IETF Logo Mail Archive

Re: [dtn] TCPCLv4 comments

"R. Atkinson" <rja.lists@gmail.com> Wed, 29 March 2017 14:02 UTC

Return-Path: <rja.lists@gmail.com>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CFBC12951B for <dtn@ietfa.amsl.com>; Wed, 29 Mar 2017 07:02:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OWwCCwEMJudb for <dtn@ietfa.amsl.com>; Wed, 29 Mar 2017 07:02:56 -0700 (PDT)
Received: from mail-it0-x243.google.com (mail-it0-x243.google.com [IPv6:2607:f8b0:4001:c0b::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68BB1129510 for <dtn@ietf.org>; Wed, 29 Mar 2017 07:02:56 -0700 (PDT)
Received: by mail-it0-x243.google.com with SMTP id e75so9941080itd.1 for <dtn@ietf.org>; Wed, 29 Mar 2017 07:02:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:date:subject:to:message-id :mime-version; bh=qHa5oxKJAHRZrjVntMHuItm1nwf3q+VM8UsgTYGsHRU=; b=s4JnvwNOF6RtkHXjI4244+fO3Vpsm93rH2TrHHhpykIVVn/cd4RpmQvnaplHQLPlh+ 2bsRd3+HioOSTjjoXS5c6+vpf90P5sR/0pbZVQCpUyQ5jYZfHX7LoOjjTVkyNP8IZFNY zQhX9Ve4P9XdweS8FHko20scM+cs7W8Bc4NiOlQwqLwdBafeEFLLEgc582YIZERomQAl nYDFVsDB215JKrEz3pqwT6fSaLAIJWAv3jKAbClEtnKwHKmfIlsCgZ7h1/Idb9FxyXA+ STFqn+fId/8tlLizVBFc0w49DPuyhkLgC+W8VtTk+S1Qhg/dCE4ad9cT7at28QuIqnlK lfKw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:date:subject:to :message-id:mime-version; bh=qHa5oxKJAHRZrjVntMHuItm1nwf3q+VM8UsgTYGsHRU=; b=dJagoUspKLVmB5os40SHw24Hpvrgd08Ecp4RfdDY++IJlxozoqE2HgCJdFWwQG7tOz J//PHq62e5Y0mynWhqgX8d2TkCqL/2cy7ljOPeYgSwd3wwfqA5Tm0qYuW65wJjF5DUFB AxvlFXzx3MpqhvX333STHXUIOSf65Aw+b0OQiGIV9Lhj5LJqvL7BB3OxK9GDfoxkTJMM T4PeY1qZM7xx5bIt8fEUlGPQ6FyAIw/ZJKXwLhrIva0/oeW9OcaB+WPvnxMQo2YQ/5yB Y/saRXbFOHGDsJpKIolJ051H6rdJiTjpBHX9BKqRJGKZS/QpIDTXLxv/5xoXRIqjjPZQ +LIg==
X-Gm-Message-State: AFeK/H349Qhj6OHLRNL4B0MrTNe5yLifOpOp8S2C2rM/qrXmtPoO0nM3U43U//MP22eLUg==
X-Received: by 10.107.200.85 with SMTP id y82mr928188iof.47.1490796175666; Wed, 29 Mar 2017 07:02:55 -0700 (PDT)
Received: from dhcp-8988.meeting.ietf.org (dhcp-8988.meeting.ietf.org. [31.133.137.136]) by smtp.gmail.com with ESMTPSA id i189sm3352668ita.23.2017.03.29.07.02.55 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 29 Mar 2017 07:02:55 -0700 (PDT)
From: "R. Atkinson" <rja.lists@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 29 Mar 2017 10:02:54 -0400
To: dtn@ietf.org
Message-Id: <B12E55E1-5073-4A3B-98A5-8F0647B96101@gmail.com>
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/QypU59RpbAHWTPZ0hfvssfF6zAQ>
Subject: Re: [dtn] TCPCLv4 comments
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Mar 2017 14:03:00 -0000

>  - I am absolutely fine with making TLS mandatory (my own use of TCPCL is to always require TLS),
> as it would simplify logic. Some may dislike this, but if it's easier for approval then I would prefer that.
> There would be no prohibition from somebody implementing a "TCPCLv4 without TLS" as a
> separate thing for closed networks.

The text quoted above is ambiguous, so I can’t figure out what it means.  


The IETF has for about 30 years now taken 2 complementary positions on security:
  A.  Security has to be specified and Security has to be “MUST implement”, so that is is available to use in all shipping products.
  B.  Security is OPTIONAL to deploy/use and this is left as a decision for the network operator or user.


The IETF generally avoids telling operators what they have to do.  Yes, we do have a growing
number of “Best Current Practice (BCP)” documents, but that is in the category of strong advice,
rather than a standards mandate.

I concur with the long-standing IETF position on security.  

So in the context of TCPCL, I believe it is very important for TLS to be “MUST implement”, 
but I object to any notion that EITHER “standards-compliant deployments” OR “interoperable
deployments” MUST deploy/user” TLS.

In short, it needs to be possible to interoperate fully - whether or not - one happens 
to *use* (“deploy”) TLS  for a particular TCPCL session.  

Yours,

Ran

v2.23.0 | Report a Bug | By Email