IETF Logo Mail Archive

Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06]

Eric Rescorla <ekr@rtfm.com> Fri, 07 December 2018 13:02 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 273B6128D68 for <opsec@ietfa.amsl.com>; Fri, 7 Dec 2018 05:02:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.358
X-Spam-Level:
X-Spam-Status: No, score=-3.358 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bm8BmfkEN03f for <opsec@ietfa.amsl.com>; Fri, 7 Dec 2018 05:02:57 -0800 (PST)
Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E38512D84D for <opsec@ietf.org>; Fri, 7 Dec 2018 05:02:55 -0800 (PST)
Received: by mail-lj1-x234.google.com with SMTP id k15-v6so3474372ljc.8 for <opsec@ietf.org>; Fri, 07 Dec 2018 05:02:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=AHh9o6qH8rx1HdF8tHV7hLMjbEMhz6/faR8iGtDE5GA=; b=CqqEXi2azI3Hxm8mV8b9bYm0oNcTSlf+hxSTzG7CbUSJEg0shvpiKOHpZoCR+IW6jX 3fM2fEfLSX5WJqBOeL/nTNWpDN1LgqglES4WsF1GyZxs4d+3XYlZPBVrBLniq6GtMhX+ VVLfn1gLE8cx1OVh/uYF7jx7gHKvn707fLK2oeueSmqM9qV81wa+W8V/fTLe1BxiELVu +QIbrkPZO7jQr+VTTvXC1YGaEWl1TR0zwRIHE+vMG+7Vvz7cSHYrF/kUeJH5w1Rvk33/ 2V5ALSrlzrrhop5+5IczPMCSMdmD577ag01BQXPOKtORHYlU6C0aA50jKLmNVCTZQGrG J8OA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=AHh9o6qH8rx1HdF8tHV7hLMjbEMhz6/faR8iGtDE5GA=; b=rBSoieOM/gQNs6Hvad630+uuevDpN861jvr1kv98fA0xLuYDYRfxbcgcACYbt0ptIB YfOoeI5a7c161VuXU5kPp/k5PIDcj0/09egCtVQ8ReTBjgxL/Ym4dg236K9elm461MLa TCm8/PZToejYfc0OYBKVdtY6Q6wFuROXgIQT7a2lLsqrfRnyR/+hM1qNI0FLty7jwbLE O9+OpVBu38cIBj25DLHXD0ptcAEftqOUkyELhsWi7sM4o9ZYX4FaDAdTytUouIlqoP93 LsT4C42x8YpoW/cpszndlDyK0sQdlMHSksrdivf8EJmRPhlA+ceFu+1yZQqqeSDnPVlI JhjA==
X-Gm-Message-State: AA+aEWbVJtGA2Cq7ul/Aj+vnAW9FMQC6aohoPZu0jThT+dHMlSJ6LUM2 zPIVM1ezZ9f/R9i3rT3nXBXDrTPe/Yta1kf3f2WwXw==
X-Google-Smtp-Source: AFSGD/Xx4y8FygJJhi4qdvc9Wnmn386133oySDNtKM1D8GqKLwdUa4b1l89RFYdgDJml5R2NqG+txfEJQBieGmzaKXM=
X-Received: by 2002:a2e:2d11:: with SMTP id t17-v6mr1289155ljt.159.1544187773077; Fri, 07 Dec 2018 05:02:53 -0800 (PST)
MIME-Version: 1.0
References: <CACL_3VGeJPzDhS0RVAvpQs9W8b4EODft-qJRwBD6Xxm+X6BZ6A@mail.gmail.com> <CAL9jLabK0bZz2nki=oFNHT0OrpVAB8pw7emAj2BtkHRCzkfmqQ@mail.gmail.com> <cf64abbf-e447-71e3-b983-4e525cc139aa@gmail.com> <CAL9jLaYMRDGFa7Qzj4ukRV1FPbJM40qbuZ34SYxoA30Z+h3EWw@mail.gmail.com> <20181205085227.GG1543@Space.Net> <9ba948f9-f286-1016-2dbd-f7056a15e744@gmail.com> <74d89efc-bfba-6e54-ebb2-d688e45b139f@gmail.com> <20181206125726.GG1543@Space.Net> <d078ea0f-3c2c-f782-4c1a-b54c463b48ce@gmail.com> <CAKKJt-eNCeV4hS=v99NGAYFkkmLdSO5Cp9gk2ojdbZ5vrU7img@mail.gmail.com> <90130407-2B6E-491A-AB9B-BEBB45604D50@puck.nether.net> <CABcZeBNB3scdEm0aF99KeD3F=JvqCU1yaxL1cepFhnE+dg=0Wg@mail.gmail.com> <CAL9jLaYiMbMfyLK8b97TEqNcJVaQzfyC=HZvo4F01b3KZaYdVg@mail.gmail.com>
In-Reply-To: <CAL9jLaYiMbMfyLK8b97TEqNcJVaQzfyC=HZvo4F01b3KZaYdVg@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 07 Dec 2018 05:02:13 -0800
Message-ID: <CABcZeBOrBLYYDB-kd=UF_wJy5n4KzcE9AU=kXMNbX_0_uQVc6g@mail.gmail.com>
To: morrowc.lists@gmail.com
Cc: jared@puck.nether.net, IETF discussion list <ietf@ietf.org>, draft-ietf-opsec-ipv6-eh-filtering.all@ietf.org, heard@pobox.com, opsec@ietf.org, tsv-art@ietf.org, gert@space.net
Content-Type: multipart/alternative; boundary="000000000000ae7434057c6e3b4c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/JrNh-YKMjA1U8TwHDPqWGI5jZBU>
Subject: Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06]
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Dec 2018 13:02:59 -0000

On Thu, Dec 6, 2018 at 9:10 PM Christopher Morrow <morrowc.lists@gmail.com>
wrote:

>
>
> On Thu, Dec 6, 2018 at 5:41 PM Eric Rescorla <ekr@rtfm.com> wrote:
>
>>
>> routing area (key agility, a stronger algorithm than MD5). And of course
>> TCP-AO doesn't attempt to provide privacy. Perhaps you can elaborate on
>> what you're referring to here?
>>
>>>
>>>
> "TCP-AO is a lie, there is zero deployable code anywhere that supports it"
>
> was that the gist of his comment?
>

A rather more elaborated version of this


it'd be the whole of mine... because honestly it's the truth.
>

Sure, but as I said, I don't think of TCP-AO as an example of crypto
overreach. It's not something that security people tried to force on the
routing people, but rather something that was designed to what we
understood the requirements of the routing community. It's of course
possible, perhaps even likely, that we got it wrong, but that's a very
different thing.

-Ekr

v2.23.0 | Report a Bug | By Email