Re: [98attendees] Tussle issue in plenary
"Vinicius Fortuna [vee-NEE-see.oos]" <fortuna@google.com> Fri, 31 March 2017 16:38 UTC
Return-Path: <fortuna@google.com>
X-Original-To: 98attendees@ietfa.amsl.com
Delivered-To: 98attendees@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DFB91294BF for <98attendees@ietfa.amsl.com>; Fri, 31 Mar 2017 09:38:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B-wIwGMR-Ge7 for <98attendees@ietfa.amsl.com>; Fri, 31 Mar 2017 09:38:13 -0700 (PDT)
Received: from mail-wr0-x22e.google.com (mail-wr0-x22e.google.com [IPv6:2a00:1450:400c:c0c::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6479D129474 for <98attendees@ietf.org>; Fri, 31 Mar 2017 09:38:13 -0700 (PDT)
Received: by mail-wr0-x22e.google.com with SMTP id w43so110626771wrb.0 for <98attendees@ietf.org>; Fri, 31 Mar 2017 09:38:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=NLjwgXv4f8PXAT0e5AzEhp8u6UZF3YOHBLutc3muNXY=; b=tZsiih45oM40DfxwFkf9tHwwJZuuNWj7omWOlNzATvjCoYvk8QGOo5AgxTev3NbuZ8 Tstye3G/mqyMWVEGlTH+a21x20E1voPgY1t0YKqwaMScrpeFv4O/yh1aqPWQBKS0DR/e 5XUK5DJMO6ETuozsCbBQMFJnUP1QozcVuK/U8LXDCnHWd7/nR2M7Azawo2S7kZeXBLTZ gOqRJ2wliqdg5d91W1G3oHc3fTJ+9FHkEVXeSXdLL3+NDLPYg1PBpfELhwBib3Xf9OL3 BCxbDid2K509JYSSux0/Lix4+Kqu8J3Aoc4bqcowwfPl+PeU3cLzssxRtMAhOD3kZ50s pnTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=NLjwgXv4f8PXAT0e5AzEhp8u6UZF3YOHBLutc3muNXY=; b=lHE7mb5hQi9zQFdpwY5oz/64YjcfC9suWePJmx+SfJ7y0pfNaAYh1ZK+I8Aoj/Etmw eOXJ1TOgql4P0vVkNphtaBsxTPkGIPHTZGrHr8ZSIa4QlReNPUGVeKU88kVELWzIrY37 g1xmw22LWpADo3FMOuRyFIWuFLOyMKq157FeWnFqK7a94ArKQT921Ny0rkWwKi/IfpHo UZt8Kv5UuiYH4ciaEUsoGBySjieEGHwahLe7NDdfF9ofQqHGKTYva8Jp6igzs3swIWCu ci9CuNUjjkmiYocN5KnVwhPyoSd6Iy0vrwGhodUBWf72kNtLAylGxL36MgY4wvxkF2lh tgIw==
X-Gm-Message-State: AFeK/H3KITXeU+TXOpEXCqLllYRDzuyEFubTN+RqwQuAjfkyKPaCFUHqywMsWaOwYxdds4HRc50FfiycfeEBV5Ve
X-Received: by 10.223.164.6 with SMTP id d6mr3927745wra.132.1490978291717; Fri, 31 Mar 2017 09:38:11 -0700 (PDT)
MIME-Version: 1.0
References: <tencent_4BA31A857FEA40E27003B548@qq.com> <1490942587.113767.929512208.3648B1DF@webmail.messagingengine.com> <2440f643-2a9a-f205-37be-398aa650eb58@cs.tcd.ie>
In-Reply-To: <2440f643-2a9a-f205-37be-398aa650eb58@cs.tcd.ie>
From: "Vinicius Fortuna [vee-NEE-see.oos]" <fortuna@google.com>
Date: Fri, 31 Mar 2017 16:37:59 +0000
Message-ID: <CAJVAGYgjZb_dCMZ=1KoL4Ypg5zt3WiNCKgs=mHzjH3WvVsfHJQ@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Bron Gondwana <brong@fastmail.fm>, 98attendees@ietf.org
Content-Type: multipart/alternative; boundary="f403045f1388728b39054c096ff1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/98attendees/xny-nsHC1ot7C0yOR99P_663pGw>
Subject: Re: [98attendees] Tussle issue in plenary
X-BeenThere: 98attendees@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Mailing list of IETF 98 attendees that have opted in on this list." <98attendees.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/98attendees>, <mailto:98attendees-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/98attendees/>
List-Post: <mailto:98attendees@ietf.org>
List-Help: <mailto:98attendees-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/98attendees>, <mailto:98attendees-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Mar 2017 16:38:16 -0000
If two parties want and explicit opt to add a third party to their communication, the network should allow them to do it. If we can do it without enabling undesired interception, that's a better and safer network than what we have. It enables the "tussle" that David Clark and others talk about <http://david.choffnes.com/classes/cs4700fa14/papers/tussle.pdf>. It's well known that the existing means for third-parties to add functionality to encrypted channels significantly reduces security. Examples: - https://zakird.com/papers/https_interception.pdf - https://www.ftc.gov/system/files/documents/public_comments/2016/09/00019-129028.pdf That's very different from undesired interception. Whether previous proposals were bad, that's not a reason to give up. There are so many brilliant people at IETF that I'm sure a good solution can be achieved. But that cannot happen if the attitude is to dismiss attempts without even talking. Stephen refers to previous discussions. Has any working group ever created a document that analyzes and formalizes the arguments for and against adding third-parties to private conversations? Maybe that's something that should precede any proposal to solve the problem. A statement of security and privacy requirements should help too. Vinicius Fortuna On Fri, Mar 31, 2017 at 9:39 AM Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > > On 31/03/17 07:43, Bron Gondwana wrote: > > And the idea of a TLS connection that negotiates in a third party with > > rights to watch or even alter traffic in a standard way sounds better to > > me than an interception box that terminates your connection with their > > own cert that you are required to add to your browser, and then makes an > > additional connection onwards: > > Yuk. Been debated and failed. Proposals were made and turned > out crap. We shouldn't go there. > > Please check the archives of httpbis, tls and saag for those > recurring discussions before proposing something. > > S. > > _______________________________________________ > 98attendees mailing list > 98attendees@ietf.org > https://www.ietf.org/mailman/listinfo/98attendees >
- [98attendees] Tussle issue in plenary Davey
- [98attendees] Ethics and compassion//Re: Tussle i… Xiaohong Deng
- [98attendees] Lost: Men's Ring and Bison; Found: … David C Lawrence
- Re: [98attendees] Tussle issue in plenary Bron Gondwana
- Re: [98attendees] Tussle issue in plenary Michael Richardson
- Re: [98attendees] Tussle issue in plenary Stephen Farrell
- Re: [98attendees] Tussle issue in plenary Vinicius Fortuna [vee-NEE-see.oos]
- Re: [98attendees] Tussle issue in plenary Stephane Bortzmeyer