Re: [IAB] IAB report to the community for IETF 103
Keith Moore <moore@network-heretics.com> Wed, 21 November 2018 13:05 UTC
Return-Path: <moore@network-heretics.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FF6F1292AD for <ietf@ietfa.amsl.com>; Wed, 21 Nov 2018 05:05:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S2ubRZP8Xw7p for <ietf@ietfa.amsl.com>; Wed, 21 Nov 2018 05:05:21 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD858128CE4 for <ietf@ietf.org>; Wed, 21 Nov 2018 05:05:20 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id C1D1621C1B; Wed, 21 Nov 2018 08:05:19 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Wed, 21 Nov 2018 08:05:19 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=8uTkjtMzvBZEFfB4783tG66kcHyGUJHbTIVHjxH+I w8=; b=of+y1TQLvDE9muyBZ+oRaMasTfUm4MwSLIhXXhXdTQPeHEhzY0OmTdcMB rYeNBHQemvidJJmsJs2/e2HxkgazuqQwtO7jXppDr67rPNOJ7U3a7kEkPkxCg5db /tCNgPHV09sM+wdZznw1WabRBz5QiZ++1m/Avqpztfm/xx0BDLTzUYRdlu8kFiHu cddajVv77ZW/SedlgTvKK1C22BWAxOsNYr/WMOnd7wqoY1w3GOUtp7cXLmi6xCnV yv9sBTD3MDprwnbcXFBYLrT+N+gxd3/1hSerxhZ2ToXBjPwhth9PHcn6WD4X+fzy SPZM5bL6XQ3OhkojFqgu3qQoL0ezQ==
X-ME-Sender: <xms:D1j1W0Ojb_VXKyHzVI_oSNYPQjavTHTFQ_nt2EJCB3wc3SNCk3FkkA>
X-ME-Proxy: <xmx:D1j1W8ItHCzExdo5udW65FVfX1Dc4YCZt40VJF8ms7wM_KqHfSUrOA> <xmx:D1j1W33ajW6T3nYMuLhOC9yveQKVicIFHeYAQiBDYMmyIq-prq5luw> <xmx:D1j1W4U6Wlp_LFI3kmW_gvYKdZaokfV5gMCn6KFz8Xn9zKzfuvuPxQ> <xmx:D1j1W1jH_sBa9DfqM50Q1OkdbfYL0NeNOp8XqUaYv9NV8YyiMser_Q> <xmx:D1j1W5tebMreBzUtkNpG8kNtnod4AuGfksB2CGjkdDGq8mlfdiHqcA> <xmx:D1j1W4P_jMGb-pI4J95ZOmXsR4nLX6aT9J2IlgEkECzY0NxdfZCvUQ>
Received: from [192.168.1.66] (108-221-180-15.lightspeed.knvltn.sbcglobal.net [108.221.180.15]) by mail.messagingengine.com (Postfix) with ESMTPA id AEE87E46B7; Wed, 21 Nov 2018 08:05:18 -0500 (EST)
Subject: Re: [IAB] IAB report to the community for IETF 103
To: ietf@ietf.org
References: <CA+9kkMDEP-JKDwcwRMT7QUs-yQi+PsuKo22mFZxB6yKTEqTuSQ@mail.gmail.com> <6.2.5.6.2.20181111093128.0bd80f60@elandnews.com> <CA+9kkMAcJSixn2-S-OwK0tojyJLQZ=mrhr4NT7OM9+ji0vb=GA@mail.gmail.com> <3a90ee88-8801-45b7-5449-da59620c4576@network-heretics.com> <8911.1542633984@localhost> <5157400F-42D3-4F2B-BFE1-94D1E1B656E4@huitema.net> <49390263-2BE7-4EA1-B732-84AA9D873A83@nohats.ca> <396690372.6606044.1542761090230@mail.yahoo.com>
From: Keith Moore <moore@network-heretics.com>
Message-ID: <ac2cb94c-c155-d6fb-a321-f18ccd4f34e1@network-heretics.com>
Date: Wed, 21 Nov 2018 08:05:17 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <396690372.6606044.1542761090230@mail.yahoo.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/3joP1HJ2sO3kGKzA0GbqcbPJObE>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Nov 2018 13:05:22 -0000
On 11/20/18 7:44 PM, Lloyd Wood wrote: >>> That belongs in the to be written RFC "ETSI extensions to TLS considered harmful". >>> Of course, we may debate whether we want to publish such RFC. > > Perhaps a more general 'Security protocols designed by any other > organisations considered harmful' is the way to go. I doubt that such a direction would enhance our reputation or that of our documents. I'd much rather see us make specific technical arguments, e.g. - If an IETF RFC cites TLS x.y, that citation only applies to TLS x.y as published by IETF, not some other *TLS published by some other organization. Just because something else is named *TLS doesn't mean it's secure or an acceptable substitute, especially when some of them have deliberately been made in such a way as to compromise the users' security. - If one party to a connection discloses the information in the connection to a third party, whether by choice or to meet some organizational or legal requirement, that's their business and IETF isn't questioning that. But intercepting the traffic at the IP layer is not a good way to implement such disclosures for several reasons - e.g. it effectively constrains the applications to only work over particular network segments, which harms the flexibility of the Internet as a general-purpose communications fabric; it discourages transparency and accountability that such record-keeping should require; etc. (It's not the record-keeping that's being questioned; it's the very notion that packet interception is a suitable way to accomplish that. Packet interception is a poor architectural choice, and yes that includes deep-inspecting firewalls and monitors.) - For similar transparency arguments a communications protocol that is designed to effectively appear as TLS to the endpoints and/or its users, but which lacks the end-to-end confidentiality properties of TLS, should be discouraged by every means available. - The introduction of TLS variants that are designed to leak private information seems likely to introduce yet another destructive tussle, as privacy-conscious users try to determine whether their hosts and applications are leaking their information, while the spooks try to evade such detection. (Yes I'm aware that some such proposals provide explicit information to their endpoints.) etc. Keith
- IAB report to the community for IETF 103 Ted Hardie
- Re: IAB report to the community for IETF 103 S Moonesamy
- Re: [IAB] IAB report to the community for IETF 103 Ted Hardie
- Re: [IAB] IAB report to the community for IETF 103 Martin Thomson
- Re: [IAB] IAB report to the community for IETF 103 S Moonesamy
- Re: [IAB] IAB report to the community for IETF 103 Randy Bush
- Re: [IAB] IAB report to the community for IETF 103 Randy Bush
- Re: [IAB] IAB report to the community for IETF 103 Christian de Larrinaga
- Re: [IAB] IAB report to the community for IETF 103 Keith Moore
- Re: [IAB] IAB report to the community for IETF 103 Michael Richardson
- Re: [IAB] IAB report to the community for IETF 103 Christian Huitema
- Re: [IAB] IAB report to the community for IETF 103 Benjamin Kaduk
- Re: [IAB] IAB report to the community for IETF 103 Michael Richardson
- "Re: [IAB] IAB report to the community for IETF 1… Stephen Farrell
- Re: "Re: [IAB] IAB report to the community for IE… Lloyd Wood
- Re: [IAB] IAB report to the community for IETF 103 Paul Wouters
- Re: [IAB] IAB report to the community for IETF 103 Keith Moore
- Re: [IAB] IAB report to the community for IETF 103 Lloyd Wood
- Re: [IAB] IAB report to the community for IETF 103 Keith Moore
- Re: [IAB] IAB report to the community for IETF 103 Ted Lemon
- Re: [IAB] IAB report to the community for IETF 103 Keith Moore
- Re: [IAB] IAB report to the community for IETF 103 Ted Lemon
- Re: [IAB] IAB report to the community for IETF 103 Keith Moore
- Re: [IAB] IAB report to the community for IETF 103 Michael Richardson
- Re: [IAB] IAB report to the community for IETF 103 Eric Rescorla
- Re: [IAB] IAB report to the community for IETF 103 Randy Bush
- Re: [IAB] IAB report to the community for IETF 103 Patrik Fältström
- Re: [IAB] IAB report to the community for IETF 103 S Moonesamy
- Re: [IAB] IAB report to the community for IETF 103 Stephen Farrell
- Re: [IAB] IAB report to the community for IETF 103 Eric Rescorla