Re: [TLS] TLS@IETF101 Agenda Posted

nalini elkins <> Wed, 14 March 2018 22:52 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 690F0124239 for <>; Wed, 14 Mar 2018 15:52:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Xi2CyivqBlNX for <>; Wed, 14 Mar 2018 15:52:56 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4001:c0b::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B88E4120713 for <>; Wed, 14 Mar 2018 15:52:56 -0700 (PDT)
Received: by with SMTP id v194-v6so6790693itb.0 for <>; Wed, 14 Mar 2018 15:52:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Y6S43vG89H0v3RHlK389HVIJl7Bfi6K7XE3Z2/qqdhg=; b=u95/qAWJ4zNX+qbGRS+H0/AbgJy1+bpdoiaegyRoN3iGBGaxsFPD5TTpCyMk6d1FsN FcIsdLaIqAr0b6FBHPoSthtP5B2o79Kvv07NZACF5H+tFkny6pTUdAM8RGzBTMcXh0+9 gCZivxnfwWeeyjmbgeDss4Ww7NMq/EduzN9/IL3DXCS7/vo0qq+XaJQcrzi7oF4Qwbnr p2OEekXSBqu5pKfG7Zw7lhIXpSJtjYH6OcmuqbX0Kgz+D9tJO69y6F0yk9lZDwwP/tXq RCC8kF1xxpsQYFGUiv/TxCYHYC7zBB9ANa9DJZZCverOhjB2V3lAu567dg3AKOj9HCOX lqqQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Y6S43vG89H0v3RHlK389HVIJl7Bfi6K7XE3Z2/qqdhg=; b=o4Z01L9R9lQd9DCaaaGYoTIQ5rIFOKkKty1GNovouGOd/sr1KMY+s6Mhs5sriGp/nh dEyM/oqWAN6rLpebkYsYUWnK1/gDknyEgT/fWf9qMT90zuiQn78CiuWwjIcB9h7+n3fe ncxPGOzRV2+fdNJjiO0D2bvFBNx/4kfePOXfvnBbu+BX2rayy9kq/kXBFWH9fW9fU5nM KUfjiVtvri4wgfUVJ0vp7WQ+PiBouhQgSqssJ7vVD5Iefi7M2f6PoP761jYP+NazC4vk YxaDkx7BGzD3A2vr6d0Xw44tmdJpanYVENOlulDeXESVpUIRp+YkCA45XiwaxKEF3sBp mWjA==
X-Gm-Message-State: AElRT7EpTNhMzjeCjETPZp526VhU8YGq5SOY2TcR22CSxtjtYmNPDJu4 vdA2115cgaMZ9cc4tfygqp8eyk93T+W+MSPVMpuRlg==
X-Google-Smtp-Source: AG47ELsE8Brh8mipYpKDfd4XcYoZ2WJOFfFLllZwiDk/O7Dz62eAZ8XeX69TjrI5eFSIbk1X65EsclpLqut6AFh+k/g=
X-Received: by 2002:a24:d356:: with SMTP id n83-v6mr3828048itg.23.1521067975767; Wed, 14 Mar 2018 15:52:55 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Wed, 14 Mar 2018 15:52:55 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
From: nalini elkins <>
Date: Wed, 14 Mar 2018 15:52:55 -0700
Message-ID: <>
To: Andrei Popov <>
Cc: Ted Lemon <>, "<>" <>
Content-Type: multipart/alternative; boundary="000000000000600ff40567673c12"
Archived-At: <>
Subject: Re: [TLS] TLS@IETF101 Agenda Posted
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 14 Mar 2018 22:52:59 -0000


In London now & back on email:

   - >> Nalini, why don't you (the consortium) define the standard, then?

> Indeed, if a “TLS13-visibility” standard has to be defined, it would make
sense for the consortium (rather than the TLS WG) to define it.

I completely disagree.   Here is why I would not prefer that route:

1.  Multiple standards are likely to diverge.

Take the case of India, we have over 700 dialects.  Many of them started
with the same root language.  It has gotten so villages 10 miles apart
cannot talk to each other.  We use English (a clearly non-native language!)
to communicate.

I could see the same happening with TLS and Consortium-TLS.   Not a happy
thought for interoperability.

2.  The TLS WG of the IETF has many of the world's experts in defining such
protocols.  The years of collective expertise is remarkable.   We want to
work with the TLS group not try to recreate it.

3.   The reason I support the enterprises and their voice in TLS is because
I am naive enough to actually believe in the IETF.  I believe that
technical truth matters.  That it is not actually the Vendor Engineering
Task Force.  That is a group of the vendors, by the vendors and for the
vendors.   I could see when this whole thing with taking away RSA was
happening that correct though it may be, it was going to cause enormous
disruption for many, many people in the commercial world.  You may not
believe it, but I am actually doing this because I really believe that we
need one set of standards that everyone can use.  I want it to be in the
TLS WG.  I want the TLS WG to be credible and succeed and I want the IETF
to succeed.  I believe that the Internet needs it.

4.  Again, believe it or not, the TLS WG needs the enterprises.  Of course,
this is all my opinion only.   These enterprises are a huge group of users
of the IETF protocols and TLS in particular.   The feedback of users is
irreplaceable.  Who are we building the protocols for if not the users?
Sure, there are multiple sets, but these are a very large group.

And, OK, maybe they don't state every need properly, let's try to help
them.   When I was designing products, I didn't expect the customer to come
up with the design for the screen or the code.  They don't have the skills
to do that.  They provide feedback and come up with requirements.  I do the
code design.

Any organism which does not take feedback is not likely to thrive in the
long term.

Again, I am asking everyone to be open to working together.


On Tue, Mar 13, 2018 at 11:27 AM, Andrei Popov <>

>    - "We" is a consortium of organizations.   I would say over 50 so
>    far.  They operate large data centers.   They are in manufacturing,
>    insurance, finance, and others.
>    - Nalini, why don't you (the consortium) define the standard, then?
> Indeed, if a “TLS13-visibility” standard has to be defined, it would make
> sense for the consortium (rather than the TLS WG) to define it.
> Cheers,
> Andrei

Nalini Elkins
Enterprise Data Center Operators