Re: [tsvwg] [saag] 3rd WGLC (limited-scope): draft-ietf-tsvwg-transport-encrypt-15, closes 29 June 2020

Martin Thomson <> Tue, 30 June 2020 09:36 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3DF303A113E for <>; Tue, 30 Jun 2020 02:36:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key) header.b=LyO6n6e9; dkim=pass (2048-bit key) header.b=t8pQXvKc
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id U8Do4WGr0e30 for <>; Tue, 30 Jun 2020 02:36:33 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 068203A113C for <>; Tue, 30 Jun 2020 02:36:32 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal []) by mailout.west.internal (Postfix) with ESMTP id 3D8547B2 for <>; Tue, 30 Jun 2020 05:36:32 -0400 (EDT)
Received: from imap2 ([]) by compute2.internal (MEProxy); Tue, 30 Jun 2020 05:36:32 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=lhsV6wgFunLIL6efVnU1MczpPpgkcDk Uj2as75kPmXI=; b=LyO6n6e9EjpWFvI7hFf4aHxCrQAw0Sxw0G61Cc+iQtyewbm 7uA6pPK7H+8V7Jnhe/pQwlfhvWtoPw00/EeweqUwE6SVURhoVl0egew0Ebx1OIEw IrLNli416cSH9/PNDRaaUYgOxs5vms/aFDy7BDsmXiDS2k1i4eS68l1XaPbv6woP BF2UnLbNxVsAUi1zepw1L+fdrdO6nLCgY/dezGQssU/KsQwBdufejOYNFwgw/c0b qDqgr8EAa10FsTN/zxUKxlT6Au+feLEwtwUBXDJiyUF9CZywmakY+fe3kA3Bxobb XdKC0C7YxOn0V60rHoVouiw+u7A57WL7h0yQpXw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=lhsV6w gFunLIL6efVnU1MczpPpgkcDkUj2as75kPmXI=; b=t8pQXvKchrCAMD1HLx21QE j/7c4gDIzo+VumivZsfIHa5ZX7Ngc12SMkCQkobCosjrMQY5qqfoGyKYLDIuj9Mm YrwZS0RW3DUYcawZE1/z4qjMqiN8pngOJBHBFyC9eGSQj1i5EgL+d/MCWewu0pGo P4+z2XmJVzWQSWO4O6BLiWZnueH06JjQpwzy3AZRTVepZpFDB8bRbjDxl1DVg68i Gw221Eb1Lsv8uJytAUymIENdn7zg5S5HiJg89LiTiHkXeano3Cb7qvaZ69dbTzUO ISx10FWmqa503HEepl4aXk+Bpz7yHTFm39wgU3me7IsCqt9W5MGk3ZC+VieLtASw ==
X-ME-Sender: <xms:nwf7XnhRxgXXkds2p4-_3aTyfPY7S0bNdjBwIT59uijFhgCUJfSRrQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrvddtuddgudejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderreejnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpeehfeetudduudehtdekhf dvhfetleffudejgeejffehffevkeduiefgueevkeefleenucevlhhushhtvghrufhiiigv pedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvg ht
X-ME-Proxy: <xmx:nwf7XkCcOBXBUAwBn4YY0e4E9QUgzUkYC5I7uOr-FG7UylR7r_09Eg> <xmx:nwf7XnFf3GdIDcq5bSpa1XxbbRTZuLU7AW-Lg1cUsd9t3QiK-tAVlg> <xmx:nwf7XkSVo3Vfl43k1xgDm6tTRR6kuTsSEBjaQV-p3VXOlKxPFvhojw> <xmx:nwf7XkjQHdO-Al6ZSESrbw8msvzmoXx9HCE_De2B2pD_rbLOj8Rw-g>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 7B410E00E3; Tue, 30 Jun 2020 05:36:31 -0400 (EDT)
X-Mailer: Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-dev0-576-gfe2cd66-fm-20200629.001-gfe2cd668
Mime-Version: 1.0
Message-Id: <>
In-Reply-To: <>
References: <>
Date: Tue, 30 Jun 2020 19:36:11 +1000
From: "Martin Thomson" <>
Content-Type: text/plain
Archived-At: <>
Subject: Re: [tsvwg] =?utf-8?q?=5Bsaag=5D_3rd_WGLC_=28limited-scope=29=3A_dra?= =?utf-8?q?ft-ietf-tsvwg-transport-encrypt-15=2C_closes_29_June_2020?=
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 30 Jun 2020 09:36:34 -0000

On Tue, Jun 9, 2020, at 11:41, Black, David wrote:
>  1. Whether or not to proceed with a request for RFC publication
> of the draft. 

I think that this is in many ways vastly improved over earlier versions.  Much of the language that was more directly addressing the shortcomings.

If RFC 8517 had IETF consensus and RFC 8404 had IETF consensus, then this would clearly be a good companion to those documents.  In many ways, this is a far better document.  If you were to consider this the unabridged version of Section 2 of RFC 8558, then it's a pretty good attempt at capturing uses.  Though, like Ekr, I wonder about the distinct absence of stuff that is clearly bad, because there's a lot of that too.

However, despite having quite a reasonable introduction and conclusion, the impression the document leaves is that the use of encryption is endangering the livelihoods of a great many people and that is a bad thing.  I don't think that it is possible to avoid with a document in this form.

After reading it through (again, it's quite long), I reached the conclusion that all the trappings and disclaimers don't serve their intended end, but they tend to work against it.  By so clearly addressing the whole problem in framing, but then spending the bulk of the text on one aspect of that problem, the overwhelming impression is that there is a great deal of substance to the view that use of encryption produces harms.  After all, look at all these useful things that can't be done any more.

Instead, I think it could be better to dispense with the attempt to be balanced and simply present - without attempts to motivate, frame, or justify - the practices that are employed by intermediaries.  Including a brief diversion regarding some of the bad things, realizing that any attempt to plumb the depths of that particular rathole would never end.

Of course, that makes me even more inclined to recommend following the path RFC 8517 took.