IETF Logo Mail Archive

Re: [IAB] IAB report to the community for IETF 103

Keith Moore <moore@network-heretics.com> Wed, 21 November 2018 14:17 UTC

Return-Path: <moore@network-heretics.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E49C126CB6 for <ietf@ietfa.amsl.com>; Wed, 21 Nov 2018 06:17:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ou47bLtL0F1a for <ietf@ietfa.amsl.com>; Wed, 21 Nov 2018 06:17:35 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FDE9127133 for <ietf@ietf.org>; Wed, 21 Nov 2018 06:17:35 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 8D5D221DBB; Wed, 21 Nov 2018 09:17:34 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Wed, 21 Nov 2018 09:17:34 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=K6yNgA79vs2Y2j6+ZRAPR+LkEZbMEXT38YWYOXAQB z4=; b=eN/zIm+1YSY5S4eCAjmJjMPk8RSlnh6xbtC8hDhoLG7aZnq34vNObl4IK A+wwZieTbZ+rYImi+SD4BzPNk3ETGITWSNsFzefbWtCK9RCiooEfDaeNgnPRk31v 3ZwvmLjnNa4BEjakTqFx9zE7v3D+bKuWdbD309DYdq5yc15HyFV/pTSuX7tnMc2f UtCP/XqavVrAGQuqKGF8zn/FlYa2Q/tSTbgCPJFNo/Z3zH9ZA/5AAvpc63lVVj9Q v5DzvwP1ZQ4E3OS9B3vB3j+Ubf/4o20hPE0bKz0v1bk66HIVvCN6kFiZRxf8hn96 LtUNLaBt71UC1UYW25jssPV733FIQ==
X-ME-Sender: <xms:_Wj1W9xXZDdgu1pnGAiLC_g9o5abdbu8xRHW58U55qW4aI_TEZBemA>
X-ME-Proxy: <xmx:_Wj1W0RpHgCLaRWRtGe_0XuMA7WZOH08QA2IKmrlchw6WZ37p0RwPQ> <xmx:_Wj1WyOg13MKXDbfzvLtzUFyFuHaSUTXwHdZhgwzdjx8xmbKYU68qA> <xmx:_Wj1Wyid-c8Lu0Ud9UzvBIhuqMtMmgbvPO_kC-fdX6KMTqgbRdcmCw> <xmx:_Wj1W_nAJdncKzjo0ug855xwSC5ViABLDMjq1Q_LmpYZdULPQPsZyw> <xmx:_Wj1W-gYpace9gb8B_BrfEfV-PhCHcqIDBqBKeCISiyXohCx-Sr0Hg> <xmx:_mj1W2CLK7Je0e0US5Z13ZQvhzbyeC8QrIvu1XCve20W79u3Wg6gKA>
Received: from [29.64.130.248] (ip-66-87-152-248.nsvltn.spcsdns.net [66.87.152.248]) by mail.messagingengine.com (Postfix) with ESMTPA id 731DC103E2; Wed, 21 Nov 2018 09:17:33 -0500 (EST)
Content-Type: multipart/alternative; boundary="Apple-Mail-B784EC64-1F27-4DF3-AD72-893078E1837C"
Mime-Version: 1.0 (1.0)
Subject: Re: [IAB] IAB report to the community for IETF 103
From: Keith Moore <moore@network-heretics.com>
X-Mailer: iPhone Mail (15G77)
In-Reply-To: <CAPt1N1=HEo-CwAg6dkLqjgHrUEWf57pfqb9V3tHUsCKRmonvfA@mail.gmail.com>
Date: Wed, 21 Nov 2018 09:17:31 -0500
Cc: ietf <ietf@ietf.org>
Content-Transfer-Encoding: 7bit
Message-Id: <924E86B0-7363-4BFF-A988-105E073A7EB5@network-heretics.com>
References: <CA+9kkMDEP-JKDwcwRMT7QUs-yQi+PsuKo22mFZxB6yKTEqTuSQ@mail.gmail.com> <6.2.5.6.2.20181111093128.0bd80f60@elandnews.com> <CA+9kkMAcJSixn2-S-OwK0tojyJLQZ=mrhr4NT7OM9+ji0vb=GA@mail.gmail.com> <3a90ee88-8801-45b7-5449-da59620c4576@network-heretics.com> <8911.1542633984@localhost> <5157400F-42D3-4F2B-BFE1-94D1E1B656E4@huitema.net> <49390263-2BE7-4EA1-B732-84AA9D873A83@nohats.ca> <396690372.6606044.1542761090230@mail.yahoo.com> <ac2cb94c-c155-d6fb-a321-f18ccd4f34e1@network-heretics.com> <CAPt1N1kc=saPbipLmnMsonzVgWQv5aQ3GDWSYCOZJA-6x+_aUQ@mail.gmail.com> <119FFF2A-598E-4EE5-9E8B-75735A4AA788@network-heretics.com> <CAPt1N1=HEo-CwAg6dkLqjgHrUEWf57pfqb9V3tHUsCKRmonvfA@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/1hm7J9k_ytitmHA65MlQJSx6J2Y>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Nov 2018 14:17:38 -0000

I’m aware of course that such people exist.  But I think they have the burden of explaining for instance (a) even if there are legitimate reasons for third parties to access traffic, why having access to the physical media confers such legitimacy; and (b) why such access should not be engineered in such a way as to provide transparency and accountability.  

I also think it’s quite clear that some people who believe that there are legitimate use cases for eavesdropping are in fact the enemies of a free society and we do ourselves no credit to pretend otherwise.

Sent from my iPhone

> On Nov 21, 2018, at 9:01 AM, Ted Lemon <mellon@fugue.com> wrote:
> 
> With all due respect, Keith, whatever we may think of it, there are certainly people who think eavesdropping is a valid use case, and it doesn't actually serve our ability to talk about and possibly influence people who are on the fence about it if we pretend otherwise.
> 
>> On Wed, Nov 21, 2018 at 8:56 AM Keith Moore <moore@network-heretics.com> wrote:
>> Facilitating “eavesdropping “ is NEVER a valid use case.
>> 
>> Sent from my iPhone
>> 
>>> On Nov 21, 2018, at 8:47 AM, Ted Lemon <mellon@fugue.com> wrote:
>>> 
>>> I would suggest being more explicit:
>>> 
>>> TLS 1.3 [RFC8446] is intended to address the following use cases [cite use cases that do not include eavesdropping, and do include preventing eavesdropping and providing forward secrecy].
>>> 
>>> It has come to the attention of the IETF that ETSI has published a TLS 1.3 specification which addresses a different set of use cases [cite use cases].   We wish to point out that some of the use cases addressed by RFC8446 are not addressed by ETSI.   The ETSI specification should not be used in cases where addressing these use cases is required [give examples].   The IETF takes no position on whether the ETSI specification successfully addresses these use cases.   However, it definitely does not address the complete set of use cases addressed in RFC 8446.
>>> 
>>> Use of the TLS variant described in this ETSI specification was considered by the IETF and did not gain consensus.   As such, use of this variant is not recommended by the IETF.
>>> 
>>> I think publishing this as a very brief RFC would be quite appropriate.
>>> 
>>> 
>>>> On Wed, Nov 21, 2018 at 8:05 AM Keith Moore <moore@network-heretics.com> wrote:
>>>> On 11/20/18 7:44 PM, Lloyd Wood wrote:
>>>> 
>>>> >>> That belongs in the to be written RFC "ETSI extensions to TLS considered harmful".
>>>> >>> Of course, we may debate whether we want to publish such RFC.
>>>> >
>>>> > Perhaps a more general 'Security protocols designed by any other
>>>> > organisations considered harmful' is the way to go.
>>>> 
>>>> I doubt that such a direction would enhance our reputation or that of 
>>>> our documents.   I'd much rather see us make specific technical 
>>>> arguments, e.g.
>>>> 
>>>> - If an IETF RFC cites TLS x.y, that citation only applies to TLS x.y as 
>>>> published by IETF, not some other *TLS published by some other 
>>>> organization.   Just because something else is named *TLS doesn't mean 
>>>> it's secure or an acceptable substitute, especially when some of them 
>>>> have deliberately been made in such a way as to compromise the users' 
>>>> security.
>>>> 
>>>> - If one party to a connection discloses the information in the 
>>>> connection to a third party, whether by choice or to meet some 
>>>> organizational or legal requirement, that's their business and IETF 
>>>> isn't questioning that.  But intercepting the traffic at the IP layer is 
>>>> not a good way to implement such disclosures for several reasons - e.g. 
>>>> it effectively constrains the applications to only work over particular 
>>>> network segments, which harms the flexibility of the Internet as a 
>>>> general-purpose communications fabric; it discourages transparency and 
>>>> accountability that such record-keeping should require; etc.   (It's not 
>>>> the record-keeping that's being questioned; it's the very notion that 
>>>> packet interception is a suitable way to accomplish that.   Packet 
>>>> interception is a poor architectural choice, and yes that includes 
>>>> deep-inspecting firewalls and monitors.)
>>>> 
>>>> - For similar transparency arguments a communications protocol that is 
>>>> designed to effectively appear as TLS to the endpoints and/or its users, 
>>>> but which lacks the end-to-end confidentiality properties of TLS, should 
>>>> be discouraged by every means available.
>>>> 
>>>> - The introduction of TLS variants that are designed to leak private 
>>>> information seems likely to introduce yet another destructive tussle, as 
>>>> privacy-conscious users try to determine whether their hosts and 
>>>> applications are leaking their information, while the spooks try to 
>>>> evade such detection.   (Yes I'm aware that some such proposals provide 
>>>> explicit information to their endpoints.)
>>>> 
>>>> etc.
>>>> 
>>>> Keith
>>>> 
>>>>

v2.23.0 | Report a Bug | By Email