IETF Logo Mail Archive

Re: [dispatch] DISPATCH IETF 111 meeting - preliminary outcomes and draft minutes

Richard Barnes <rlb@ipv.sx> Wed, 28 July 2021 17:59 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B19E3A0C3E for <dispatch@ietfa.amsl.com>; Wed, 28 Jul 2021 10:59:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gwp5McNkvlau for <dispatch@ietfa.amsl.com>; Wed, 28 Jul 2021 10:59:24 -0700 (PDT)
Received: from mail-qt1-x834.google.com (mail-qt1-x834.google.com [IPv6:2607:f8b0:4864:20::834]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCC933A1A66 for <dispatch@ietf.org>; Wed, 28 Jul 2021 10:59:23 -0700 (PDT)
Received: by mail-qt1-x834.google.com with SMTP id d9so1957261qty.12 for <dispatch@ietf.org>; Wed, 28 Jul 2021 10:59:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9+L6PdEN/QDr2AVVnQP7nigSvU5aZAB32oBaSknr6E4=; b=FPCRJHAjCCutn2JVLWsqKe0dt0uNsn3HqeZvmgoRFDsI/jQVQOpXr0yvh8Cn2zckoJ zDwep42d8cuRXCszczLCYxocLRTq3wjUBcw1PTEZwuEHHFFv8hjBOUphAbzsrDQMB2IK CKAlVIIJxcVZ9Y3YX3q5kMzzBAXcZgnIcshgcLfMUAqKZnO4qld6kjyKi34MdmzRwEeC vTbiCjBeQrYr3InB35IrncGEfej0kkBbaBYS9ib0A+eYGpXYhJPvonb9gNfUmAZyq6nG I7q9tnrnV/nB+tWEuUaiPJG0X9diOxnkjfjHejF/jM4ncvXOQdxqiHftN06L3JJqmqaU 9FeQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9+L6PdEN/QDr2AVVnQP7nigSvU5aZAB32oBaSknr6E4=; b=bcg1P67l+MiTahtnEGSqlX1a9jphS4i/0dVUKuZhKAmIjN83fYePgvfrIAFE1zaCCb 9X4gqCNmkkNlhxhqffoyuIrF9ybJE4WJ3ewTw/6zILHmtPRYZN6qCd5HA3Z/v3W2qNYB 3fULTgq06Ro8gHzXtnHTxAQhtgqqydvo6CteM43pYLmwjtmzGU+KUR3iDq9sFY4FZsfh XnKaREB3m3J3Aq/VdHNmKYHiJEtDhOuDzbJn7mlrrEh3QK15pS1b111XVvzw+uvtK7w8 wkBI5rpIhkBPWJgi/ccX/qnHOo7FS/OT4RSbYg42HrBGvBkbKXngjZ42ySVonkBQfceb V1DA==
X-Gm-Message-State: AOAM5313NbCYcpQjp8/e96pIeYWsQBqupw39NitEw28rtZ+k+dv5/NqM kOC3CeHrdu0FTv7FrMaxARy4rXWAgOpOv3RxKb28CvG5U0g=
X-Google-Smtp-Source: ABdhPJzBm0ONa3HngYAalZCorZAg24GFFEoiJ0xy1/k48corg17ZZn7SR6KJdLvoHeKC2p1ly9C37vm12FBiUHSFC/Y=
X-Received: by 2002:ac8:6e9c:: with SMTP id c28mr748977qtv.84.1627495161313; Wed, 28 Jul 2021 10:59:21 -0700 (PDT)
MIME-Version: 1.0
References: <HE1PR0701MB30504412F0FCC7C14E2D504289E99@HE1PR0701MB3050.eurprd07.prod.outlook.com> <CAL02cgTbvk4ns8PxX_h0UuuGMUZ1g-YyuyWy=QR56RwzcHXPmQ@mail.gmail.com> <CABcZeBP2B7OHUunMiZa9a96axqO2h52XFrnbXk8x7MD=+Wz+RQ@mail.gmail.com>
In-Reply-To: <CABcZeBP2B7OHUunMiZa9a96axqO2h52XFrnbXk8x7MD=+Wz+RQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Wed, 28 Jul 2021 13:59:08 -0400
Message-ID: <CAL02cgTVkb2rrEAS9HTEs3WvWTGScYUf-yh6aHz9EKFPs0UBGQ@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, "dispatch@ietf.org" <dispatch@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f6d53f05c832be3e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/N7PK3z-HAjdeQ9eZdcwrvz-B6kw>
Subject: Re: [dispatch] DISPATCH IETF 111 meeting - preliminary outcomes and draft minutes
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jul 2021 17:59:37 -0000

On Wed, Jul 28, 2021 at 1:32 PM Eric Rescorla <ekr@rtfm.com> wrote:

>
>
>> So if folks want to make a bigger, scarier warning label to put on SDES
>> to guide people away from it, sure, fine.  But it doesn’t seem like a
>> blaring red warning light is called for.  In terms of this document, the
>> content is probably mostly OK if we reframe it in that light.  Obsoleting
>> SDES and marking it Historic, though, is over the top; it will just create
>> unnecessary consternation.
>>
>
> I'm not really following your argument here. We all agree that (1) SDES is
> bad (2) We have better alternatives in the form of DTLS-SRTP and
> (eventually) MLS-SRTP. So, precisely what harm is it doing to tell people
> that and that they shouldn't use SDES in favor of that. "consternation" is
> not a real harm.
>

We agree with regard to the future.

What are operators of existing systems using SDES supposed to take away
from this?  This is not like say the SSLv3 deprecation where we had new
data (POODLE) that changed the posture of these systems.  Systems based on
SDES are as secure / insecure as they ever were.  So what I'm worried about
is (a) the IETF looking alarmist for marking a bunch of things insecure
that are actually fine, and (b) to the degree the deprecation is taken
seriously, creating a bunch of work to upgrade from SDES to a flavor of
DTLS-SRTP that is not enough better to merit the effort.

--Richard



>
> -Ekr
>
>
>> --Richard
>>
>> On Tue, Jul 27, 2021 at 7:08 PM John Mattsson <john.mattsson=
>> 40ericsson.com@dmarc.ietf.org> wrote:
>>
>>> westhawk thp@westhawk.co.uk wrote:
>>>
>>>
>>>
>>> >> On 26 Jul 2021, at 23:30, Kirsty P <Kirsty.p=40ncsc.gov.uk@dmarc.ietf.org> <&lt;Kirsty.p=40ncsc.gov.uk@dmarc.ietf.org&gt;> >wrote:
>>>
>>> >>
>>>
>>> >> SDP Security Descriptions is NOT RECOMMENDED and Historic: consensus was >sub-optimal. There was support for revisiting the space currently standardised >by SDP, but not on direction (whether to do a deprecation with/without >replacement). Future paths suggested included: mmusic, a new WG, more work >required for it to be ready, or a BoF (said in chat) to vet the idea further.
>>>
>>> >My sense is that there was a rough consensus around a goal to make it possible >to deprecate SDES - but the required steps were unclear.
>>>
>>>
>>>
>>> Yes, looking at the Jabber log there was quite strong support for the
>>> goal of deprecating SDES:
>>>
>>>
>>>
>>> Eric Rescorla: Let's all just agree that this (Mattson's SDES) draft is
>>> a good idea and promote it to full standard toda
>>> Martin Thomson: now that I see John presenting this, I have to wonder:
>>> why didn't this deprecation happen before?
>>> Sean Turner: When Dan Wing got up and said not to use SDES in Berlin - I
>>> assumed that was that ;)
>>> Pete Resnick: Why "NOT RECOMMENDED" instead of "MUST NOT"?
>>> Sean Turner: +1 to what ekr said
>>> Rich Salz: +1 also
>>>
>>>
>>>
>>>
>>>
>>> Regarding the next required steps I agree with Pete. Let’s charter.
>>>
>>>
>>>
>>> Ben Kaduk: So is this dispatch to BoF, or straight to WG?
>>>
>>> Pete Resnick: @ben: Sounds like this discussion has done the equivalent
>>> of BoFing. Charter.
>>>
>>>
>>>
>>> Cheers,
>>>
>>> John
>>> _______________________________________________
>>> dispatch mailing list
>>> dispatch@ietf.org
>>> https://www.ietf.org/mailman/listinfo/dispatch
>>>
>> _______________________________________________
>> dispatch mailing list
>> dispatch@ietf.org
>> https://www.ietf.org/mailman/listinfo/dispatch
>>
>

v2.23.0 | Report a Bug | By Email