IETF Logo Mail Archive

Re: [Tsv-art] game over, EH [Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06]

Eric Rescorla <ekr@rtfm.com> Fri, 07 December 2018 13:02 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32623128D68 for <ietf@ietfa.amsl.com>; Fri, 7 Dec 2018 05:02:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.358
X-Spam-Level:
X-Spam-Status: No, score=-3.358 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NoFgBZMP_ZML for <ietf@ietfa.amsl.com>; Fri, 7 Dec 2018 05:02:57 -0800 (PST)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0620712D4F1 for <ietf@ietf.org>; Fri, 7 Dec 2018 05:02:55 -0800 (PST)
Received: by mail-lj1-x22d.google.com with SMTP id 83-v6so3468700ljf.10 for <ietf@ietf.org>; Fri, 07 Dec 2018 05:02:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=AHh9o6qH8rx1HdF8tHV7hLMjbEMhz6/faR8iGtDE5GA=; b=CqqEXi2azI3Hxm8mV8b9bYm0oNcTSlf+hxSTzG7CbUSJEg0shvpiKOHpZoCR+IW6jX 3fM2fEfLSX5WJqBOeL/nTNWpDN1LgqglES4WsF1GyZxs4d+3XYlZPBVrBLniq6GtMhX+ VVLfn1gLE8cx1OVh/uYF7jx7gHKvn707fLK2oeueSmqM9qV81wa+W8V/fTLe1BxiELVu +QIbrkPZO7jQr+VTTvXC1YGaEWl1TR0zwRIHE+vMG+7Vvz7cSHYrF/kUeJH5w1Rvk33/ 2V5ALSrlzrrhop5+5IczPMCSMdmD577ag01BQXPOKtORHYlU6C0aA50jKLmNVCTZQGrG J8OA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=AHh9o6qH8rx1HdF8tHV7hLMjbEMhz6/faR8iGtDE5GA=; b=Dv/RPiE3TC9s3ZHOPCjciR7HlqWRAhmg4DvFhaD9e1HGOh3OAXmW0j9cPJpGDolt0G yhecxN884LmBsittzazdGRbL7YvasFMFXG4AJaZ0A+uIb8+2x2/DE/TE4b9MSXK9PUPl BnCabFKNHmTKSgIn7BVnIuyIdMAEhzpifktepArZOfWTbIehTwiXgj9KNaGaFwAR+f5d 5URnMkWG9iwweLYSdRZ3/264tiMXrRbU00PZ/u+EZUQdlCNa0F27kt5EpxCM1epBdflq HQGu6fQx4+mO7jQjbpALePsUF+Yvn7L8xU1BuKqonVNjQpEH+QcY/rMQZq5qQAE4Z0mf RlGA==
X-Gm-Message-State: AA+aEWa68ocKAjg+r+YU5E12GyXCciNkMMIlO9PrJRz0qE1FGbCHO8ZT 7ByqrLf0ULJKb0/im0heSL/Cr59QkF+egXNj+S6ZDw==
X-Google-Smtp-Source: AFSGD/Xx4y8FygJJhi4qdvc9Wnmn386133oySDNtKM1D8GqKLwdUa4b1l89RFYdgDJml5R2NqG+txfEJQBieGmzaKXM=
X-Received: by 2002:a2e:2d11:: with SMTP id t17-v6mr1289155ljt.159.1544187773077; Fri, 07 Dec 2018 05:02:53 -0800 (PST)
MIME-Version: 1.0
References: <CACL_3VGeJPzDhS0RVAvpQs9W8b4EODft-qJRwBD6Xxm+X6BZ6A@mail.gmail.com> <CAL9jLabK0bZz2nki=oFNHT0OrpVAB8pw7emAj2BtkHRCzkfmqQ@mail.gmail.com> <cf64abbf-e447-71e3-b983-4e525cc139aa@gmail.com> <CAL9jLaYMRDGFa7Qzj4ukRV1FPbJM40qbuZ34SYxoA30Z+h3EWw@mail.gmail.com> <20181205085227.GG1543@Space.Net> <9ba948f9-f286-1016-2dbd-f7056a15e744@gmail.com> <74d89efc-bfba-6e54-ebb2-d688e45b139f@gmail.com> <20181206125726.GG1543@Space.Net> <d078ea0f-3c2c-f782-4c1a-b54c463b48ce@gmail.com> <CAKKJt-eNCeV4hS=v99NGAYFkkmLdSO5Cp9gk2ojdbZ5vrU7img@mail.gmail.com> <90130407-2B6E-491A-AB9B-BEBB45604D50@puck.nether.net> <CABcZeBNB3scdEm0aF99KeD3F=JvqCU1yaxL1cepFhnE+dg=0Wg@mail.gmail.com> <CAL9jLaYiMbMfyLK8b97TEqNcJVaQzfyC=HZvo4F01b3KZaYdVg@mail.gmail.com>
In-Reply-To: <CAL9jLaYiMbMfyLK8b97TEqNcJVaQzfyC=HZvo4F01b3KZaYdVg@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 07 Dec 2018 05:02:13 -0800
Message-ID: <CABcZeBOrBLYYDB-kd=UF_wJy5n4KzcE9AU=kXMNbX_0_uQVc6g@mail.gmail.com>
Subject: Re: [Tsv-art] game over, EH [Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06]
To: morrowc.lists@gmail.com
Cc: jared@puck.nether.net, IETF discussion list <ietf@ietf.org>, draft-ietf-opsec-ipv6-eh-filtering.all@ietf.org, heard@pobox.com, opsec@ietf.org, tsv-art@ietf.org, gert@space.net
Content-Type: multipart/alternative; boundary="000000000000ae7434057c6e3b4c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/fsYdFN4b44NmH243GTfwjUWjAGg>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Dec 2018 13:02:58 -0000

On Thu, Dec 6, 2018 at 9:10 PM Christopher Morrow <morrowc.lists@gmail.com>
wrote:

>
>
> On Thu, Dec 6, 2018 at 5:41 PM Eric Rescorla <ekr@rtfm.com> wrote:
>
>>
>> routing area (key agility, a stronger algorithm than MD5). And of course
>> TCP-AO doesn't attempt to provide privacy. Perhaps you can elaborate on
>> what you're referring to here?
>>
>>>
>>>
> "TCP-AO is a lie, there is zero deployable code anywhere that supports it"
>
> was that the gist of his comment?
>

A rather more elaborated version of this


it'd be the whole of mine... because honestly it's the truth.
>

Sure, but as I said, I don't think of TCP-AO as an example of crypto
overreach. It's not something that security people tried to force on the
routing people, but rather something that was designed to what we
understood the requirements of the routing community. It's of course
possible, perhaps even likely, that we got it wrong, but that's a very
different thing.

-Ekr

v2.23.0 | Report a Bug | By Email