Re: Quic: the elephant in the room
Michael Thomas <mike@mtcc.com> Sun, 11 April 2021 15:28 UTC
Return-Path: <mike@fresheez.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 080E83A10B3 for <ietf@ietfa.amsl.com>; Sun, 11 Apr 2021 08:28:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtcc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LrEPylCgwP99 for <ietf@ietfa.amsl.com>; Sun, 11 Apr 2021 08:28:45 -0700 (PDT)
Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com [IPv6:2607:f8b0:4864:20::62d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D21A3A0C02 for <ietf@ietf.org>; Sun, 11 Apr 2021 08:28:45 -0700 (PDT)
Received: by mail-pl1-x62d.google.com with SMTP id e2so706944plh.8 for <ietf@ietf.org>; Sun, 11 Apr 2021 08:28:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mtcc.com; s=fluffulence; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=ktkuSZvm6DSA/cSZfFOlqDCKsUnDVUjMCZD4fkJDVXU=; b=PdckXaHx7kjHoK00FcI7v5m9ObH8kY70UF2ciF2NteTeebXMH7sj007vgPye9Phh2w HjSpjn/Bkfijz8OD0iCAOWL8M6iYIf9GZb2BMsquawo9oixP05HTOoswjT1mXINk1bOi Vinokw5gA0FVVputf7WNri6EgTKACMObIwXrq1EEy8WGhZolUsNd/SdrV4FmNRKxWUdp 4WChxuNZD2U4CKM038cR9nRaa+kbLwdiMfulfWcoIA4Ha91IcVSrgH4Sz0qyBINyyVQ6 kxGCRQ/IQnvVzZx2Nzs0j4QmMnf5MvA4ZEp43laze8uuMw+8n8ciDqqAATX4aEaEow3p /xIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=ktkuSZvm6DSA/cSZfFOlqDCKsUnDVUjMCZD4fkJDVXU=; b=pO9rJU92ePJ4C5M+gLS1fmYffrfw+yPBU9R2AS31dCaMJF86W37YoAo0WNgcczPjkq lYQrBcUyMzF4OCASEhQzzlOaXL821MRyuOe7r4jFP8YzFkBtVnRonk8SXe7X4HuaF7ZC NoIahfCXeJyV/f6FlgzjWm617IpYWfTz1LE4Td7wUoVWA/pJOG06N9ZQegDJOJhPgJV4 3APWmCvzKOH0jaLiACUplAofg8v9z+QLr//ZtpMeqvmrcA65v0D0Tn8eKfOPlYux1vv7 eJtRYB97LpYLmVdHb0PQKFv6zp2BeuzFDeAp/tVMQfFH3aO7tUYpxsNSbzQWTP3i/Gaw nYfg==
X-Gm-Message-State: AOAM533UsTROtEQNVWxXrsozkS7mEv26s5b8AARMoy9wCOrX7bOPpjxF 8oYeSc4lL/vrBI0GsTdTC5N/JEvcDXPCkA==
X-Google-Smtp-Source: ABdhPJwJWrLrpZJoNGF95IDeSGPpq+anlatnyMu8qcQ805nvhfpaYHkeaDzOuj/8A/gOn7rjl1ZedQ==
X-Received: by 2002:a17:902:b40e:b029:e9:51e:477f with SMTP id x14-20020a170902b40eb02900e9051e477fmr22008841plr.55.1618154922993; Sun, 11 Apr 2021 08:28:42 -0700 (PDT)
Received: from mike-mac.lan (107-182-38-56.volcanocom.com. [107.182.38.56]) by smtp.gmail.com with ESMTPSA id y68sm9133025pgy.5.2021.04.11.08.28.42 for <ietf@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 11 Apr 2021 08:28:42 -0700 (PDT)
Subject: Re: Quic: the elephant in the room
To: ietf@ietf.org
References: <3b25c77d-e721-e86d-6c34-a90039aab0e2@mtcc.com> <CAMm+Lwhi8xwFgZJL7jod2g4urZt_f+dm0tNi+3y1osqOfch2mQ@mail.gmail.com> <3593a01f-73f4-7d03-a85b-dff64a8b070e@mtcc.com> <CABrd9STZXonBDvWB7Z36H2mD20Juubc01TUmEvpfWkvJggQVOQ@mail.gmail.com> <20210410175712.GF9612@localhost> <926C5F27-E011-4809-88DB-DBC9A8976D01@dukhovni.org> <20210410195048.GG9612@localhost> <bfdceabb-143b-a0ab-3041-05888e8f39f2@mtcc.com> <YHIPXIA8KUueSd+f@straasha.imrryr.org> <CAMm+LwiLkkv0wgRQQ23dwrMFm7tqDyk9DLkiu8chN68QZb-hXw@mail.gmail.com> <YHJ8kxEjV1iThlUD@straasha.imrryr.org> <CAMm+LwgPv2UK6ECOAfZW_SdZVM9qL=xCcF-rZBiKujXjDX9a1w@mail.gmail.com>
From: Michael Thomas <mike@mtcc.com>
Message-ID: <8b3fd79f-b32d-95ba-de5b-5d7ffad87cb8@mtcc.com>
Date: Sun, 11 Apr 2021 08:28:41 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.9.0
MIME-Version: 1.0
In-Reply-To: <CAMm+LwgPv2UK6ECOAfZW_SdZVM9qL=xCcF-rZBiKujXjDX9a1w@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------F38C9681CC5C90E536B5BADF"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/bDqY5UpIqynLMqFJfFn5m9Pj6qA>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Apr 2021 15:28:50 -0000
On 4/11/21 7:56 AM, Phillip Hallam-Baker wrote: > > > On Sun, Apr 11, 2021 at 12:36 AM Viktor Dukhovni > <ietf-dane@dukhovni.org <mailto:ietf-dane@dukhovni.org>> wrote: > > On Sun, Apr 11, 2021 at 12:20:28AM -0400, Phillip Hallam-Baker wrote: > > > Only VERIFYING digital signatures provides security. And nobody > knows what > > to do when DNSSEC validation fails so nobody really does it > > This is false both in premise and conclusion. I was tempted to ignore > the rest of the post, but ... > > > If nobody is ever going to check the sigs, they could simply be random > bytes. > > I had a PGP sig on some of my USENET posts for a while. Nobody ever > checked > it and nobody ever noticed it was a static sig that never changed. If Google implemented DANE in Chrome, that's who checks. It's really that simple. > To justify the deployment of a new infrastructure, I do have to show that > backporting is infeasible. I have paid particular attention to the > reason for > the failure of DNSSEC and DANE precisely because I want to understand what > the criteria are for success. My take is that the reason for lack of uptake is that they are viewed as essentially superfluous. The same thing happened to SCTP as it was painful to get kernel adoption and firing up multiple TCP streams was a good enough bandaid. Then Quic came around with the goal of greatly reducing the setup time and finally fixing HoL blocking, and also learning that external dependencies is a good route to /dev/null. Google and others are completely at liberty to finish the job with Quic by adopting DANE and finally get back to a 3 way handshake (on average or possibly always). And they don't need to ask your, my, or anybody else's opinion on the matter which is a Good Thing. Mike
- Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Stephane Bortzmeyer
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Michael Thomas
- Re: DNS vs PKI, was Quic: the elephant in the room John Levine
- Re: DNS vs PKI, was Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room David Conrad
- Re: Quic: the elephant in the room David Conrad
- Re: Quic: the elephant in the room Viktor Dukhovni
- DNSSEC architecture vs reality (was: Re: Quic: th… Keith Moore
- Re: DNSSEC architecture vs reality (was: Re: Quic… Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: DNSSEC architecture vs reality (was: Re: Quic… Viktor Dukhovni
- Re: Quic: the elephant in the room Andrew McConachie
- Re: DNSSEC architecture vs reality Keith Moore
- Re: DNSSEC architecture vs reality Petite Abeille
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: DNSSEC architecture vs reality Marco Davids
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Salz, Rich
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality John C Klensin
- Re: DNSSEC architecture vs reality Keith Moore
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Keith Moore
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality John C Klensin
- Re: DNSSEC architecture vs reality Keith Moore
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Nico Williams
- Re: new RRTYPEs, was DNSSEC architecture vs reali… John Levine
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Mark Andrews
- Re: DNSSEC architecture vs reality Petite Abeille
- Re: DNSSEC architecture vs reality Petite Abeille
- Re: DNSSEC architecture vs reality Andrew McConachie
- Re: DNSSEC architecture vs reality Patrik Fältström
- Re: DNSSEC architecture vs reality Eliot Lear
- Re: DNSSEC architecture vs reality Patrik Fältström
- Re: DNSSEC architecture vs reality Patrik Fältström
- Re: new RRTYPEs, was DNSSEC architecture vs reali… John R Levine
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Jim Fenton
- Re: DNSSEC architecture vs reality Masataka Ohta
- Re: DNSSEC architecture vs reality Petite Abeille
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Phillip Hallam-Baker
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Nico Williams
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Donald Eastlake
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Phillip Hallam-Baker
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Viktor Dukhovni
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Phillip Hallam-Baker
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Vittorio Bertola
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Phillip Hallam-Baker
- Re: Fwd: Quic: the Elephant in the Room Michael Thomas
- Fwd: Quic: the Elephant in the Room Lars Eggert
- RE: Fwd: Quic: the Elephant in the Room Vasilenko Eduard
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Phillip Hallam-Baker