Re: [IAB] IAB report to the community for IETF 103
Michael Richardson <mcr@sandelman.ca> Wed, 21 November 2018 15:30 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACB151277CC for <ietf@ietfa.amsl.com>; Wed, 21 Nov 2018 07:30:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.301
X-Spam-Level:
X-Spam-Status: No, score=-2.301 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m4gQat2i3cfB for <ietf@ietfa.amsl.com>; Wed, 21 Nov 2018 07:30:50 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FD0C12777C for <ietf@ietf.org>; Wed, 21 Nov 2018 07:30:50 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 947FE20089; Wed, 21 Nov 2018 10:30:44 -0500 (EST)
Received: by sandelman.ca (Postfix, from userid 179) id 0A949B90; Wed, 21 Nov 2018 10:30:49 -0500 (EST)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 089ADB8C; Wed, 21 Nov 2018 10:30:49 -0500 (EST)
From: Michael Richardson <mcr@sandelman.ca>
To: Ted Lemon <mellon@fugue.com>
cc: moore@network-heretics.com, ietf <ietf@ietf.org>
Subject: Re: [IAB] IAB report to the community for IETF 103
In-Reply-To: <CAPt1N1=HEo-CwAg6dkLqjgHrUEWf57pfqb9V3tHUsCKRmonvfA@mail.gmail.com>
References: <CA+9kkMDEP-JKDwcwRMT7QUs-yQi+PsuKo22mFZxB6yKTEqTuSQ@mail.gmail.com> <6.2.5.6.2.20181111093128.0bd80f60@elandnews.com> <CA+9kkMAcJSixn2-S-OwK0tojyJLQZ=mrhr4NT7OM9+ji0vb=GA@mail.gmail.com> <3a90ee88-8801-45b7-5449-da59620c4576@network-heretics.com> <8911.1542633984@localhost> <5157400F-42D3-4F2B-BFE1-94D1E1B656E4@huitema.net> <49390263-2BE7-4EA1-B732-84AA9D873A83@nohats.ca> <396690372.6606044.1542761090230@mail.yahoo.com> <ac2cb94c-c155-d6fb-a321-f18ccd4f34e1@network-heretics.com> <CAPt1N1kc=saPbipLmnMsonzVgWQv5aQ3GDWSYCOZJA-6x+_aUQ@mail.gmail.com> <119FFF2A-598E-4EE5-9E8B-75735A4AA788@network-heretics.com> <CAPt1N1=HEo-CwAg6dkLqjgHrUEWf57pfqb9V3tHUsCKRmonvfA@mail.gmail.com>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 21 Nov 2018 10:30:49 -0500
Message-ID: <18004.1542814249@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/lDTzAIMGDESjYKTMdRHZ8aRqNsg>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Nov 2018 15:30:53 -0000
Ted Lemon <mellon@fugue.com> wrote: > With all due respect, Keith, whatever we may think of it, there are > certainly people who think eavesdropping is a valid use case, and it > doesn't actually serve our ability to talk about and possibly > influence people who are on the fence about it if we pretend > otherwise. Yes, some of them think of themselves as providing an auditing function. It would be good to know which argument is being used in each case. > On Wed, Nov 21, 2018 at 8:56 AM Keith Moore > <moore@network-heretics.com> wrote: > Facilitating “eavesdropping “ is NEVER a valid use case. > Sent from my iPhone > On Nov 21, 2018, at 8:47 AM, Ted Lemon <mellon@fugue.com> wrote: > I would suggest being more explicit: > TLS 1.3 [RFC8446] is intended to address the following use > cases [cite use cases that do not include eavesdropping, and > do include preventing eavesdropping and providing forward > secrecy]. > It has come to the attention of the IETF that ETSI has > published a TLS 1.3 specification which addresses a different > set of use cases [cite use cases]. We wish to point out that > some of the use cases addressed by RFC8446 are not addressed > by ETSI. The ETSI specification should not be used in cases > where addressing these use cases is required [give examples]. > The IETF takes no position on whether the ETSI specification > successfully addresses these use cases. However, it definitely > does not address the complete set of use cases addressed in > RFC 8446. > Use of the TLS variant described in this ETSI specification > was considered by the IETF and did not gain consensus. As > such, use of this variant is not recommended by the IETF. > I think publishing this as a very brief RFC would be quite > appropriate. > On Wed, Nov 21, 2018 at 8:05 AM Keith Moore > <moore@network-heretics.com> wrote: > On 11/20/18 7:44 PM, Lloyd Wood wrote: >>>> That belongs in the to be written RFC "ETSI extensions > to TLS considered harmful". >>>> Of course, we may debate whether we want to publish > such RFC. >> >> Perhaps a more general 'Security protocols designed by > any other >> organisations considered harmful' is the way to go. > I doubt that such a direction would enhance our reputation > or that of > our documents. I'd much rather see us make specific > technical > arguments, e.g. > - If an IETF RFC cites TLS x.y, that citation only applies > to TLS x.y as > published by IETF, not some other *TLS published by some > other > organization. Just because something else is named *TLS > doesn't mean > it's secure or an acceptable substitute, especially when > some of them > have deliberately been made in such a way as to compromise > the users' > security. > - If one party to a connection discloses the information > in the > connection to a third party, whether by choice or to meet > some > organizational or legal requirement, that's their business > and IETF > isn't questioning that. But intercepting the traffic at > the IP layer is > not a good way to implement such disclosures for several > reasons - e.g. > it effectively constrains the applications to only work > over particular > network segments, which harms the flexibility of the > Internet as a > general-purpose communications fabric; it discourages > transparency and > accountability that such record-keeping should require; > etc. (It's not > the record-keeping that's being questioned; it's the very > notion that > packet interception is a suitable way to accomplish that. > Packet > interception is a poor architectural choice, and yes that > includes > deep-inspecting firewalls and monitors.) > - For similar transparency arguments a communications > protocol that is > designed to effectively appear as TLS to the endpoints > and/or its users, > but which lacks the end-to-end confidentiality properties > of TLS, should > be discouraged by every means available. > - The introduction of TLS variants that are designed to > leak private > information seems likely to introduce yet another > destructive tussle, as > privacy-conscious users try to determine whether their > hosts and > applications are leaking their information, while the > spooks try to > evade such detection. (Yes I'm aware that some such > proposals provide > explicit information to their endpoints.) > etc. > Keith > ---------------------------------------------------- > Alternatives: > ----------------------------------------------------
- IAB report to the community for IETF 103 Ted Hardie
- Re: IAB report to the community for IETF 103 S Moonesamy
- Re: [IAB] IAB report to the community for IETF 103 Ted Hardie
- Re: [IAB] IAB report to the community for IETF 103 Martin Thomson
- Re: [IAB] IAB report to the community for IETF 103 S Moonesamy
- Re: [IAB] IAB report to the community for IETF 103 Randy Bush
- Re: [IAB] IAB report to the community for IETF 103 Randy Bush
- Re: [IAB] IAB report to the community for IETF 103 Christian de Larrinaga
- Re: [IAB] IAB report to the community for IETF 103 Keith Moore
- Re: [IAB] IAB report to the community for IETF 103 Michael Richardson
- Re: [IAB] IAB report to the community for IETF 103 Christian Huitema
- Re: [IAB] IAB report to the community for IETF 103 Benjamin Kaduk
- Re: [IAB] IAB report to the community for IETF 103 Michael Richardson
- "Re: [IAB] IAB report to the community for IETF 1… Stephen Farrell
- Re: "Re: [IAB] IAB report to the community for IE… Lloyd Wood
- Re: [IAB] IAB report to the community for IETF 103 Paul Wouters
- Re: [IAB] IAB report to the community for IETF 103 Keith Moore
- Re: [IAB] IAB report to the community for IETF 103 Lloyd Wood
- Re: [IAB] IAB report to the community for IETF 103 Keith Moore
- Re: [IAB] IAB report to the community for IETF 103 Ted Lemon
- Re: [IAB] IAB report to the community for IETF 103 Keith Moore
- Re: [IAB] IAB report to the community for IETF 103 Ted Lemon
- Re: [IAB] IAB report to the community for IETF 103 Keith Moore
- Re: [IAB] IAB report to the community for IETF 103 Michael Richardson
- Re: [IAB] IAB report to the community for IETF 103 Eric Rescorla
- Re: [IAB] IAB report to the community for IETF 103 Randy Bush
- Re: [IAB] IAB report to the community for IETF 103 Patrik Fältström
- Re: [IAB] IAB report to the community for IETF 103 S Moonesamy
- Re: [IAB] IAB report to the community for IETF 103 Stephen Farrell
- Re: [IAB] IAB report to the community for IETF 103 Eric Rescorla