Replying to just a couple of bits... On 25/10/17 15:23, David A. Cooper wrote: > Similarly, the best that TLS can offer in terms of privacy is that the > contents of the communication between the two endpoints is not seen by > anyone else *unless* at least one of the two endpoints (client or > server) chooses to provide the contents of the communication to some > other entity. draft-rhrd-tls-tls13-visibility doesn't change that.
The above is nonsense. The draft in question clearly proposes fundamentally changing the feature set of TLS to include snooping as a standard, supported feature. > But, I'm tired of the abusive > and false suggestions that draft-rhrd-tls-tls13-visibility is a > "wiretapping" draft or that it is defining a "please-screw-me > extension." Abusive of what/whom? The truth or falsity of the wiretapping description is a matter for debate. (Russ' argument that these are not witetapping features is one I find to be lawyerly nit picking based on a partial reading of 2804, but I believe he does believe that.) I'm fine that you ignore that there are other opinions. I also don't really care if the proponents of snooping as a standard feature get tired to their ideas being criticised to be honest. I am, and will remain, available to offer such criticism. And FWIW, I consider the use of euphemisms like "passive" or "visibility" here to be deceptive. Perhaps not deliberately deceptive, (I'm not saying the authors of the draft are trying to deceive), but nonetheless I find such abuses of language far more irritating than the occasional bit of robustness in debate. Such euphemisms are also more long-term damaging IMO. This draft and the one before it are proposing supporting an active attacker in the middle of TLS sessions and that is how we ought be discussing this, not as some pretend passive good-natured observer capability. S.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
