Re: Adept Encryption: Was: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment)
Phillip Hallam-Baker <phill@hallambaker.com> Thu, 21 August 2014 12:24 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC2691A02E2 for <ietf@ietfa.amsl.com>; Thu, 21 Aug 2014 05:24:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BHXkjzVfbJ65 for <ietf@ietfa.amsl.com>; Thu, 21 Aug 2014 05:24:24 -0700 (PDT)
Received: from mail-la0-x229.google.com (mail-la0-x229.google.com [IPv6:2a00:1450:4010:c03::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B7A11A026E for <ietf@ietf.org>; Thu, 21 Aug 2014 05:24:23 -0700 (PDT)
Received: by mail-la0-f41.google.com with SMTP id s18so8593040lam.14 for <ietf@ietf.org>; Thu, 21 Aug 2014 05:24:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=XVqnlb/iZJ8JZ+IcYzvTxWNgWnt8s5BUFYd1gKUUofg=; b=iGvieidEkEcnwxBRqtUERAm0ABx5/91DdGNx7cQ4dfn5OWGJHB63FnOeN4q9TnqdKa ORS+V06XQU51qvv8Ai50l1eY3sgHP/zM4zNXADMY/9uAeCnGInfmflXutlWmPrWn66tt hxbrhZn6f+QpQxk3Gt20ExyLslEzpjRJvSzvB28k/Hdwzf9dDlU7xSic+J3vMI2ng6ED tfUYsqFPEY/SbyINHavUr/KemZ7v6fIQ83XSUplW66Ldk6aBldmDfhQL01yh7Yo7LwUJ Pdl75Hkoes5KHcYSyvxfdPJ/uKhgnrjF4syJV/VVLSWRHv5m/pju1lkLNjBh4UxzmX2+ LziQ==
MIME-Version: 1.0
X-Received: by 10.112.225.7 with SMTP id rg7mr45295751lbc.52.1408623862259; Thu, 21 Aug 2014 05:24:22 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.122.50 with HTTP; Thu, 21 Aug 2014 05:24:22 -0700 (PDT)
In-Reply-To: <53F5D303.1090400@cs.tcd.ie>
References: <CAMm+Lwh1xzaxqqnnbdgFQrR0pWknsHru8zjnjCMVjihymXtKNw@mail.gmail.com> <alpine.LFD.2.10.1408202100590.6648@bofh.nohats.ca> <53F548E5.2070208@cs.tcd.ie> <53F54F1C.1060405@dcrocker.net> <53F5D303.1090400@cs.tcd.ie>
Date: Thu, 21 Aug 2014 08:24:22 -0400
X-Google-Sender-Auth: 4bRsXuvmwTP2KAdlQx5rkTRRJF8
Message-ID: <CAMm+LwhmJpnU8E9ifA47baneGB=qjHzU_cy+wepPYLXrOhB+Pg@mail.gmail.com>
Subject: Re: Adept Encryption: Was: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment)
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/eEeVVFSHQmhdfu4b94eOIn3V-IY
Cc: Dave Crocker <dcrocker@bbiw.net>, IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Aug 2014 12:24:26 -0000
On Thu, Aug 21, 2014 at 7:07 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > Dave, > > I expect we are not going to agree on this, but that's fine. > > On 21/08/14 02:45, Dave Crocker wrote: >> On 8/20/2014 6:18 PM, Stephen Farrell wrote: >>> Personally, I think the probability that we suddenly discover any >>> significantly better term is negligible. Not because OS is >>> super-good, but rather because nothing is super-good. And >>> good-enough should be good-enough here. >> >> While there has been repeated, quick dismissal of alternative terms, I >> don't recall seeing a careful consideration of candidates, with a clear >> explanation for the choice(s) made, making clear why it is better (or >> why its deficiencies are less onerous than those of the alternatives.) > > That happened on the saag list before the start of IETF LC. > There are quite a few substantive threads on it, I think > the first goes back on March 6th this year started by PHB. [1] > > [1] https://www.ietf.org/mail-archive/web/saag/current/msg04604.html And in that message PHB presciently wrote: "There are arguments for all of these but I am just watching a presentation on 'opportunistic encryption' in DANE and I think the term is selling DANE short. DNS is an authoritative path for statements about DNS labels. Ergo authenticated DNS RRs are authenticated statements about them. DANE provides authenticated statements about security policy and keys. Ergo DANE cannot support opportunistic encryption because it is policy directed encryption (i.e. better)." With all due respect [1], I don't think this effort is helping the goal of getting encryption deployed and used. 'Pragmatic Security' is a much better term for what we should do which is to act on the best available information. We have a collection of policy inputs: * The https URI prefix means 'use http over TLS' * Presence of a DANE record means 'use TLS with key matching these criteria' * Protocol headers can be defined to mean 'use TLS' * Manual user config We have a variety of key publication mechanisms * Self signed cert ... * Extended Validation Web PKI certificate So pragmatic security means 'act on the best available intel'. Using the terms 'opportunistic security' does not help because I am not interested in opportunistic security except as a last resort. I don't expect an RFC titled 'last resort kinda rubbish security' to be giving me advice relevant to anything other than last resort situations.
- Adept Encryption: Was: [saag] DANE should be more… Phillip Hallam-Baker
- Re: Adept Encryption: Was: [saag] DANE should be … Paul Wouters
- Re: Adept Encryption: Was: [saag] DANE should be … Stephen Farrell
- Re: Adept Encryption: Was: [saag] DANE should be … Nico Williams
- Re: Adept Encryption: Was: [saag] DANE should be … Dave Crocker
- Re: Adept Encryption: Was: [saag] DANE should be … Scott Kitterman
- RE: Adept Encryption: Was: [saag] DANE should be … l.wood
- Re: Adept Encryption: Was: [saag] DANE should be … Stephen Farrell
- Re: Adept Encryption: Was: [saag] DANE should be … Phillip Hallam-Baker
- Re: Adept Encryption: Was: [saag] DANE should be … Stephen Kent
- Re: Adept Encryption: Was: [saag] DANE should be … Viktor Dukhovni
- Re: Adept Encryption: Was: [saag] DANE should be … Viktor Dukhovni
- Re: [saag] Adept Encryption: Was: DANE should be … Nico Williams
- RE: Adept Encryption: Was: [saag] DANE should be … Christian Huitema
- Re: Adept Encryption: Was: [saag] DANE should be … Nico Williams
- RE: Adept Encryption: Was: [saag] DANE should be … l.wood
- Re: [saag]: Review of: Opportunistic Security -03… Viktor Dukhovni
- Re: [saag] Adept Encryption: Was: DANE should be … Nico Williams
- RE: [saag] Adept Encryption: Was: DANE should be … l.wood
- Re: Adept Encryption: Was: [saag] DANE should be … Stephen Farrell
- Re: [saag] Is opportunistic unauthenticated encry… Viktor Dukhovni
- Re: [saag]: Review of: Opportunistic Security -03… Paul Wouters
- Re: [saag] : Review of: Opportunistic Security -0… Stephen Kent
- Re: [saag] Adept Encryption: Was: DANE should be … Stephen Kent
- RE: [saag] Is opportunistic unauthenticated encry… Bernard Aboba
- Re: [saag] Is opportunistic unauthenticated encry… Theodore Ts'o
- RE: [saag] Is opportunistic unauthenticated encry… Christian Huitema
- Re: [saag] Is opportunistic unauthenticated encry… Nico Williams
- RE: [saag] Is opportunistic unauthenticated encry… Bernard Aboba
- Re: [saag] Is opportunistic unauthenticated encry… Stephen Farrell
- RE: [saag] Is opportunistic unauthenticated encry… Bernard Aboba
- Re: [saag] Is opportunistic unauthenticated encry… Viktor Dukhovni
- Re: [saag] Is opportunistic unauthenticated encry… Stephen Farrell
- Re: [saag] Is opportunistic unauthenticated encry… Fernando Gont
- Re: Is traffic analysis really a target (was Re: … Eric Burger
- Re: Is traffic analysis really a target (was Re: … Michael StJohns
- Re: [saag] Is opportunistic unauthenticated encry… Dave Crocker
- Re: Is traffic analysis really a target (was Re: … Brian E Carpenter
- Re: [saag] Is opportunistic unauthenticated encry… joel jaeggli
- Re: [saag] Is opportunistic unauthenticated encry… Fernando Gont
- Re: [saag] Is opportunistic unauthenticated encry… joel jaeggli
- Re: [saag] Is opportunistic unauthenticated encry… Fernando Gont
- Re: Is traffic analysis really a target (was Re: … Mark Andrews
- Re: [saag] Is traffic analysis really a target (w… Henry B (Hank) Hotz, CISSP
- Re: Is traffic analysis really a target (was Re: … Ted Hardie
- RE: [saag] Is opportunistic unauthenticated encry… Hosnieh Rafiee
- Re: Is traffic analysis really a target (was Re: … Brian E Carpenter
- Re: Is traffic analysis really a target (was Re: … Nico Williams
- Re: Is traffic analysis really a target (was Re: … Eric Burger