subject:"\[TLS\] draft\-rhrd \(Was\: Re\: Update on TLS 1.3 Middlebox Issues\)"

Re: [TLS] draft-rhrd (Was: Re: Update on TLS 1.3 Middlebox Issues)

2017-10-09 Thread Stephen Farrell

I did a bit of an update to [1].

As before PRs are welcome and I (still) wonder if the
WG would benefit from documenting bits of this stuff
as a work item to save time and repetition in future.

S.

[1] https://github.com/sftcd/tinfoil

On 08/10/17 23:35, Blumenthal, Uri - 0553 - MITLL wrote:
> +1 to Stephen.
> 
> Regards,
> Uri
> 
> Sent from my iPhone
> 
>> On Oct 8, 2017, at 18:34, Stephen Farrell  wrote:
>>
>>
>>
>>> On 08/10/17 23:22, Eric Rescorla wrote:
>>> You seem to be responding to some other thread. 
>>
>> Yep. I changed the subject line.
>>
>> Randy's substantive message however is crystal clear. And is
>> one that WG participants ought take to heart IMO. Pretending
>> that some changes to TLS would magically be limited in scope
>> to so-called "data centres" is BS. I'm really really puzzled
>> that some otherwise sensible folks appear unable to see that.
>>
>> S
>>
>>
>>> As both Adam Langley and I
>>> mentioned, none of the changes that anyone is investigating for reducing
>>> middlebox-induced breakage affect the cryptographic properties of TLS.
>>>
>>> -Ekr
>>>
>>>
 On Sun, Oct 8, 2017 at 2:42 PM, Randy Bush  wrote:

 there are a lot of us lurkers out here a bit horrified watching this wg
 go off the rails.

 it would help if vendors of devices which break privacy would stop
 speaking for 'datacenters' and let datacenters speak for themselves.  i
 have not seen any doing so.  my $dayjob has >10 medium sized datacenters
 serving everything from banks to telcos to scaled cloud services.  i can
 not find folk in our datacenter groups who see a need to break e2e
 encryption.

 if the interception proposals ensured that user is notified and able to
 prevent session interception, then i would believe this.  but if they do
 not, then let's face it, this is all about selling surveillance gear to
 snooping enterprises and repressive regiemes where people with guns take
 you away at 3am because your session was decoded.

 can we please provide real end to end privacy or call this wg something
 else?

 randy

 ___
 TLS mailing list
 TLS@ietf.org
 https://www.ietf.org/mailman/listinfo/tls

>>>
>>>
>>>
>>> ___
>>> TLS mailing list
>>> TLS@ietf.org
>>> https://www.ietf.org/mailman/listinfo/tls
>>>
>>
>> ___
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
> 

signature.asc
Description: OpenPGP digital signature
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] draft-rhrd (Was: Re: Update on TLS 1.3 Middlebox Issues)

2017-10-08 Thread Blumenthal, Uri - 0553 - MITLL

+1 to Stephen.

Regards,
Uri

Sent from my iPhone

> On Oct 8, 2017, at 18:34, Stephen Farrell  wrote:
> 
> 
> 
>> On 08/10/17 23:22, Eric Rescorla wrote:
>> You seem to be responding to some other thread. 
> 
> Yep. I changed the subject line.
> 
> Randy's substantive message however is crystal clear. And is
> one that WG participants ought take to heart IMO. Pretending
> that some changes to TLS would magically be limited in scope
> to so-called "data centres" is BS. I'm really really puzzled
> that some otherwise sensible folks appear unable to see that.
> 
> S
> 
> 
>> As both Adam Langley and I
>> mentioned, none of the changes that anyone is investigating for reducing
>> middlebox-induced breakage affect the cryptographic properties of TLS.
>> 
>> -Ekr
>> 
>> 
>>> On Sun, Oct 8, 2017 at 2:42 PM, Randy Bush  wrote:
>>> 
>>> there are a lot of us lurkers out here a bit horrified watching this wg
>>> go off the rails.
>>> 
>>> it would help if vendors of devices which break privacy would stop
>>> speaking for 'datacenters' and let datacenters speak for themselves.  i
>>> have not seen any doing so.  my $dayjob has >10 medium sized datacenters
>>> serving everything from banks to telcos to scaled cloud services.  i can
>>> not find folk in our datacenter groups who see a need to break e2e
>>> encryption.
>>> 
>>> if the interception proposals ensured that user is notified and able to
>>> prevent session interception, then i would believe this.  but if they do
>>> not, then let's face it, this is all about selling surveillance gear to
>>> snooping enterprises and repressive regiemes where people with guns take
>>> you away at 3am because your session was decoded.
>>> 
>>> can we please provide real end to end privacy or call this wg something
>>> else?
>>> 
>>> randy
>>> 
>>> ___
>>> TLS mailing list
>>> TLS@ietf.org
>>> https://www.ietf.org/mailman/listinfo/tls
>>> 
>> 
>> 
>> 
>> ___
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>> 
> 
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls


smime.p7s
Description: S/MIME cryptographic signature
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] draft-rhrd (Was: Re: Update on TLS 1.3 Middlebox Issues)

Re: [TLS] draft-rhrd (Was: Re: Update on TLS 1.3 Middlebox Issues)

2 matches

Site Navigation

Mail list logo

Footer information