IETF Logo Mail Archive

Re: rfc791 coming up to 40 years ... what to do (remember, celebrate, ...?)

Nico Williams <nico@cryptonector.com> Thu, 25 March 2021 21:39 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A13FB3A09B9 for <ietf@ietfa.amsl.com>; Thu, 25 Mar 2021 14:39:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LQa2CNizbcvV for <ietf@ietfa.amsl.com>; Thu, 25 Mar 2021 14:39:36 -0700 (PDT)
Received: from camel.birch.relay.mailchannels.net (camel.birch.relay.mailchannels.net [23.83.209.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 700743A09BB for <ietf@ietf.org>; Thu, 25 Mar 2021 14:39:35 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 4A68C1242AD; Thu, 25 Mar 2021 21:39:34 +0000 (UTC)
Received: from pdx1-sub0-mail-a42.g.dreamhost.com (100-96-11-45.trex.outbound.svc.cluster.local [100.96.11.45]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id BB3D91242B7; Thu, 25 Mar 2021 21:39:31 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a42.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by 100.96.11.45 (trex/6.1.1); Thu, 25 Mar 2021 21:39:34 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Daffy-Left: 533750543d907f42_1616708373902_2389325562
X-MC-Loop-Signature: 1616708373902:2566644563
X-MC-Ingress-Time: 1616708373902
Received: from pdx1-sub0-mail-a42.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a42.g.dreamhost.com (Postfix) with ESMTP id ABDF889235; Thu, 25 Mar 2021 14:39:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to:content-transfer-encoding; s= cryptonector.com; bh=diDsnKYgp4pQ0xOmz0yzu655JhA=; b=wHkDj/u4Z+E +XpaO72TMN+ryB5ZWBXEw2J3T31/Ra8QzKsaoIhWk+RtsAbuQvYxTJ8O0k3xmJLw FGYq8VdHvxS9s4ELO8Rpfybp7tKyXEe6HwlQak0apiHD4QhwKt1Vwfd+frPahIq7 OwErJqZgCpxgwiQH8q7Q4+p6odkwfgls=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a42.g.dreamhost.com (Postfix) with ESMTPSA id E248788DAC; Thu, 25 Mar 2021 14:39:28 -0700 (PDT)
Date: Thu, 25 Mar 2021 16:39:26 -0500
X-DH-BACKEND: pdx1-sub0-mail-a42
From: Nico Williams <nico@cryptonector.com>
To: Joseph Touch <touch@strayalpha.com>
Cc: Michael Thomas <mike@mtcc.com>, ietf@ietf.org
Subject: Re: rfc791 coming up to 40 years ... what to do (remember, celebrate, ...?)
Message-ID: <20210325213925.GY30153@localhost>
References: <CAC8QAcfLqmf8Hq22fr6SQQxGj7i9p4n0i=WG1fUBX9hnHwT55Q@mail.gmail.com> <CAMm+LwjunKat1rp9QgkmZEKrp0zUAzPDL8Mp35f6saX5dyzu7g@mail.gmail.com> <35816c08-3375-94a4-33d3-f0b2e3eca895@mtcc.com> <2119081b-c04e-2ff8-0530-11c96cc1c74f@network-heretics.com> <baa0a47f-d7b1-85f9-30a5-5eebf9becb4e@mtcc.com> <F1A84553-90BA-4E7F-9B89-7FBA9762C30F@strayalpha.com> <20210325185350.GW30153@localhost> <6920C7B2-3E00-4F9A-A185-4B701C9E0C4D@strayalpha.com> <20210325211455.GX30153@localhost> <474AD68D-E4BD-43BF-B9A0-92058C1D9297@strayalpha.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <474AD68D-E4BD-43BF-B9A0-92058C1D9297@strayalpha.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/PQX4l9kNA5ie1lFec3eDhOdnypQ>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Mar 2021 21:39:41 -0000

On Thu, Mar 25, 2021 at 02:22:51PM -0700, Joseph Touch wrote:
> Just wanted to know what we need to eventually fix…

It's water under the bridge.  Transport mode IPsec isn't going to take
off.  Among other things, having an out of band KE is not really a
selling point anymore -- everything uses TLS (or DTLS, or whatever) now
and that's that.

Doing cryptographic session protection closer to the application layer
won out, and always was going to because it's by far the most available,
portable, and flexible option for application developers.

Going back in time to make IPsec perfect from day one might not produce
a different result.

v2.23.0 | Report a Bug | By Email