Re: [TLS] ETSI releases standards for enterprise security and data centre management

Sean Turner <> Fri, 07 December 2018 15:37 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4DDCD1288EB for <>; Fri, 7 Dec 2018 07:37:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Tc84bH230O4K for <>; Fri, 7 Dec 2018 07:37:33 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::832]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1256E12DD85 for <>; Fri, 7 Dec 2018 07:37:32 -0800 (PST)
Received: by with SMTP id n21so4884336qtl.6 for <>; Fri, 07 Dec 2018 07:37:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=pUIIm1WDNdYLNi43p5pgHFPw6I8MHSxclx9sVDWY+cw=; b=RFROc+WVh0VV7mx8EjVdXCEd68bxUqK1RGljHF3Om6hDD3c9MPx8mAI1oF9cm4kEHH VDZ968LnNE+kP5+MpsEi5U0Q0BbLfD90T8v9x9I5yz8EmfE+lwUHc2KjEkddgftCMTlp x2e6dIgAaMJB5hgNTDKEPRp2c8ruVwC8gb+vY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=pUIIm1WDNdYLNi43p5pgHFPw6I8MHSxclx9sVDWY+cw=; b=lEHgt0Cv8j95RIfAVZJLkl67o7w9jbLnXdkr5YoMdQYfg5DihCZeT9bj4xIKgYa524 5IYm1B3cvqzNA3RfIviEbhblV5248esBwn8ZaRXpzWW01D2MwIS81ADp/QkEHstGRKTP XiN2RBdj1xU7mb1njJMsMiHTZL39xdIZmqds1lBigblarw1pTjSORR5uiAwu/31nuSh5 oeMx8cLJ0ExtT8Cktz7EzgJUIj+VWhM3ALvtpo6Zr+VeMRaSo4taxXnSNEZt2gB0nznQ P3WsoNSblFnlJwrZX7UeSveOK21LhwRi314qX7z6d1wD048jA7zb6bflzqhSLTdkjcdM 9iwA==
X-Gm-Message-State: AA+aEWZ84hRADeZgaaRRF6f1gWeKpDLZG+S0FaIgLvvGP2csMa31RHhL jat0tLM0kCUjXGJGm8DLmjEdNg==
X-Google-Smtp-Source: AFSGD/VcH6h0rgzKI8sIZkXPXjHKUFpHXOC+wA1gL2B/W9jNU2SSSASDe8qHA5pj1mpswuZ7pff9wQ==
X-Received: by 2002:ac8:2eeb:: with SMTP id i40mr2599083qta.300.1544197050791; Fri, 07 Dec 2018 07:37:30 -0800 (PST)
Received: from [] ([]) by with ESMTPSA id d193sm2857541qka.91.2018. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 07 Dec 2018 07:37:29 -0800 (PST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: Sean Turner <>
In-Reply-To: <>
Date: Fri, 7 Dec 2018 10:37:28 -0500
Cc: TLS Chairs <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <20181202233553.GD15561@localhost> <> <> <> <> <> <> <> <>
To: "Arnaud.Taddei.IETF" <>, "" <>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <>
Subject: Re: [TLS] ETSI releases standards for enterprise security and data centre management
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 07 Dec 2018 15:37:35 -0000

Please stand by.

The chairs (Joe, Chris, and myself) have been discussing whether this draft is in scope.  We are meeting later today to wrap up the discussion and get message out to the WG.


> On Dec 6, 2018, at 21:19, Arnaud.Taddei.IETF <>; wrote:
> I am really surprised how the answers you don't like are systematically put on denial. Can you explain me what leads you to think that some people here are not concerned by the list of people you list? this is an assumption and the wrong assumption.
> Perhaps on the contrary we are concerned BOTH by what these people endure but too by what other consistencies are basically removed rights to defend themselves.
> As to the marketing aspect frankly this is an invention here and again I don't see what allows you to paint the answers you don't like because you don't like.
> So I could on the contrary hightight the dogmatism that reins here, with a smell of intimidation, and to some degree the sectarianism back to the latin roots of the word
> Regarding Human Rights, we DO care about Human Rights too and fact is that I had the chance to make more progress in 2 hours than I did in 2 years at IET and I had the chance to contribute to a magic moment with a Chinese Organization to comply a technical solution to Human Rights requirements. You know why? Because we took the time to TALK properly to each other, understand each other, learn from each other with no intimidation and no wrong assumptions that 'because we LOOK to be on the wrong side' we are foolish people, and respect to the fact that not everyone speaks and writes a proper English and sometimes words are dangerous when we don't know exactly the semantics in the right context
> The assumption that you are the only one who cares is tiresome.
> This group was offered a chance to control the development of a 360 degree solution for all parties and it was rejected. Fine. The ETSI took it and is taking its responsibly.
> I don't know what leads you to think that a model where security resides only on the 2 ends of the communication IS the answer to all the problems.
> The recent continuous scandals that are affecting a number of platforms and destroying trust, privacy and security is leading me to think about why should I trust this model. By analogy when I see how my body defends itself against bad stuff, it is using a battery of models, not one model.
> In any negotiation you can look for what is the right battle, and those who understand that point will know that the right battle (and the one which is harder for the opposition) is on providing guarantees. This would have been a better battle to pick and would have given a chance to work more collaboratively and not by confrontation.
> Now I don't understand what leads this group to try now to block the ETSI, can someone tell me and in particular the chairs if we have a consensus here?
> Finally I am calling on the chairs of this group. It was very interesting to observe the many comments at the last IETF103 about the vile and toxic atmosphere that prevails here. I have all my time to work in these conditions but perhaps the chair could try to think about a more positive atmosphere of work.
> A bon entendeur salut
> Sent with ProtonMail Secure Email.
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Wednesday 5 December 2018 21:36, Daniel Kahn Gillmor <>; wrote:
>> On Wed 2018-12-05 20:15:08 +0900, Bret Jordan wrote:
>>>> On Dec 5, 2018, at 7:33 PM, Stephen Farrell wrote:
>>>>> On 05/12/2018 10:22, Bret Jordan wrote:
>>>>> I think we should be more open minded and look at the needs from a
>>>>> 360 degree deployment perspective.
>>>> I think we should avoid marketing speak.
>>> This is not marketing speak. This is understanding how these solutions
>>> need to be deployed end to end in all of their scenarios from
>>> consumer, to small business, to enterprise, to service provider, to
>>> content provider, to telco, etc.
>> Perhaps one of the reasons that this might across as marketing speak to
>> some people is that your list of "all their scenarios" appears to be
>> only business use cases (where the individual people involved are at
>> most consumers of business products). You haven't mentioned
>> journalists, disk jockeys, activists, flat earthers, dissidents,
>> students, medical professionals, juggalos, community organizers, gun
>> nuts, cryptozoologists, whistleblowers, LGBTQ folx, refugees, free
>> software developers, elected officials, religious minorities, senior
>> citizens, or any of the other non-business use cases that may depend on
>> TLS for confidentiality, integrity, authenticity, or any of the other
>> information security guarantees that are put at risk by proposals like
>> this.
>> One of the concerns the last time we danced this dance was that the
>> proposal claimed to be interested in one use case only: "the enterprise
>> data center", and yet offered no meaningful way to effectively limit its
>> (ab)use outside the data center. This objection was raised clearly, and
>> the proponents of the protocol change failed to address it. And now it
>> appears that instead of addressing the concern, they forum-shopped until
>> they found a place to publish the same approach without even
>> acknowledging the concern that this could have an impact beyond the data
>> center.
>> A full 360 degree view might acknowledge that doing harm to the core
>> priniciples of a security protocol that everyone relies on for the sake
>> of one particular use case out of many might not be an appropriate step
>> to take. (and that one use case might have other solutions, albeit
>> perhaps more expensive or inconveient ones for people who have already
>> made certain investments)
>> I'm pretty sure we don't want TLS to be all things to all people, right?
>> What are the core goals or guarantees of TLS that you would like to see
>> preserved?
>> --dkg
> _______________________________________________
> TLS mailing list