Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00

Dave Garrett <davemgarrett@gmail.com> Sun, 22 October 2017 16:58 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1B5F139F3F for <tls@ietfa.amsl.com>; Sun, 22 Oct 2017 09:58:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xlj5eOnLZctJ for <tls@ietfa.amsl.com>; Sun, 22 Oct 2017 09:58:58 -0700 (PDT)
Received: from mail-qk0-x232.google.com (mail-qk0-x232.google.com [IPv6:2607:f8b0:400d:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FEB2139F37 for <tls@ietf.org>; Sun, 22 Oct 2017 09:58:58 -0700 (PDT)
Received: by mail-qk0-x232.google.com with SMTP id b15so19425028qkg.9 for <tls@ietf.org>; Sun, 22 Oct 2017 09:58:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=E+LVE5n/tH9x4IUDuCJdrIeo0n+SdBG1zEFOSJzi8P8=; b=mACeip2cKDG47dYEquKzyiKwPGnwqCeM0r1hx9Veno5Y8Il5eTeqL43yzOO8nlbChc 4+RAo4ECATzicKkbX0AsYZFEBLquyWHwL6l2M58I5+3s46WKz3xacfFW9DLWaNuc/MDu gDDFYkw285JQmzG6WU6BQejkhw0CWmAjaWTBKzcntGR3ThPmL+G4NtmajIeFcb8TrDfp K0PjjtM/2nIGjdm+l53xzHTFSc8Au30QplDaa6vNlPF6RH0GRRiI0iFIgHSBAaDr0fss Cux4q602QzBUbG08LJO4veWgclx1kPou6AqKhd9/lyOiYkBoNVeHF7cnTorjPIFHQ97M jXQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=E+LVE5n/tH9x4IUDuCJdrIeo0n+SdBG1zEFOSJzi8P8=; b=p52aQ5PjsqBtTOgomTfCATeIHOfhg+dfREgAwcT/iyZ0FXVIZmg6TXz3hc+FLFl1vg LQScM0VZnttmE1BA7Dz6pW0GbPHmqmNF2GOy0LzFRofN7e5cz3+2OfAv3QwJ7l14YrM5 ukGuLptip2ItYkFdGkmvRbtzWJqLJAd8WUrdvnPxeNXn6kl3nc93j3JbHsCqkKuiZmJq gokwcFcG9vpSFeZMlaQ8HG6WisTwwp+jT9ZyXeG3Ixht1CBwcu5AVAllBaxadXKUXAG+ 1HT4X/US+byKKkyFWZ5Yzwcj5ZgJ/YBYSPNYmKT54IVerstskQoWNY2q7JYNs0PJUt2G ZtOA==
X-Gm-Message-State: AMCzsaWT5T0EjF+6AT9JhSKzl8AMNJ+JMmRHwnLAGa144l41ormQ9U3f OrpN/ynHPAoTEEa33DxDWFM=
X-Google-Smtp-Source: ABhQp+RlWbPGMb+Afh2bVgyL29f7A14hbRmnpH61GCWMObVaRcws3ElBOH+bpGkPLEvQt/eScWYpRA==
X-Received: by 10.55.212.154 with SMTP id s26mr15532678qks.200.1508691537190; Sun, 22 Oct 2017 09:58:57 -0700 (PDT)
Received: from [192.168.1.5] (pool-72-94-149-146.phlapa.fios.verizon.net. [72.94.149.146]) by smtp.gmail.com with ESMTPSA id n23sm3489258qka.1.2017.10.22.09.58.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 22 Oct 2017 09:58:56 -0700 (PDT)
To: "tls@ietf.org" <tls@ietf.org>
References: <7E6C8F1F-D341-456B-9A48-79FA7FEC0BC1@gmail.com> <a599d6ad-54db-e525-17d6-6ea882880021@akamai.com> <71e75d23f4544735a9731c4ec3dc7048@venafi.com> <3D2E3E26-B2B9-4B04-9704-0BBEE2E2A8F7@akamai.com> <000501d348e5$1f273450$5d759cf0$@equio.com> <70837127-37AB-4132-9535-4A0EB072BA41@akamai.com> <e8417cc424fe4bf3b240416dfffd807a@venafi.com> <B11A4F30-2F87-4310-A2F0-397582E78E1D@akamai.com> <fd12a8a8c29e4c7f9e9192e1a1d972d6@venafi.com> <D2CAAA44-339E-4B41-BCE0-865C76B50E2F@akamai.com> <d76828f02fc34287a961eba21901247b@venafi.com> <56687FEC-508F-4457-83CC-7C379387240D@akamai.com> <c1c0d010293c449481f8751c3b85d6ae@venafi.com> <4167392E-07FB-46D5-9FBC-4773881BFD2C@akamai.com> <3d5a0c1aab3e4ceb85ff631f8365618f@venafi.com> <E84889BB-08B3-4A3A-AE3A-687874B16440@akamai.com> <CAPBBiVQvtQbD4j3ofpCmG63MEyRWF15VL90NOTjeNqUOiyo6xg@mail.gmail.com> <9013424B-4F6D-4185-9BFD-EC454FF80F22@akamai.com> <d18d8e26-33ef-2147-8755-4d0b86b0a45f@cs.tcd.ie> <E9573C0C-15F2-4622-B7F8-0A449A5A1F98@fugue.com>
From: Dave Garrett <davemgarrett@gmail.com>
Message-ID: <3e2c1097-3201-0b8b-77d5-14c81e732652@gmail.com>
Date: Sun, 22 Oct 2017 12:58:55 -0400
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <E9573C0C-15F2-4622-B7F8-0A449A5A1F98@fugue.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/jUqOyXs5iUT1W1fyO6PucJWOXBA>
Subject: Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Oct 2017 16:59:00 -0000

Agreed; this conversation is not going to get anything to a real WG 
consensus without causing people to flee the WG. The hard sell just 
makes people more and more skeptical that this is really well 
intentioned. Please, let's just let this mess die. As Rich Salz has 
stated previously, we should just recommend those unwilling to change 
their ways immediately to stay on TLS 1.2 for a few years whilst they 
transition to something less horrible that can work with TLS 1.3. And, 
that less horrible thing need not suck up a billion more posts here.


Dave


On 10/20/2017 10:08 AM, Ted Lemon wrote:
> On Oct 20, 2017, at 9:54 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie
> <mailto:stephen.farrell@cs.tcd.ie>> wrote:
> I can say for myself that there was a really strong hard sell on the
> notion of doing this in Prague.   Not being sufficiently paranoid, my
> general sympathy for people facing hard problems led me to consider what
> they were proposing, but each time they came up with something, someone
> with more paranoia fu than I have pointed out a hole in it.   During
> that period there were several periods when I was reluctantly willing to
> consider some less-bad version of draft-green.   This is a long way from
> "want," and even a pretty long way from "support."
>
> My personal feeling having been peeled off the herd and hard-sold like
> this is that there is some really powerful motivated reasoning going on
> here, and that the working group should just stop entertaining this
> process.   Weakening TLS is not the right way to approach the problem
> that has been described here.
>
> I hasten to add that I don't think the people doing the hard sell are
> bad people, or that they didn't have good reason for trying to do it.
> My point is simply that we've been collectively sucked close to a black
> hole here, and we need to take a step back from it.   In the same sense
> that LEOs who want key escrow have good reason for wanting it and are
> not bad people for wanting it, so too with the people pushing this
> proposal.   But like key escrow, this proposal is not beneficial for
> end-users or for security as a whole.
>
> In order for it to make sense to go forward with this proposal, two
> things would have to be true that I don't think are true.   First, we
> would have to agree that user security is not a primary goal.   And
> second, we would have to agree that overall network security is not a
> primary goal.   Discussing the details of how much security we are
> willing to give up, what attack surfaces that we could remove we are
> willing to leave in, only makes sense if we are willing to drop those
> two primary goals.
>
> Watching this conversation has been a really good learning experience
> for me, so I don't regret it, but I think we should stop.