Re: TLS on disconnected/intermittently connected networks

Keith Moore <moore@network-heretics.com> Fri, 05 March 2021 00:53 UTC

Return-Path: <moore@network-heretics.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98B5A3A1ACE for <ietf@ietfa.amsl.com>; Thu, 4 Mar 2021 16:53:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.618
X-Spam-Level:
X-Spam-Status: No, score=-2.618 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pfOX-Y6Ne4bw for <ietf@ietfa.amsl.com>; Thu, 4 Mar 2021 16:53:54 -0800 (PST)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB33A3A1ACC for <ietf@ietf.org>; Thu, 4 Mar 2021 16:53:54 -0800 (PST)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 60EB95C00CD for <ietf@ietf.org>; Thu, 4 Mar 2021 19:53:53 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Thu, 04 Mar 2021 19:53:53 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=hWa87R pRQWM2gW1+AS8h+AACqFWjWIfeh8suI3QEYr8=; b=jFscFAbXf4EgPXkggM34ZF JGp7hrRwTEdqrURwJ6eUOfSM3Tl+amn30T16AR96Y/1urtJwvooPrU2h0xiScEMV MrK0GisocAWm+uGCzQGRtqNYd1Rh6AVefEotozq/0gw9LmoN42677kWDjNSc9nWY xFe0sLjlpe+Fn43vyZ9iaHrLvPWJWlTwcpfpm009E9RfZRc+++jTNlw2R3VaZ6SH V3cj5TkiHpVK5bTjUbz7Nmp+CnEtFc4gJG+bw2bTF2Owy0puIl7aAhcPD3pW2OMc c8v+TuOorXxfH6BkJdjEcXljsIcjlTz7QcxgGtv/m+lQAwLVEpRx8UjxkIGjSsWw ==
X-ME-Sender: <xms:IIFBYCHp5nfB0nnCM3J_pc5v5J5lLBQVctK8HttkF_Vjvvzx742q9g> <xme:IIFBYFVUU4ewTeqGaVzW138lSL8UGleOllu3Yj2sFx9i4KZGi7KnFYvj13jdx2LID QWlYtleMdukPg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledruddthedgvdehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefuvfhfhffkffgfgggjtgesrgdtre ertdefjeenucfhrhhomhepmfgvihhthhcuofhoohhrvgcuoehmohhorhgvsehnvghtfiho rhhkqdhhvghrvghtihgtshdrtghomheqnecuggftrfgrthhtvghrnhepveefteduieegtd elvddvtddufeejjeffvdefteejieeulefgtdfggedtffektedunecukfhppedutdekrddv vddurddukedtrdduheenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrih hlfhhrohhmpehmohhorhgvsehnvghtfihorhhkqdhhvghrvghtihgtshdrtghomh
X-ME-Proxy: <xmx:IIFBYFjHEFkERGiFcus_Ohp84pyWRgen4vXAnnw5-t1bKrt_iEGSCw> <xmx:IIFBYOTlgrVAq5y6JnGzf0nF9E00SsyfAFlI87bkKmBpkLy_NF4j2Q> <xmx:IIFBYAGnIUsEr4oUFs9q84JWPvV9m6DTI1fZ7GXbiLZ3nGWSXzSm4g> <xmx:IYFBYKSmAw97X6Bvl-rrJGzJKXaG2P8b0oOYgpfS-4UTLVhohZPyoA>
Received: from [192.168.1.90] (108-221-180-15.lightspeed.knvltn.sbcglobal.net [108.221.180.15]) by mail.messagingengine.com (Postfix) with ESMTPA id 7C5BF108005C for <ietf@ietf.org>; Thu, 4 Mar 2021 19:53:52 -0500 (EST)
Subject: Re: TLS on disconnected/intermittently connected networks
To: ietf@ietf.org
References: <20210302010731.GL30153@localhost> <0632b948-9ed1-f2bd-96da-9922ebb2aa60@mtcc.com> <YECpybvczdbKHvHx@puck.nether.net> <CAMm+LwiiySi5O1_WDc4-F9x1XfMFFvE-rEbc4uw+31DHJNEHEA@mail.gmail.com> <3f4db10c-dd92-354b-4fc9-6f14f4383454@network-heretics.com> <809967EB-F315-48D9-A301-73DFA4212FDE@dukhovni.org> <f9ad3bdd-3768-8c5f-a98c-73249f9a5ac3@network-heretics.com> <tsleegufxpl.fsf@suchdamage.org> <fcd8515f-5ccf-49ef-2fb5-fbbe57c6349f@network-heretics.com> <tsla6rifugq.fsf@suchdamage.org> <0c4d908f-9d27-361c-9171-29b5d86d7b8d@network-heretics.com> <fcb9da53-ad39-8d08-9757-bdbf4348ae5c@mtcc.com>
From: Keith Moore <moore@network-heretics.com>
Message-ID: <8486fc65-9080-9e27-3659-f8cf9d8439d3@network-heretics.com>
Date: Thu, 4 Mar 2021 19:53:51 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1
MIME-Version: 1.0
In-Reply-To: <fcb9da53-ad39-8d08-9757-bdbf4348ae5c@mtcc.com>
Content-Type: multipart/alternative; boundary="------------2A1C7BF4A7BECBEAC8CB6C9E"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/4IL5AWpfEg4e6FWS6VO2agU6KuM>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Mar 2021 00:53:57 -0000

[private reply]

On 3/4/21 7:51 PM, Michael Thomas wrote:
>> Glad we agree on that.  I only wrote it because lots of IETF people 
>> who might respond to this thread seem to insist that part of the 
>> right solution is for all of these networks to connect to the public 
>> Internet, perhaps through a firewall, so that they can query the 
>> public DNS, and get firmware updates and root cert updates along with 
>> those, perhaps CRLs also.
>
> Not sure who this strawman is aimed at, but if it's me you're way off 
> the mark.

Nope, not you.