Re: [perpass] tcpcrypt applicability (Was: Re: Violating end-to-end principle: I-D Action: draft-farrelll-mpls-opportunistic-encrypt-00.txt)
Phillip Hallam-Baker <hallam@gmail.com> Tue, 21 January 2014 14:31 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B97DA1A0152 for <perpass@ietfa.amsl.com>; Tue, 21 Jan 2014 06:31:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17edadEXnxW8 for <perpass@ietfa.amsl.com>; Tue, 21 Jan 2014 06:31:24 -0800 (PST)
Received: from mail-lb0-x234.google.com (mail-lb0-x234.google.com [IPv6:2a00:1450:4010:c04::234]) by ietfa.amsl.com (Postfix) with ESMTP id 8DB261A0151 for <perpass@ietf.org>; Tue, 21 Jan 2014 06:31:24 -0800 (PST)
Received: by mail-lb0-f180.google.com with SMTP id n15so5903766lbi.39 for <perpass@ietf.org>; Tue, 21 Jan 2014 06:31:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=9C5iCiUKkY4Ycu0vZN72UacMVUW8ARQySIlKF279ZtM=; b=rKQ2tl9paOGgftONgpkWbM+CvCOa9t44WLQm3RaiGBKzJ632i87xgvt9IfTTY8wlZo n4tOY8+p4joxs/PTKQp9y/2b2g7Y06K+xGE8fGx8M3A0iOgYJUxKf35kEup6N8XXN/e1 eMYD+qD//FzCmQKJ62FsHJ5+QE4RpFWlF0165GlNH3zwWQwgoiqgwQ4mxfXOU8n3LAEC 7dOroRrWCK8uo8T6XkvsG6SVv/wMltMH6C7LHpCd1GGJUuWGeSD4DvWp7luqxQ1FfsGx /99h4xH5BaawoiAEAvUAfodK6EsmBXxwT943+g6xwfTP7l3ddcB765Mkpx1XR2MEgj+L pTRQ==
MIME-Version: 1.0
X-Received: by 10.112.139.35 with SMTP id qv3mr1459475lbb.47.1390314683711; Tue, 21 Jan 2014 06:31:23 -0800 (PST)
Received: by 10.112.37.172 with HTTP; Tue, 21 Jan 2014 06:31:23 -0800 (PST)
In-Reply-To: <52DD404B.1080705@bbiw.net>
References: <04c001cf1123$7e5c00c0$7b140240$@olddog.co.uk> <CAMm+Lwj0r3PNoBC0Y1ydibD3piioZ57Z1Ks-Ea6o58xahjXKwQ@mail.gmail.com> <20140116192320.GD32098@thunk.org> <52D84F68.7030100@cs.tcd.ie> <52DD3CAA.6010004@bbn.com> <52DD3E64.2000707@cs.tcd.ie> <52DD404B.1080705@bbiw.net>
Date: Tue, 21 Jan 2014 09:31:23 -0500
Message-ID: <CAMm+Lwh0Lm0NbTjAO0h4weUUQhi_oS230r6wxsE09Pc8enKoRw@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Dave Crocker <dcrocker@bbiw.net>
Content-Type: multipart/alternative; boundary="089e0115fb12d9467f04f07bdc09"
Cc: perpass <perpass@ietf.org>, Stephen Kent <kent@bbn.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] tcpcrypt applicability (Was: Re: Violating end-to-end principle: I-D Action: draft-farrelll-mpls-opportunistic-encrypt-00.txt)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2014 14:31:26 -0000
On Mon, Jan 20, 2014 at 10:27 AM, Dave Crocker <dcrocker@bbiw.net> wrote: > On 1/20/2014 7:19 AM, Stephen Farrell wrote: > >> I'd expect that if tcpcrypt were implemented in >> some kernels then it'd be useful in places where you can't >> feasibly use TLS. >> > > > what are some examples of when this could occur? > > as long as there is speculation about this as a legitimate alternative, it > would help to have the speculation include plausible examples. tcpcrypt looks more like an alternative to IPSEC than TLS to me. Given that IPSEC has been a flop, working on an alternative twenty years later seems fine to me. The types of use case where I see problems with our current infrastructure are for applications such as wireless networking where WiFi security is still a usability disaster and remote access (aka dialup but we don't dialup any more). One major design limit in IPSEC and TLS is that both view the key exchange as being integral to the security layer rather than a separate service. I would like to separate out consideration of how chunks of data passing over the net are tagged and bagged for encryption and authentication from the question of key setup. There is no logical reason why the key negotiation for TLS, IPSEC and tcpcrypt cant be shared. -- Website: http://hallambaker.com/
- [perpass] Violating end-to-end principle: I-D Act… Adrian Farrel
- Re: [perpass] Violating end-to-end principle: I-D… Phillip Hallam-Baker
- Re: [perpass] Violating end-to-end principle: I-D… Joseph Lorenzo Hall
- Re: [perpass] Violating end-to-end principle: I-D… Theodore Ts'o
- Re: [perpass] Violating end-to-end principle: I-D… Dave Crocker
- Re: [perpass] Violating end-to-end principle: I-D… Stephen Farrell
- Re: [perpass] Violating end-to-end principle: I-D… Phillip Hallam-Baker
- Re: [perpass] Violating end-to-end principle: I-D… Christian Huitema
- Re: [perpass] Violating end-to-end principle: I-D… Phillip Hallam-Baker
- Re: [perpass] Violating end-to-end principle: I-D… Stephen Kent
- [perpass] tcpcrypt applicability (Was: Re: Violat… Stephen Farrell
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Dave Crocker
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Phillip Hallam-Baker
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Stephen Kent
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Phillip Hallam-Baker
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Stephen Kent
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Phillip Hallam-Baker
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Stephen Kent
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Phillip Hallam-Baker
- [perpass] Increasingly strange thread (was: .... … Leif Johansson
- Re: [perpass] Increasingly strange thread (was: .… Scott Brim
- Re: [perpass] tcpcrypt applicability (Was: Re: Vi… Stephen Kent