IETF Logo Mail Archive

Re: Request for Authenticated but not Encrypted Traffic

Paul Vixie <paul@redbarn.org> Fri, 30 September 2022 16:51 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82B11C14CE39 for <quic@ietfa.amsl.com>; Fri, 30 Sep 2022 09:51:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redbarn.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cnDgCYZGLPWz for <quic@ietfa.amsl.com>; Fri, 30 Sep 2022 09:50:58 -0700 (PDT)
Received: from util.redbarn.org (util.redbarn.org [IPv6:2001:559:8000:cd::222]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9EF1C14CE3B for <quic@ietf.org>; Fri, 30 Sep 2022 09:50:58 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [IPv6:2001:559:8000:cd::5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by util.redbarn.org (Postfix) with ESMTPS id ED4EB167A42; Fri, 30 Sep 2022 16:50:57 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=redbarn.org; s=util; t=1664556657; bh=lDZ7TcgCF4KiH86xMG3546LVVQlES8/o+g80b0vUWWo=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=NlRFtvbIeKtCmQRKNTtu/xcOEUScza57qNnhBFFACY8Yzk57UnpjWMZqW+gd7qBSr uwJ5Q65RA9ZP/C3F3Wzb0D9lMt6bNPDxJxYiMe08kcGjWHCaveuTMmmSn5t9wGsgwR O3UNyUq5quVGAPo+bst3ZEztyIYL/vkc8P5b6mN8=
Received: from [24.104.150.175] (dhcp-175.access.rits.tisf.net [24.104.150.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id C92E0C3FCF; Fri, 30 Sep 2022 16:50:57 +0000 (UTC)
Subject: Re: Request for Authenticated but not Encrypted Traffic
To: Carsten Bormann <cabo@tzi.org>
Cc: "quic@ietf.org" <quic@ietf.org>
References: <SJ0PR08MB82889F488CCA7D8FC4997ACEFA579@SJ0PR08MB8288.namprd08.prod.outlook.com> <CAMm+Lwh1DWyVNL7M6q0gAS77HyN5KXRa3cNn732ivbAMGSFVDg@mail.gmail.com> <SJ0PR08MB82888EE2140D219EF758CF76FA569@SJ0PR08MB8288.namprd08.prod.outlook.com> <da161bf2-2eea-77b9-c96f-e391fe867c3b@lear.ch> <fb875699-312a-497d-0b5c-2da95b26268c@redbarn.org> <140CFDE5-B5AC-4342-8A5D-41D7EE92B43E@tzi.org> <1b7329fd-d447-fb76-9d3c-4e09f58ee0f0@redbarn.org> <18756B86-A5A9-4166-B5D1-8C26C0FA4371@tzi.org>
From: Paul Vixie <paul@redbarn.org>
Message-ID: <5b02b637-c005-1414-cd0a-117fa74e55ee@redbarn.org>
Date: Fri, 30 Sep 2022 09:50:58 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 PostboxApp/7.0.57
MIME-Version: 1.0
In-Reply-To: <18756B86-A5A9-4166-B5D1-8C26C0FA4371@tzi.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/B_l0BWZ_A2hmeBtCElBMiEKKavw>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Sep 2022 16:51:02 -0000

see inline.

Carsten Bormann wrote on 2022-09-30 00:37:
> On 2022-09-30, at 09:25, Paul Vixie <paul@redbarn.org> wrote:
>>
>> what did you have in mind as an example of this, that i might not dislike?
> 
> ...
> 
> The part I do not understand is why this is always framed in terms of
> uncontrolled (unrestricted) visibility, i.e., everybody who manages to
> get hold of a packet has full visibility.

i could live with uncontrolled visibility on my own VM server's internal 
networks, or on my datacenter or home LAN. i am open to other ways to 
achieve the nec'y visibility -- i don't require that it be uncontrolled.

> ...
> 
> Instead, I'd prefer to pursue something that I'd call Authorized
> Visibility (AV).  Here, the communication actors explicitly provide
> visibility to additional justified parties, not simply to any
> eavesdropper that comes along.  ...

i'd be fine with this, as long as it was possible for my gateway to 
determine at line rate whether each packet trying to get through was 
participating in the Authorized Visibility regime you're describing.

> Grüße, Carsten
and you.

-- 
P Vixie

v2.23.0 | Report a Bug | By Email