Huitema: "Maybe they have found ways to manage their
applications and servers without breaking TLS..."

Ted Lemon: "I think we should stop."

Andrei Popov: "deploying a weakened configuration of TLS 1.3 (without
PFS) would not meet the intent of those future mandates/requirements."
(On "industry need")

Ben Kaduk: "The time I am spending on this thread is time that I am not
able to spend improving the TLS 1.3 document."

Dave Garrett: "Please, let's just let this mess die. "

Uri Blumenthal "I'm against weakening the protocol, since there are
other ways to accomplish the perlustrator's mission"
	Yeah, I had to look it up too:-)

Adam Caudill: "To be honest, I’m rather surprised that this group
continues to spend time on this."

Tony Arcieri, "Having worked (and presently working) for more than one
company of this nature, in the payments business no less, I would like
to restate that it's incredibly disingenuous to cite the need for
self-MitM capability as an "industry" concern."

Colm MacCárthaigh: "I don't have too strong an interest in this thread,
it's not going anywhere, and I don't mind that."

Peter Saint-Andre: "+1 to Stephen's request." (for chairs to close down
the discussion)

Cas Cremers: " I think such a mechanism should not be part of the TLS
1.3 standard."

Karthikeyan Bhargavan: "I really don’t recommend any change to the TLS
1.3 design to accomplish any of this"