Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00

Stephen Farrell <> Wed, 25 October 2017 21:47 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C21941390EE for <>; Wed, 25 Oct 2017 14:47:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ljnUE46SXMzm for <>; Wed, 25 Oct 2017 14:47:53 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D16B9132055 for <>; Wed, 25 Oct 2017 14:47:52 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id B2217BE58; Wed, 25 Oct 2017 22:47:50 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 38AUvigLU-8D; Wed, 25 Oct 2017 22:47:49 +0100 (IST)
Received: from [] ( []) by (Postfix) with ESMTPSA id 5CF92BE55; Wed, 25 Oct 2017 22:47:49 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=mail; t=1508968069; bh=IGIUsztTpuwHh163xWj38hDiw1qS0zwYUPGLccWAEGU=; h=Subject:To:References:From:Date:In-Reply-To:From; b=e74xDaVtA900TqFNXkBIHTavdeIiCQPXs+3pj+k3Cx2RdOHNpE+QVPVJvnFji91mq VjXpbfDUSCgnvtsoAEBQNISHFbr5x9MtUk6etZg3I+NSRdUl5Es1v8NVYQc5QXRKxt 4rmgC3ZGH4ouv/4hY0UAt2GuhjaUggJjP6MhDptQ=
To: "Ackermann, Michael" <>, "David A. Cooper" <>, "" <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <>
From: Stephen Farrell <>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <>
Date: Wed, 25 Oct 2017 22:47:48 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="qVl4V8mvI20EbKnX0XManV2ITmDovJNpM"
Archived-At: <>
Subject: Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 25 Oct 2017 21:47:55 -0000

On 25/10/17 17:11, Ackermann, Michael wrote:
> And if this is not a feature that everyone wants,  then so be it.
> But at least it was an attempt by a small number of people to try to
> find common ground and make any form of progress. 

I do not accept that there is an onus on IETF participants
to acquiesce to bad ideas in the name of finding common ground.
The IETF is not that kind of SDO (at least I hope not).

When a thing is a sufficiently bad idea, then it is not a good
plan to try meet it half-way. That is the case with the basic
idea here.

So, sorry, no - compromise is not a goal.

OTOH, investigating non-damaging means of meeting data centre
requirements that do not involve TLS is an entirely fine thing
to do IMO. (Though maybe not the oft-quoted but *never* so far
substantiated claims related to PCI;-).

I would encourage you and others to go do that. If that calls
for the development of a new multi-party security protocol
that can be used in such environments, that is also just fine
and could have other interesting uses.

One could also do work to try make it easier for sites to
evolve towards use of (closer to, but not, perfect) forward

But breaking TLS is very different to both and is not fine.