Re: MLS or TLS? There is more than one encryption option.

On Fri, Nov 15, 2013 at 3:18 PM, Poul-Henning Kamp <>wrote:

> In message <CAMm+LwitCMbU5Xo_fpDfjZGkZEa9H=qgoe=
> , Phillip Hallam-Baker writes:
> >Now that we are going to be going for preventing pervasive surveillance,
> I hate to be the one to bring this up, but that is not in any way
> shape or form inside the WG charter and not even remotely close to
> any concensus I can detect.
> HTTP/2.0 should, according to common sense run on any byte-pipe, or
> as the WG charter says it, somewhat more convoluted:
>         The Working Group will produce a specification of a new
>         expression of HTTP's current semantics in ordered,
>         bi-directional streams. As with HTTP/1.x, the primary target
>         transport is TCP, but it should be possible to use other
>         transports.
>         [...]
>         Explicitly out-of-scope items include:
>         * Specifying the use of alternate transport-layer protocols.
>         Note that it is expected that the Working Group will work
>         with the TLS working group to define how the protocol is
>         used with the TLS Protocol; any revisions to RFC 2818 will
>         be done in the TLS working group.
> Your proposal may be good or bad, but it is simply not the right
> place for it.

The point of bringing it up here is because the fact this option exists has
a big impact on the rationale being given for MUST USE TLS.

Where such a scheme would be specified is secondary. The point that is
relevant to this working group is that discovering what the NSA was up to
have caused some people to assert a new set of reasons for mandating TLS.

If we rule those reasons out of scope then the fact that they are better
addressed in a different approach can also be left out of scope. But if
people are going to be making the security case for weakened TLS everywhere
then they are very relevant.

There are good reasons why everyone should use strong TLS. The problem I
have with the TLS mandate is that the reasons advanced are not considered
strong enough for mandating strong TLS and so there is pressure to weaken

I do not think that the HTTP/2.0 difficulty with bypassing legacy proxies
is sufficient to justify accepting a weak TLS

I do not think that the understanding of the pervasive surveillance use
case is mature enough to mandate any particular approach yet and certainly
must not be used to justify weakening TLS.


Received on Friday, 15 November 2013 22:25:45 UTC