IETF Logo Mail Archive

Re: [OPSEC] Call For Adoption: draft-camwinget-opsec-ns-impact

"Tobias Mayer (tmayer)" <tmayer@cisco.com> Thu, 11 June 2020 09:57 UTC

Return-Path: <tmayer@cisco.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9286A3A07DE for <opsec@ietfa.amsl.com>; Thu, 11 Jun 2020 02:57:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.597
X-Spam-Level:
X-Spam-Status: No, score=-9.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=YKzo2jwY; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=dRzXjUZe
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jLybwjSdazke for <opsec@ietfa.amsl.com>; Thu, 11 Jun 2020 02:57:01 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C76C63A07DC for <opsec@ietf.org>; Thu, 11 Jun 2020 02:57:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=12053; q=dns/txt; s=iport; t=1591869420; x=1593079020; h=from:to:subject:date:message-id:mime-version; bh=w/+sgEIqulPuNIvW9OaLmDUX1VvO48OrJGcAqUbkWx0=; b=YKzo2jwYAO/JH/XZPdXADtIsWk3eXeOPy/gPq3Je+vjzixZdDXzn9rxo dlqI0xsXwS6msx0OhBRoDMV/xO1p287Y9iZhuVRITzRu3eu9nSZTDxFVg 86Yv+9GCV8YtKoUg9lrfkrX2AqYsGpeA8A2mhnNkqzstdlkipBzqm4qn5 s=;
X-Files: smime.p7s : 3695
IronPort-PHdr: 9a23:uLOFxxNL9juk/hY/aMAl6mtXPHoupqn0MwgJ65Eul7NJdOG58o//OFDEvK8x3lPMVJ/QrfNJl+SQtLrvCiQM4peE5XYFdpEEFxoIkt4fkAFoBsmZQVb6I/jnY21ffoxCWVZp8mv9PR1TH8DzNFHXq2e5qz8fBhu5MhB6daz5H4fIhJGx0Oa/s5TYfwRPgm+7ZrV/ZBW7pAncrI8Ym4xnf60w0RDO5HBPfrdb
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DKCQCc/uFe/4QNJK1mg3YvUgdvDh0tLyyEJINGA40WJZNqhGiBQoEQA1UEBwEBAQkDAQEjCgIEAQGERCKBfgIkOBMCAwEBCwEBBQEBAQIBBgRthVsMhXIBAwMSCwYaAwEBOBEBCBEDAQIrAgQwHQoEARIOFIMEAYJLAx8PAQ6nYAKBOYhhdoEygwEBAQWBRkFCglUYggcHAwaBOIFTgRGJSh0agUE/gREnDBCCTT6CZwICAQGBLAESAUENgmczgi2PQZQ1kEUKglmEJYJTgUOQWgMdnlyRE4oKkASEGgIEAgQFAg4BAQWBaiJmcHAVZQGCPlAXAg2SD4UUhUJ0AjUCBgEHAQEDCXyPWAEB
X-IronPort-AV: E=Sophos;i="5.73,499,1583193600"; d="p7s'?scan'208,217";a="505332401"
Received: from alln-core-10.cisco.com ([173.36.13.132]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 11 Jun 2020 09:56:59 +0000
Received: from XCH-ALN-005.cisco.com (xch-aln-005.cisco.com [173.36.7.15]) by alln-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id 05B9uxqg014435 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 11 Jun 2020 09:56:59 GMT
Received: from xhs-aln-002.cisco.com (173.37.135.119) by XCH-ALN-005.cisco.com (173.36.7.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 11 Jun 2020 04:56:59 -0500
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 11 Jun 2020 04:56:58 -0500
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 11 Jun 2020 04:56:59 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EYzCsNA0KdoQu9EWXp6QE2AdiU6DiXiYWBpmGpx5iHS7u6Sz5nvcZhRFNomU9SC2xquDjUaphsIz2YqFVk6Cw0V4/Zk6lfMuDII8XQ/+AtQMPNpg2T5qtVQVS7kCc9+BnEX6y7FB1HWNQ9VIKJiBB/5jthKmvdnqXM+pfo6PZPamNaAmJzN8XAxWHTeQY5BVshihCvngvXxOQeXmCkRGK9f+j3OvHz4ko43Krjg/FCNO0uwmOZETGRGsNeyfgBNB2OQMTJERb/j8rvmW+TA89LHvglYgISpxVSUyQ3BUMINsxlooBwo1cvquzz+pOe+1K9qJY7GaKhyPkzNK/UQ3NQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+FVCCBoNkFweHCpTXimwcirCQIgxmQM2+yqeQ7c0FWk=; b=Bg2nvX9zDUlkFPHJm+0fts8TDtsUG+VXHNE9GBkfk/pl79c2SQ096vo3fhN2o1qBdEvQvtTH7TSelgXUlnXFZWHdQGJvYHQkFL12TF1FsthhXjaXdMztCSfuzv0drWemyoGdtZ+jyBprmpUI5XDRhcwQUkE4UqpA1x5nEozPONXNvfdm50DcvC9PiA2tJCbZh3IunZ0ytCj0H1aedi56cFSvJcstTc+dcC3mZ7J713JFenJTsuO1YWrk0cfMLWY5Exs09aL/px4wl7+3023jC4PrwEuIwgXhW5ea0wl2CoXbpM+nHfE6zQVUMfK8cGNrkp7uXZnMAApvJjzROCVDfA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+FVCCBoNkFweHCpTXimwcirCQIgxmQM2+yqeQ7c0FWk=; b=dRzXjUZe5EBHLlOZqgQVrKg9krdn7LL1mQ0cyDiEWohUgYz1kI15Jc3PdIJk3BmLG2fnScNSirN6GHLBvvS4UpEXjKWn+bb1tCZ62gBuJl9OBSIBq7kiZ5Ja+R9H4nbfR1bLxKYDLNa/7zk8rp/oGxTGQMVUpQbIO0R72gUNJoQ=
Received: from DM6PR11MB3691.namprd11.prod.outlook.com (2603:10b6:5:146::33) by DM6PR11MB4690.namprd11.prod.outlook.com (2603:10b6:5:2ae::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3088.21; Thu, 11 Jun 2020 09:56:57 +0000
Received: from DM6PR11MB3691.namprd11.prod.outlook.com ([fe80::416c:ede1:6c0d:7437]) by DM6PR11MB3691.namprd11.prod.outlook.com ([fe80::416c:ede1:6c0d:7437%4]) with mapi id 15.20.3066.023; Thu, 11 Jun 2020 09:56:57 +0000
From: "Tobias Mayer (tmayer)" <tmayer@cisco.com>
To: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, OPSEC <opsec@ietf.org>
Thread-Topic: [OPSEC] Call For Adoption: draft-camwinget-opsec-ns-impact
Thread-Index: AQHWP9akvbjZws5fQM2HvBhyR2hakg==
Date: Thu, 11 Jun 2020 09:56:57 +0000
Message-ID: <057017CE-3690-4CED-97C6-5D854EA4484A@cisco.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.37.20051002
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2003:c3:3716:2900:4c9d:edad:b233:9177]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2f1bb94d-a73d-4166-7d66-08d80dedc74c
x-ms-traffictypediagnostic: DM6PR11MB4690:
x-microsoft-antispam-prvs: <DM6PR11MB4690FC187CDE1BF26524D075D6800@DM6PR11MB4690.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0431F981D8
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: PDOzhujLiWUcE4M2lwtX7J8Cd3wQfwPxDvZ3+w/CPKmGYs/EAui8EdWYVwfmR02AMc0dN9DKCa9Qbwj9jWIpHiOVDdpy38r3Zywfv4zJiVNDjQ3AynY7oYSPr8/bTquWuM0isXHgaBDZeOTQ37KUVnoPrAXW2aeQkCujDhB5QkWVwHD5s7hgu5R5wU+bVqk3IJIvIHKtZMpLPwvOt/iEh8HcXcMxvVcmYladPV3NhVNrO0LbouF94LkW2V8tAQF+5KLouaynYLyc5wyTvUJDOjc4N/8lP2Yc/wrWpy/DVk+eDyh42Fj5DRT6rFltcMmyTpNecKhGT+Yngku5A8hN06uxlS95mHfVOaPVM12zDmYTBiWXzmkTSGWPdjZFzz0ePBV1YIysm0AdjN84NfOvOg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB3691.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(366004)(39860400002)(346002)(376002)(396003)(136003)(99936003)(8936002)(2616005)(8676002)(4744005)(966005)(71200400001)(478600001)(6506007)(166002)(33656002)(5660300002)(66556008)(66946007)(76116006)(66476007)(2906002)(64756008)(66446008)(66616009)(6512007)(186003)(91956017)(316002)(110136005)(53546011)(36756003)(86362001)(6486002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: K+Qf/67O9mlh+nGIhSMDW38a6ud1znLWedL5b8ajExWxlTFbiCSudVv6a8r4WI49go19lP7aCk2+S3AWUVHC2dsLW7Fcw2WXPoYv6fvYtjvUQ6C/gEMNi5YofM8C6dCJrXoKwJM5e+Qk0zzL7lMBsOmH/fufwSt2n+ie2hdEX7M8L3kMq2JEoFy9c+3rIBZo1aRHt2xbBz0Bwu9IPqgvewYlN2WnEYQq1gcI7J6GRpqIh8Ixp660EWj0JCLjCMitrY9C64PFdcIbBEn2tCV/xBmQWH7W6ZyS3MSwAPNxOv7ZS2ka2NJZuE2s5uX4JefXHyp/HapORLaQxKtidyEdNTgOADU7pQ7aXYmQ+fu/BbzeNAsl5u8LU09zS8/e9aHMSIK+gdjM8YDgGF+kRXF/s4e397uPajlb3S0WpUATlbDU+GBKFRPrJacETNF9nMl4WcFGI1qvm/q3u01ditBCtq9TMlNUCU/eY3QQEGOoLB5/nrxv1cjGcQS4bcV1NFGR+dRLwouZ7xfA9g2GQ2yhE94alx26xtmPAjgM1YsJgi8=
x-ms-exchange-transport-forked: True
Content-type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3674721417_1931381178"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 2f1bb94d-a73d-4166-7d66-08d80dedc74c
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jun 2020 09:56:57.4154 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dGKD2sT9zn0kj2cZ8H+J721Id1jchugzBqk3ziLPa/dxPFuahCo8IswRfPk7cvXIxTNxYQSCU4VJJNHRSl5HGw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4690
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.15, xch-aln-005.cisco.com
X-Outbound-Node: alln-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/wNTHxkVKARQY3h9Z3x2lpelEl0k>
Subject: Re: [OPSEC] Call For Adoption: draft-camwinget-opsec-ns-impact
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jun 2020 09:57:03 -0000

Support.

 

Some comments that I have on this draft:

 

3.1.1  Last paragraph:  Worth Mentioning that it is currently not only about Encrypted SNI that is being discussed,

but also about encrypting the client hello (ECH). Beside the SNI, this also means that more fields like ALPN in the Client hello are also encrypted in the future.

 

https://datatracker.ietf.org/doc/draft-ietf-tls-esni/

 

3.1.3 , 3.1.4: Correct for TLS 1.3 as it is today. With ECH, this would have additional impact, but I think this is not in scope for this draft as ECH is not yet standardized.

 

Toby

 

From: OPSEC <opsec-bounces@ietf.org> on behalf of Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>
Date: Friday, 5. June 2020 at 17:05
To: OPSEC <opsec@ietf.org>
Subject: [OPSEC] Call For Adoption: draft-camwinget-opsec-ns-impact

 

Folks,

 

This email begins a call for adoption on draft-camwinget-opsec-ns-impact. The call for adoption will end on 6/19/2020.

 

                                        Ron and Jen

 

Juniper Business Use Only

v2.23.0 | Report a Bug | By Email