IETF Logo Mail Archive

Re: [E2ee] Thoughts on draft-knodel-e2ee-definition

Olaf Kolkman <kolkman@isoc.org> Thu, 04 November 2021 08:22 UTC

Return-Path: <kolkman@isoc.org>
X-Original-To: e2ee@ietfa.amsl.com
Delivered-To: e2ee@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19B513A0AAA for <e2ee@ietfa.amsl.com>; Thu, 4 Nov 2021 01:22:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=isoc.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4vmRxc6Yl6B1 for <e2ee@ietfa.amsl.com>; Thu, 4 Nov 2021 01:21:56 -0700 (PDT)
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2073.outbound.protection.outlook.com [40.107.94.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9B503A0AA9 for <e2ee@ietf.org>; Thu, 4 Nov 2021 01:21:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WptDKeNCRHO6UNF8z8v1gTdhYsapL24+B8G5gPAIcPJra7RG722kNuVHCLMUvnpOAu1RD/i5fIig+nG0dkzKEESEgIDDUJrqSlr57AuQTb9OYdfX9539/y8Rq2KFpoAdh/0MWShojveo9WNbe8rPVupON3Y6AJ1AJDQ3iFNFdzpcd7yvCWqoH0G89F4F6ZKEYX35pVLX8hXIXVmhcs1yzxeJGzSzaDSgePlhFbbFC2dJTz6yzic1+oAUIE7lMqO1pE2kyrMOFc92gpwluDcSKXFNTCaMOfWWNWDbURgBOEQsE0pNISK0yXjc9xypgeCtAP/fB1cXdj72vo47mjOVUA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bWvfkJlUw1sOl5aiRv/h4bNkC4ID8MdUSfQJkrp326w=; b=RHydE94tUtV+cH6zo+wgenNg0uRCuPJhrzoCuclu74XZxUOAtIZqyF+QwoB6ud72E7QgQ9BOCmMiDv35Xa5p9TqLciibschOtTJ31fuHaSfIidxsOAW2XdHCR6C6uKwUGVqW4pyvFPBNUZmIIY6QdLeXexYMHZbhaj38R3e4oKB1py7CukYmgJ9wybxY9epQ7LSqHPDClJ6iPkYydtrr+F5rcZ9HTaveRfcVcQNX4nTQr2J5/5lPdTGHbEggu6sQ/Wfe0tj5wFCquXkOQtA9tW96Ws/AMvVuG8BLXTHK0fj69W3eRb6cjD+t/2n7742ijwSgyDrUQujaE3Q5zNrxLA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=isoc.org; dmarc=pass action=none header.from=isoc.org; dkim=pass header.d=isoc.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isoc.org; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bWvfkJlUw1sOl5aiRv/h4bNkC4ID8MdUSfQJkrp326w=; b=QP5MA1yG/8qVs4kbQmg4IcAtQQShcC95A9QUlzKB4lwXBIGlQJuiNIItw0tFyO8QOX3C6Y5wXl3VslzlPR+eB1UclpQ0BS9HiBR6ERfoTtM8xl23VZ8jmdtOjwofYlubliU1roPxIuOJeLP+Lc0Wvk+cgL9MI2oKW5TSrQTOsm0=
Authentication-Results: cdt.org; dkim=none (message not signed) header.d=none;cdt.org; dmarc=none action=none header.from=isoc.org;
Received: from BY3PR06MB7955.namprd06.prod.outlook.com (2603:10b6:a03:3b6::7) by SJ0PR06MB7863.namprd06.prod.outlook.com (2603:10b6:a03:399::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4649.19; Thu, 4 Nov 2021 08:21:53 +0000
Received: from BY3PR06MB7955.namprd06.prod.outlook.com ([fe80::c32:56b9:d50f:4209]) by BY3PR06MB7955.namprd06.prod.outlook.com ([fe80::c32:56b9:d50f:4209%5]) with mapi id 15.20.4669.011; Thu, 4 Nov 2021 08:21:53 +0000
From: Olaf Kolkman <kolkman@isoc.org>
To: Mallory Knodel <mknodel@cdt.org>
Cc: Adrian Farrel <adrian@olddog.co.uk>, e2ee@ietf.org
Date: Thu, 04 Nov 2021 09:21:43 +0100
X-Mailer: MailMate (1.13.2r5673)
Message-ID: <3113AFC2-7D2F-4A4B-B1D0-47C9AF29CBAF@isoc.org>
In-Reply-To: <AF2E748D-00FC-4627-85B3-A45DBE910814@isoc.org>
References: <0311a1ff-8ff9-d50f-db51-b6a4ca5e521c@cdt.org> <82e7cf51-e53c-f01f-ffc3-db4d8197032a@cdt.org> <AF2E748D-00FC-4627-85B3-A45DBE910814@isoc.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: HE1PR09CA0056.eurprd09.prod.outlook.com (2603:10a6:7:3c::24) To BY3PR06MB7955.namprd06.prod.outlook.com (2603:10b6:a03:3b6::7)
MIME-Version: 1.0
Received: from [10.13.13.5] (185.238.128.91) by HE1PR09CA0056.eurprd09.prod.outlook.com (2603:10a6:7:3c::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4669.10 via Frontend Transport; Thu, 4 Nov 2021 08:21:51 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 394c714f-8e73-440a-640a-08d99f6c283b
X-MS-TrafficTypeDiagnostic: SJ0PR06MB7863:
X-Microsoft-Antispam-PRVS: <SJ0PR06MB786314D0D780B9964C93FD1AD98D9@SJ0PR06MB7863.namprd06.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: i95y4oDR67hI7+Pxim9fcW4lypHY1Q4KtcTWqS+UX25N8oyurNY8awaC6EssUJjoEI6+jodRAM0n8LIkkAKVz8mXoNrPF/V7UDVPQbaBs8zTkN2ChHIKCGR84DB3ih07gRrnoGikl0MLMiyIj1+xE4FGrtdOxM+YwTzu+95ltE/6CM1Q5iRyC32KxeU3RIRo8KsJQlPABkLIAXZV8Wk2oVQQT+EQt2tJTQVLY+ylAC3bzNq7cY6f9WkyjD0tkTRFepdppVT/aeAnL1/XA+Gj5J0qBvsmLmzbAK1DAm0c5KPWUZJa5TG9NvQAtZDR/65igrzd7KdmzeLmZMwAGJ4ua6fKohho0YL+oGZtsNaHk+NwJcGQYizvNNNKtcnCwhLbQpqI9Vcqv1rdYCZcjICzqbX1xJYw5VUFH5fPgeYi24ssJjxaPOS8wOzG5nLCZrrDfN3oeM3A6hEYiAtPYGUoXIf95cAgri+ySoMx7WHXWwl87JoZ6fl8eC9S7K9l+fbuAOY07sh/8j0/wcXrJ90h1FLgwE/o1hmkdIjQO7agEL7UAejqp3RZ6/5VzAmRTfXteRh/7+nRPe0qQ04YNQjH79BQIRFkuCiHHBhu91Py2CGmsLmF4649d4bkDoFxU8obDsuNPev1IFzeTkdQxAAMkuEWUyEAIVU9t3mbjQ6EaxnP78xfV4fUlRzwvZ73Q8DVlMJbL6QqFiV+7f9eG9Hrf7ed3/BKpYQ9KwFNGQLZkarJyWyOHcc/syVA42sc962W
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY3PR06MB7955.namprd06.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(33656002)(956004)(2616005)(66556008)(36756003)(53546011)(6666004)(66574015)(66946007)(66476007)(316002)(16576012)(52116002)(4326008)(38100700002)(8936002)(26005)(508600001)(6486002)(8676002)(186003)(5660300002)(83380400001)(6916009)(38350700002)(2906002)(86362001)(45980500001); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: oVy0g2JdnUqTjLZDBkEaUEuVMxVd+7U8nqm9R8n00OrgZD4iwYjVJmslnWEeM9+yvzIRGPfqySc6D7vSok1bIqskmMpTEKn8/mzg9rG6+4tQySnBQ0TqWrsnAPyTw4eNsrAEil/vg4aFcy8FExxWu32IzcSSYDlsP/u6V7Gi2qUrtK9K55Zhx+krqGrv1b004hGJloEyVkSSvYDRHdQJwgz6qcLAk3cPVIFpVXjr4TFz8FQznWPHXfhci+I2/aVqfqONnDlZQ1h1koWX+YedQLnB9cVoWAqtp/ix4exwWhVVCg3j/XZf0SEkBniiXBV7EqbYqppCRyK2OQ8JIdRXH4Bqb5GYygptl6Ib2zEqoJoy7qQDvMlAnOxlfS1LMlCzIs5CjJyE8vJnDlEv3KMyUtMmAduuiTuMbzJFt5C1L1M45a+6LaADu0QTGz6agiAJG4mqtpb4gX+Wx+gmb8lMgeSyOIIAdFTxHR+pfPnVFyeP+CNbO+NkWpc658ZwnIcI8qITFInAygye2JV7TEb3PYco2xUbYP0mouU1KtpP2p0scqOusivsIVeETbOM3azjsz4gmfj42Lpz1ocVGV6Ut7gF0Gj/3LWG0NC4UOwBz1kz6R0J+XT18d44KWiSVrpQAGLLDINMX7I2F5EcvuZHozjdNZMlXHHzP/kLBnPH18ybwSraAME/RHHdEH0kCartWiH64rEX2kncjLW4sqzANGO55kOJ6a2fxvvhCVeYp8N/PMNoyCCbCtf7TI8VgcP9/SlGOEpo00v8VFXzpK1wdeXBlsyWdOrNo3jEtC6tID02X0LWjfYvYrpb5mW0iMQUvbfa6XPXHAPKWaDmgmJsckEsGDe+jjwSglNLU3U6tkncZC35ElZDlUmugE81d8iUszPbe3Nuk3HpkBQPNsji9d2qUeayWZzuGBw2zWdXsCXHRAaK+A7/PbMPg5eKx+VUpLSpscgh/YT+WtXQCBuvUjmM+ABFdXJvKrBYRbWVzkkR8xryBzfK9JANl0Aeux9UjHdwlFOCwgAtRLBn2oY8lCAMCsM1yX+odvjkqoo7SnQ0YsrtTvZJR/jyjPim9xbC6utk38IQZxi2MDEAsCnBkRRI8+UNckNUY7s7BgiDHXvsLGuux8pWuct09uyF2YxXMYmQyQKYh+RYuW6SwfTzAwwkee6lM++AZNmg+I9QBgbyoCYGcQtUiFrekc590XfjY1/mUlGUY51PJ/sVOPC0lsqNnF5yhgBfuXxFnMNiBCBSJPZf+n2E38VNIyZ2mc2g2p+WV3w8QgttXt5ZkFT3mJkbkRT94PQKfh48GO0R6o5US6iN2eMHZfGb6ym/yPNvy/AsiQWn+NuzEHb1xkx3dJ7ikHtSRYtZE/7qL60YVkSbbNdgtfT50o94PcTvBS0RPy8n20Khc2UI/RjXC5YqooXDhov3sPjUuJzm/Oou9BpaIFJ5139chsD6oCn9qwXrZHNdrZ7gqyRohB+HdZ+fiweKU20BG3RIkJpBJGf4t3l5hPFVJxrt8e4pkAptp48bC7dh95km6svwF7DgkwIS7NWqoAV1B64CFoadDz+ZuO8WPrmr2qZEv5Lc3o/MVpEKDu7qWCj8vCXRh0JawLr00gdNBZcYoAi0lg/AXccAI6Y=
X-OriginatorOrg: isoc.org
X-MS-Exchange-CrossTenant-Network-Message-Id: 394c714f-8e73-440a-640a-08d99f6c283b
X-MS-Exchange-CrossTenant-AuthSource: BY3PR06MB7955.namprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Nov 2021 08:21:53.2191 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 89f84dfb-7285-4810-bc4d-8b9b5794554f
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: nA9GTT2mxgB4FD6umAhsvqVJ9vHoL/sIBxkwLoEPesGRUOHkLeqDz1Wz47ZrHD8SkPuKvQu7vjWLF9nfBH9Hew==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR06MB7863
Archived-At: <https://mailarchive.ietf.org/arch/msg/e2ee/nWnbNTiqBPYYasSDarRgPIfV6O8>
Subject: Re: [E2ee] Thoughts on draft-knodel-e2ee-definition
X-BeenThere: e2ee@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of the definition of end-to-end encryption." <e2ee.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/e2ee>, <mailto:e2ee-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/e2ee/>
List-Post: <mailto:e2ee@ietf.org>
List-Help: <mailto:e2ee-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/e2ee>, <mailto:e2ee-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Nov 2021 08:22:00 -0000


> On 19 Oct 2021, at 17:35, Mallory Knodel wrote:
>
> […]
>>> 2. You are, I think, missing the concept of tunnels. Tunnels have 
>>> ends.
>>> Tunnels are used to carry trusted traffic over untrusted 
>>> environments.
>>> Tunnels have "users" that are normally processes. Encryption on 
>>> tunnels is
>>> hugely important to how the Internet works. Now, that may not be 
>>> what you
>>> want to talk about in your document, and that's OK, but the feel 
>>> (partly by
>>> you talking about end-to-end, and partly by the long preamble about 
>>> BGP in
>>> 2.1) is that it is in scope.
>>
>> Wondering if Fred or Olaf could jump in? I think I would say tunnels 
>> are indeed out of scope because it's transport encryption, but you're 
>> right that we talk about BGP. It's only in an attempt to elucidate 
>> the end point and e2e principle.
>>
>> Thoughts from my co-authors on squaring this circle?
>>
>
> I think you can reference tunnels in section 2.2 as a negative 
> example.
>
> For instance (addition in italic)
>
> These end points may then be considered acceptable sub-identities 
> provided that no path between the end identity and sub-identity is 
> accessible by any third party.  _For instance, the common VPN business 
> model whereby a TLS or an IPsec tunnel terminates at a VPN service 
> provider from which the traffic is then forwarded to its destination 
> does not qualify_.
>

Maybe add that the path between the VPN termination point and the final 
destination is accessible to third parties - that is the point I want to 
make. There is of course a tension in this example that the VPN service 
itself (or any other partial tunnel) does satisfy the expectations.

—Olaf

v2.23.0 | Report a Bug | By Email