Re: [TLS] TLS@IETF101 Agenda Posted

nalini elkins <nalini.elkins@e-dco.com> Thu, 15 March 2018 08:47 UTC

Return-Path: <nalini.elkins@e-dco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F9CD12778E for <tls@ietfa.amsl.com>; Thu, 15 Mar 2018 01:47:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=e-dco-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J0LgZFLYrdUC for <tls@ietfa.amsl.com>; Thu, 15 Mar 2018 01:47:13 -0700 (PDT)
Received: from mail-io0-x232.google.com (mail-io0-x232.google.com [IPv6:2607:f8b0:4001:c06::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D97D12D87D for <tls@ietf.org>; Thu, 15 Mar 2018 01:47:13 -0700 (PDT)
Received: by mail-io0-x232.google.com with SMTP id m22so7612136iob.12 for <tls@ietf.org>; Thu, 15 Mar 2018 01:47:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=e-dco-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=/2UZp60Vgf/1WPeRK4a8Ks9v/wwxM5lHLR2bg4JPMrc=; b=dxYCD/rnU9kxFYvdO1IrXexLN+iNSOL7RQyzU6tJgUNMS0MbCxmtmUnD8aA3qCzRzf tTN8BcHG/PwgN4L9yq7fIyXcyDnT5bZ758JkMM4FgzoWj6ltqyYItn307UDB9UFW2ZQ6 XFXvKgFVatxlKcnxkNpK/7GjWfH9eBRbu2fSP+N2a2i6d0FVEhwWMl53JCk8lhXbENd3 H0M+4NxtVTNUzlTb2xyDUTVyXx38kBnTwJ/0JbpVTD9jdWK3Ff0dZ+nKJf0QQsQiOcHD tuCHaIBJF4oBDg6RRlFC3vJfB1wXWmJIERogi4ZCU+V2xHkiw2N4ynnOk+5r/anxCjlU blGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=/2UZp60Vgf/1WPeRK4a8Ks9v/wwxM5lHLR2bg4JPMrc=; b=b3zIh1k0us7kj647CFNG1vCG87PNhrn0MpZeNgMmV0+oWDZXGK9PGPJP0m6WSjbXGT 16RKbmiTIcbubTI6bSbuywNKhS/SWxfkHnS9BQ2d9hnso08zuqmtdREe8Pv2wE8cWMnR oactisNwCLCXcE1z7oOKYst5XJ4kFo0Yit5QNRzs+NDRJLOYZFOwuytcXSpBw7epXojF AuElF4r+2esfV8iKoLR2qdAMPg90ZEtKqQDqa8XCNPcw83Jlh8SDsRaGNdMZB2f2jHrc I+nhaQykWxt3EOWKZOwX8iX9o10CpnHfAm1elaeGNVSvx57nSMCbr4uwyQETv0+m5Uvk Rx7g==
X-Gm-Message-State: AElRT7HpG6Q1eNlWRQbPKNli+BFP3uE9+B2yDI0cc0jvNO9wUPYHaxDo X6o8DCFbfTrxoGnWWZUdiR5uonNh93fNZFMH3oSvOQ==
X-Google-Smtp-Source: AG47ELtEa22tHRfnazYssNNrfxZIUelK11WGcfxBCoysiSYI0x5cMgPOiTUoyaA/Sy+sshSXaUjUrbRWKt3Cs5rxvLQ=
X-Received: by 10.107.52.146 with SMTP id b140mr7637686ioa.8.1521103632339; Thu, 15 Mar 2018 01:47:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.2.29.138 with HTTP; Thu, 15 Mar 2018 01:47:11 -0700 (PDT)
In-Reply-To: <02680005-ccc6-14b2-324e-e953beb8ee3e@cs.tcd.ie>
References: <6140B7A6-A1C7-44BC-9C65-9BE0D5E1B580@sn3rd.com> <986797a7-81b0-7874-5f39-afe83c86635b@cs.tcd.ie> <CAOgPGoBYc7O+qmjM-ptkRkE6mRsOYgc5O7Wu9pm3drFp3TVa6Q@mail.gmail.com> <d7dfdc1a-2c96-fd88-df1b-3167fe0f804b@cs.tcd.ie> <CAHbuEH7E8MhFcMt2GSngSrGxN=6bU6LD49foPC-mdoUZboH_0Q@mail.gmail.com> <1a024320-c674-6f75-ccc4-d27b75e3d017@nomountain.net> <2ed0gc.p5dcxd.31eoyz-qmf@mercury.scss.tcd.ie> <d7ec110f-2a0b-cf97-94a3-eeb5594d8c24@cs.tcd.ie> <CAOgPGoDpreyWcaLG_bMvEmMk1KvMQEGhXB+Ro+f1BKf3p_DxOA@mail.gmail.com> <4e1ab8ca-e977-7273-358b-3df3670d0ee5@cs.tcd.ie> <D1FFA72D-28B8-4435-B069-5EE1563E26B2@fugue.com> <CALZ3u+Z6DWMwKF6eoDJ2h5ABRGpeYrqZUyesnYhHP5g1d8rQ1Q@mail.gmail.com> <CAPsNn2Xtkjzkvwhmr6ZYvZ+VqjDFnnKM4QvqKVkXvt+WHZ4iJw@mail.gmail.com> <dabb224c-f679-2bf9-77f7-44c905b9887d@cs.tcd.ie> <CAPsNn2W-YQpwq_W_G0M5LZRnmN=DoG-Ufmcz-Kf-HQN_ckKSmg@mail.gmail.com> <964d23e3-fe80-f785-f3d6-aa0a3cda4470@cs.tcd.ie> <CAPsNn2Vn=7jkF=sfpm5XRFMYRj0qM-Uvfm0FtbRHVCwirOqm6Q@mail.gmail.com> <02680005-ccc6-14b2-324e-e953beb8ee3e@cs.tcd.ie>
From: nalini elkins <nalini.elkins@e-dco.com>
Date: Thu, 15 Mar 2018 01:47:11 -0700
Message-ID: <CAPsNn2WfRZx9RS8LEH_FDiseEzPSsTQrW2y8QZrKjJ+SwpT3eQ@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Artyom Gavrichenkov <ximaera@gmail.com>, "<tls@ietf.org>" <tls@ietf.org>, Benjamin Kaduk <kaduk@mit.edu>
Content-Type: multipart/alternative; boundary="001a11441cd4ac2cbd05676f8931"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/tKtxNkpVY3r-CClcdtVPnF5DpJw>
Subject: Re: [TLS] TLS@IETF101 Agenda Posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Mar 2018 08:47:16 -0000

 On 15/03/18 00:05, nalini elkins wrote:
>> There is no question of a smokey back room.

>I'm sorry to disagree so bluntly, but while I was an
>AD some of the people involved here requested that I
>meet them in private to discuss this topic before it
>had been raised on the list, and without telling me
>ahead of time who, from what "enterprises," would be
>in the room looking for what. As an AD I was always
>happy to meet folks and have quiet discussions about
>how to engage with the IETF or explore some detail of
>how to get something done, I definitely did draw a
>line well before private meetings aiming to overthrow
>established WG consensus.

>While that all might be put down to a tactical error
>in which advice to follow with whom when initially
>engaging with the IETF, from my POV it was the epitome
>of a request for a smokey-back room discussion.

>So yes, I do find that there are questions here about
>smokey back rooms indeed.

1.  With respect, I contend that you are conflating what happened then with
what I am suggesting now.

2.  Also, your description of what happened then does not match with my
memory.  We may
have an honest disagreement or recollection of events.  I believe I have
the original
email chain somewhere & can try to find it, if necessary.

My version of the events is:

1.  A couple of years ago, I was involved with some "enterprises" who felt
they had an
issue with the upcoming TLS1.3 standard.  In particular, the deprecation of
RSA.


2.   They were concerned about the reputational risk to their company of
speaking
in a public forum.   (This is a huge issue for many companies.)  Also, they
were not used to writing Internet Drafts or presenting at an IETF group.


3.  I had no experience with such a situation so I was not sure what to do
either.
My own work is in IPPM (if anyone is interested, you can look at my work
in RFC8250), so I was not involved with the TLS group very much either.
(A situation which has since been corrected.  I now am happy to know
many of you quite well.) (Still no claims to being a crypto expert, though!)

I asked a former Chair of the IETF for advice.  He suggested asking for a
session with the leadership of the TLS group under Chatham House rules.

I did so.

As I recall, I asked to have a discussion of the issues to see what we
should do.
I never asked for any consensus of the WG to be overturned.  I may be a dim
bulb but I am not a complete idiot.   I do have some idea of how things
work as
far as WG consensus.

Again, as I recall, you replied at some length about "subverting the
process".
After a few more somewhat emotional emails back and forth, where I was not
able to convey
my point adequately or to reach an understanding, I gave up on that route.

It is completely possible that I did not ask correctly or convey the right
information.
It was a new situation to me & as I say, I was not sure what to do.  I did
my best.

If needed, I can look for the original email chain.


4.  Then, I went back to these "enterprises".  They had to go all the way
to the
CEO of their company to get authority to speak publicly.   They did so at
the Chicago IETF.

And, you know what, I am going to do everything I can to help these guys.
They have a point of view that deserves to be represented.  They have
put in a huge amount of time and effort to try to present what they feel
will be a real problem for their company.  They are not doing it for any
other reason.

Again, they are not used to writing Internet drafts.  And, I am not as much
as help as I could be to them in writing drafts for TLS as that is not
where
I live, so to speak.  If this was an issue in performance metrics, I could
write the drafts for them.  But, this is TLS, so we have to get others to
help.
We have tried as much as we can to follow the process.   We are all
imperfect, we are doing our best.


5.  This issue with people being able to speak publicly is real.  It needs
to
be recognized.  Not everyone works for an academic institution or
companies which support speaking openly about network architecture
issues.

Even some of the network product vendors who are starting to speak
openly on this issue have had to talk to their CEOs before commenting.
Not everyone will go to such lengths.  They will mostly just give up.
Which is unfortunate for everyone.  Including the IETF.

I completely understand why deliberations of something as important
as TLS need to be public and in the open.  I support that.  I am just
saying that there is an important constituency for whom speaking in
an open forum is a real issue.  Frankly, this is why we formed the
"consortium".

Nalini

On Wed, Mar 14, 2018 at 5:13 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie>;
wrote:

>
>
> On 15/03/18 00:05, nalini elkins wrote:
> > There is no question of a smokey back room.
>
> I'm sorry to disagree so bluntly, but while I was an
> AD some of the people involved here requested that I
> meet them in private to discuss this topic before it
> had been raised on the list, and without telling me
> ahead of time who, from what "enterprises," would be
> in the room looking for what. As an AD I was always
> happy to meet folks and have quiet discussions about
> how to engage with the IETF or explore some detail of
> how to get something done, I definitely did draw a
> line well before private meetings aiming to overthrow
> established WG consensus.
>
> While that all might be put down to a tactical error
> in which advice to follow with whom when initially
> engaging with the IETF, from my POV it was the epitome
> of a request for a smokey-back room discussion.
>
> So yes, I do find that there are questions here about
> smokey back rooms indeed.
>
> S.
>



-- 
Thanks,
Nalini Elkins
President
Enterprise Data Center Operators
www.e-dco.com