Agreed; this conversation is not going to get anything to a real WG
consensus without causing people to flee the WG. The hard sell just
makes people more and more skeptical that this is really well
intentioned. Please, let's just let this mess die. As Rich Salz has
stated previously, we should just recommend those unwilling to change
their ways immediately to stay on TLS 1.2 for a few years whilst they
transition to something less horrible that can work with TLS 1.3. And,
that less horrible thing need not suck up a billion more posts here.
Dave
On 10/20/2017 10:08 AM, Ted Lemon wrote:
On Oct 20, 2017, at 9:54 AM, Stephen Farrell <stephen.farr...@cs.tcd.ie
<mailto:stephen.farr...@cs.tcd.ie>> wrote:
I can say for myself that there was a really strong hard sell on the
notion of doing this in Prague. Not being sufficiently paranoid, my
general sympathy for people facing hard problems led me to consider what
they were proposing, but each time they came up with something, someone
with more paranoia fu than I have pointed out a hole in it. During
that period there were several periods when I was reluctantly willing to
consider some less-bad version of draft-green. This is a long way from
"want," and even a pretty long way from "support."
My personal feeling having been peeled off the herd and hard-sold like
this is that there is some really powerful motivated reasoning going on
here, and that the working group should just stop entertaining this
process. Weakening TLS is not the right way to approach the problem
that has been described here.
I hasten to add that I don't think the people doing the hard sell are
bad people, or that they didn't have good reason for trying to do it.
My point is simply that we've been collectively sucked close to a black
hole here, and we need to take a step back from it. In the same sense
that LEOs who want key escrow have good reason for wanting it and are
not bad people for wanting it, so too with the people pushing this
proposal. But like key escrow, this proposal is not beneficial for
end-users or for security as a whole.
In order for it to make sense to go forward with this proposal, two
things would have to be true that I don't think are true. First, we
would have to agree that user security is not a primary goal. And
second, we would have to agree that overall network security is not a
primary goal. Discussing the details of how much security we are
willing to give up, what attack surfaces that we could remove we are
willing to leave in, only makes sense if we are willing to drop those
two primary goals.
Watching this conversation has been a really good learning experience
for me, so I don't regret it, but I think we should stop.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
