Re: TLS on disconnected/intermittently connected networks
Sam Hartman <hartmans-ietf@mit.edu> Thu, 04 March 2021 20:52 UTC
Return-Path: <hartmans-ietf@mit.edu>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 299E23A1672 for <ietf@ietfa.amsl.com>; Thu, 4 Mar 2021 12:52:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_FAIL=0.001, SPF_HELO_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3S-NsAkF-9er for <ietf@ietfa.amsl.com>; Thu, 4 Mar 2021 12:52:51 -0800 (PST)
Received: from mail.suchdamage.org (mail.suchdamage.org [52.9.186.167]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F7FD3A1671 for <ietf@ietf.org>; Thu, 4 Mar 2021 12:52:51 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.suchdamage.org (Postfix) with ESMTP id 084F9302FB; Thu, 4 Mar 2021 15:52:51 -0500 (EST)
Received: from mail.suchdamage.org ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wl58MqMPkTZv; Thu, 4 Mar 2021 15:52:50 -0500 (EST)
Received: from carter-zimmerman.suchdamage.org (cpe-24-165-19-20.hawaii.res.rr.com [24.165.19.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) (Authenticated sender: hartmans-laptop) by mail.suchdamage.org (Postfix) with ESMTPSA; Thu, 4 Mar 2021 15:52:50 -0500 (EST)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id BACEACA87F; Thu, 4 Mar 2021 15:52:38 -0500 (EST)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Keith Moore <moore@network-heretics.com>
Cc: ietf@ietf.org
Subject: Re: TLS on disconnected/intermittently connected networks
References: <20210302010731.GL30153@localhost> <0632b948-9ed1-f2bd-96da-9922ebb2aa60@mtcc.com> <YECpybvczdbKHvHx@puck.nether.net> <CAMm+LwiiySi5O1_WDc4-F9x1XfMFFvE-rEbc4uw+31DHJNEHEA@mail.gmail.com> <3f4db10c-dd92-354b-4fc9-6f14f4383454@network-heretics.com> <809967EB-F315-48D9-A301-73DFA4212FDE@dukhovni.org> <f9ad3bdd-3768-8c5f-a98c-73249f9a5ac3@network-heretics.com>
Date: Thu, 04 Mar 2021 15:52:38 -0500
In-Reply-To: <f9ad3bdd-3768-8c5f-a98c-73249f9a5ac3@network-heretics.com> (Keith Moore's message of "Thu, 4 Mar 2021 14:59:47 -0500")
Message-ID: <tsleegufxpl.fsf@suchdamage.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/xFMx1huGOlHpY60si6CabB7KjmE>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Mar 2021 20:52:53 -0000
>>>>> "Keith" == Keith Moore <moore@network-heretics.com> writes: Keith> IOW it's not only TLS and X.509 that are needed, but a Keith> stack (including browser) that can use these without needing Keith> DNS or external connectivity. I've been doing this a fair bit for isolated networks for cyber training and for other things in that space. We end up providing a DNS and a PKI etc. At this point it's going to be simpler to provide some good devops'd dns and PKI than to go develop a custom browser. I gave a talk on our work at https://debconf20.debconf.org/talks/32-when-we-virtualize-the-whole-internet/ last year. It's focused more on the software packaging aspects of setting up the more complex aspects of the infrastructure, but does give an architectural overview for this sort of approach. If all you need is DNS and PKI and the like, it's much simpler than the problems I focus on in the talk.
- Re: What ASN.1 got right Michael Thomas
- What ASN.1 got right Nico Williams
- RE: What ASN.1 got right Larry Masinter
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Tim Bray
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Keith Moore
- Re: What ASN.1 got right Theodore Ts'o
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Carsten Bormann
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Dirk-Willem van Gulik
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Dirk-Willem van Gulik
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right George Michaelson
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Christian Huitema
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right George Michaelson
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Jared Mauch
- Re: What ASN.1 got right Keith Moore
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Dirk-Willem van Gulik
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- TLS on disconnected/intermittently connected netw… Keith Moore
- Re: What ASN.1 got right Keith Moore
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Keith Moore
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Keith Moore
- Re: What ASN.1 got right Michael Thomas
- Re: TLS on disconnected/intermittently connected … Viktor Dukhovni
- Re: TLS on disconnected/intermittently connected … Keith Moore
- Re: TLS on disconnected/intermittently connected … Sam Hartman
- Re: TLS on disconnected/intermittently connected … Keith Moore
- Re: TLS on disconnected/intermittently connected … Viktor Dukhovni
- Re: TLS on disconnected/intermittently connected … Sam Hartman
- Re: TLS on disconnected/intermittently connected … Keith Moore
- Re: TLS on disconnected/intermittently connected … Michael Thomas
- Re: TLS on disconnected/intermittently connected … Keith Moore
- Re: TLS on disconnected/intermittently connected … Michael Richardson