Re: Quic: the elephant in the room
Michael Thomas <mike@mtcc.com> Sun, 11 April 2021 22:26 UTC
Return-Path: <mike@fresheez.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B75FA3A2137 for <ietf@ietfa.amsl.com>; Sun, 11 Apr 2021 15:26:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtcc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O3PYI6nrO17v for <ietf@ietfa.amsl.com>; Sun, 11 Apr 2021 15:26:36 -0700 (PDT)
Received: from mail-pj1-x102d.google.com (mail-pj1-x102d.google.com [IPv6:2607:f8b0:4864:20::102d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 539773A2132 for <ietf@ietf.org>; Sun, 11 Apr 2021 15:26:36 -0700 (PDT)
Received: by mail-pj1-x102d.google.com with SMTP id r13so1822182pjf.2 for <ietf@ietf.org>; Sun, 11 Apr 2021 15:26:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mtcc.com; s=fluffulence; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=gUI7np9MZiZILlndBQ9giGRUA8dUhx9/6lAbl/HBHyE=; b=jY4glWXIvph2fG1GE5QxeDbGmAGr5NfCBzNeBqU1YdSa25DtbIX/DcXRyyQ1ljjw8M hzkpsbLZIoU+1HeV6Fh7LMY4kuQVUuzAMD+5JoXkjArkfQ2KEfISgOIFvobK1BxN8MgV TVnj4MfdqAkJKKTHyBvB0e6uUoVbdzZ+W4cw4Jsc+BllFDqRTPq60NoxD6cCAVQ+Q5wf 2pGTBsC78SzvzAx5jQB0mEBrsiaOYUF+wOPQ5Rkn8Kj76tEmrLqI1AibCra0Bl+AIYCf kS0vVlVyBYdBtGS59OXAtbjpPvfu2bqW3zAqz+5t8G7F+DbApWT2PphC7nLNKCQD5uQj +GUg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=gUI7np9MZiZILlndBQ9giGRUA8dUhx9/6lAbl/HBHyE=; b=WI+D+Rr7P6fLuK7xe2e/jOuzv57w3jI43zaKxc7QheUXxQwIoP9M9gvt/qf0O9gcse 1rLvAQUtotGg10gGq8TfUMHXPF9/KPT+fAlk1n24gAdmiPC3apfkzwU3TViv7RkjZXKF y9EVfCcI3g1QPhX26Xozw8bY6xTnNQkDeU6G2SVGJJdnJmB0K9g1xfVm5LzxVMqEymSn z/5EazSCz9ybx89PbnolnnWm3GPicM58dbHv0ryPfMKaO8P+b5dgqm6OdNYNadKxzxpQ wpnKKYXH6gy2LUIb0BwyaVOZs5SNhJW6fFBZ9sn5Hje188ihyFE6iQYygPKhWbAmNJdx O+OA==
X-Gm-Message-State: AOAM530IZeEe9f9+0UImudm9uCa+ge7sqK7p+i2V3ABr9d1HryLuq/iq 5vZH1HLUFgMUvCe+3YGcjR1zkdggaAxC8w==
X-Google-Smtp-Source: ABdhPJwAyWyipPBTsZgEpUbo+iGs9xaNYmLVqZByGk6/PvYOBAX0N2prRHWR4XokPZtcJP6MRQBk9A==
X-Received: by 2002:a17:90b:88f:: with SMTP id bj15mr2942600pjb.147.1618179994199; Sun, 11 Apr 2021 15:26:34 -0700 (PDT)
Received: from mike-mac.lan (107-182-38-56.volcanocom.com. [107.182.38.56]) by smtp.gmail.com with ESMTPSA id g8sm8030815pfr.106.2021.04.11.15.26.33 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 11 Apr 2021 15:26:33 -0700 (PDT)
Subject: Re: Quic: the elephant in the room
To: Phillip Hallam-Baker <phill@hallambaker.com>
Cc: "Salz, Rich" <rsalz@akamai.com>, IETF Discussion Mailing List <ietf@ietf.org>
References: <3b25c77d-e721-e86d-6c34-a90039aab0e2@mtcc.com> <CAMm+Lwhi8xwFgZJL7jod2g4urZt_f+dm0tNi+3y1osqOfch2mQ@mail.gmail.com> <3593a01f-73f4-7d03-a85b-dff64a8b070e@mtcc.com> <506A780B-9C0D-4F4A-B045-098F6152F4DB@akamai.com> <14cd802e-2a1b-97d4-c80d-b57f93e8cc21@mtcc.com> <CAMm+Lwj-O3NMJ+zWbfOViUXE1PBPzOZ6E1iPfZ0uWAj+1Q=_-w@mail.gmail.com> <ade4b396-507b-c969-ff32-2b3291fc14fc@mtcc.com> <CAMm+Lwh6ZaR2aQ_j15q9FwdYHojuFxG_GscRQjGXdD_t4z_fqA@mail.gmail.com> <ffd180f0-0359-9a84-9889-de395df3127a@mtcc.com> <CAMm+LwgnY70pDxVf43Yfi27n-Hf8swhP0zF3K4=ErpgQa7SeuA@mail.gmail.com>
From: Michael Thomas <mike@mtcc.com>
Message-ID: <1a8cf0ab-c656-a0d2-e430-3a4ad35353bb@mtcc.com>
Date: Sun, 11 Apr 2021 15:26:32 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.9.0
MIME-Version: 1.0
In-Reply-To: <CAMm+LwgnY70pDxVf43Yfi27n-Hf8swhP0zF3K4=ErpgQa7SeuA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------96552D99D58AFA6A98A1BB80"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/mvJazFLiqmREhzX6n-4ZnH4KRQk>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Apr 2021 22:26:41 -0000
On 4/11/21 2:27 PM, Phillip Hallam-Baker wrote: > On Sun, Apr 11, 2021 at 4:13 PM Michael Thomas <mike@mtcc.com > <mailto:mike@mtcc.com>> wrote: > > On 4/11/21 12:56 PM, Phillip Hallam-Baker wrote: > >> On Sun, Apr 11, 2021 at 3:34 PM Michael Thomas <mike@mtcc.com >> <mailto:mike@mtcc.com>> wrote: >> >> e already have a widely adopted example where we ignored the >> webpki folks too: DKIM. >> >> That is completely false. I was a member of the DKIM working >> group and its predecessors. Two years before the DKIM WG was >> started, I designed a DNS based key credentialing scheme together >> with a major technology vendor. This was demonstrated to Yahoo by >> my CEO, Stratton Sclavos before the date of the Yahoo patent claim. > > Uh, Jim and I didn't use certificates in the design of IIM and > neither did Mark with DK. Since the three of us were the basis of > the combined protocol > > I am very surprised that you are unaware of the Sender-ID protocol. > Surely Jim mentioned it to you. That was joint work with a third > party. We agreed not to put our proposal on the table so as to make it > easier for work to proceed. I don't remember when we became aware of sender-id. i don't know what it has to do with anything either. > We showed Jon our design before we released it as a sanity check. > At no time did he say anything about certificate based approaches. > > Again, you assume that VRSN was only interested in certificates. It is a big part of their business model. > > DKIM was designed for SMTP and SMTP alone. It is not a model that can > be generalized to other protocols and we knew that at the time. It is > certainly not a pattern I would want people to repeat as a paragon. The key fetching mechanism was purposefully made agnostic. We always envisioned it as being useful for other key distribution needs. > > IIM was a better approach if you wanted to go for policy. The > web-service-discovery draft above is basically taking ideas from IIM > and Stuart Cheshire's DNS Service Discovery work. > > >> Given where we are now with all SMTP using STARTTLS, I would >> probably look to implement TLS client auth instead which would >> allow fast restart to amortize the public key operations. But >> thats not where we were then. > > TLS doesn't do anything to help the end-to-end authentication. > > DKIM provides 'middle to end' authentication, not end to end. Since it > is (usually) checked only in the middle, middle to middle might have > been as good a choice. The point remains: DKIM brought something that goes beyond point to point to anchor reputation on. Mike
- Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Stephane Bortzmeyer
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Michael Thomas
- Re: DNS vs PKI, was Quic: the elephant in the room John Levine
- Re: DNS vs PKI, was Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room David Conrad
- Re: Quic: the elephant in the room David Conrad
- Re: Quic: the elephant in the room Viktor Dukhovni
- DNSSEC architecture vs reality (was: Re: Quic: th… Keith Moore
- Re: DNSSEC architecture vs reality (was: Re: Quic… Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: DNSSEC architecture vs reality (was: Re: Quic… Viktor Dukhovni
- Re: Quic: the elephant in the room Andrew McConachie
- Re: DNSSEC architecture vs reality Keith Moore
- Re: DNSSEC architecture vs reality Petite Abeille
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: DNSSEC architecture vs reality Marco Davids
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Michael Thomas
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Phillip Hallam-Baker
- Re: Quic: the elephant in the room Nico Williams
- Re: Quic: the elephant in the room Salz, Rich
- Re: Quic: the elephant in the room Viktor Dukhovni
- Re: Quic: the elephant in the room Salz, Rich
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality John C Klensin
- Re: DNSSEC architecture vs reality Keith Moore
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Keith Moore
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality John C Klensin
- Re: DNSSEC architecture vs reality Keith Moore
- Re: DNSSEC architecture vs reality Michael Thomas
- Re: DNSSEC architecture vs reality Nico Williams
- Re: new RRTYPEs, was DNSSEC architecture vs reali… John Levine
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Mark Andrews
- Re: DNSSEC architecture vs reality Petite Abeille
- Re: DNSSEC architecture vs reality Petite Abeille
- Re: DNSSEC architecture vs reality Andrew McConachie
- Re: DNSSEC architecture vs reality Patrik Fältström
- Re: DNSSEC architecture vs reality Eliot Lear
- Re: DNSSEC architecture vs reality Patrik Fältström
- Re: DNSSEC architecture vs reality Patrik Fältström
- Re: new RRTYPEs, was DNSSEC architecture vs reali… John R Levine
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Nico Williams
- Re: DNSSEC architecture vs reality Jim Fenton
- Re: DNSSEC architecture vs reality Masataka Ohta
- Re: DNSSEC architecture vs reality Petite Abeille
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Phillip Hallam-Baker
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Nico Williams
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Donald Eastlake
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Phillip Hallam-Baker
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Viktor Dukhovni
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Phillip Hallam-Baker
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Vittorio Bertola
- Re: new RRTYPEs, was DNSSEC architecture vs reali… Phillip Hallam-Baker
- Re: Fwd: Quic: the Elephant in the Room Michael Thomas
- Fwd: Quic: the Elephant in the Room Lars Eggert
- RE: Fwd: Quic: the Elephant in the Room Vasilenko Eduard
- Re: Quic: the elephant in the room Ben Laurie
- Re: Quic: the elephant in the room Phillip Hallam-Baker