IETF Logo Mail Archive

Re: A non-TLS standard is needed

Matt Joras <matt.joras@gmail.com> Tue, 28 April 2020 01:44 UTC

Return-Path: <matt.joras@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 736403A0B52 for <quic@ietfa.amsl.com>; Mon, 27 Apr 2020 18:44:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 75giFKZQDvNb for <quic@ietfa.amsl.com>; Mon, 27 Apr 2020 18:44:22 -0700 (PDT)
Received: from mail-ua1-x929.google.com (mail-ua1-x929.google.com [IPv6:2607:f8b0:4864:20::929]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BC3B3A0B51 for <quic@ietf.org>; Mon, 27 Apr 2020 18:44:22 -0700 (PDT)
Received: by mail-ua1-x929.google.com with SMTP id s5so19725081uad.4 for <quic@ietf.org>; Mon, 27 Apr 2020 18:44:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=dt3egcGw+dsA2O3NP6xycalS3h2CRkkJ4y7xRJRvKJA=; b=LJm3YKZ7mn8l5l53QfKtM5x/noLgIm1lmUW1Qs3gdTNk957TDqhjX3bQzJsz8Dzyxo vENPvl2TdI9t1BRClI5jrdDDX3TmnEQTHdjkA7ETPBLOwV645VImfuXm9Q46irCH73qB IuiDdFHCC32jtmIRB3uHyGCvgWUV15jTuMNCISBk1UfIPS/d5vGjZFMEFA9QW+WaqllM RonzvrbOOhRvQkcuknbW6octtiX6XDT6cLVLrXeqJ0LB4CTLpWU4khzKqdFQye/vlwef C6t6WpJEBcFlZZ+vcXer+s3RPuykEuaTeEl9KKPK9gFaGJ/FQzAofjF9NU5yfVf/LR/x Nj/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=dt3egcGw+dsA2O3NP6xycalS3h2CRkkJ4y7xRJRvKJA=; b=QSTpJ+/XKEF32Q1AQYUC0WIkE2G8+8By8IKS5jUDD0LuVtu8e26GtObFoWFocF29Do CR8OYFJyqXngOLi6FXIaRPmIGJVQgbdXM533KyNue+P/3Lcq5GzvblD9ih/JR5k46zNU Aj+3pHT+X3x1FoCo47Tq2mRRnlIg0olGZpLF7hqII8RUBRhdofYsF4bUY32DmkNUJPx9 6g48KIEV+D6MrAT3qJqQD95os68DynDK4F+8kOXs7LG8O+KWFHQg0QC4DVpSsvMBeIJe As5MAKAFJIc5Nff5NbdqE3ly6n6hHCSh5d0h3pPsCiErqZZVH5Jsbi9Tpz/unrv+1dA5 9qYQ==
X-Gm-Message-State: AGi0PuZMSWFVWw+eY/iyJpkGmUBdHDLusATSdH7evfdFlxdy9YSC9qO9 0ynABnBsNQInnl9it4vxhMEHYrI25PWiOmoCRlA12g==
X-Google-Smtp-Source: APiQypIRIwdPyFtGnuGkcPLnxzZnyvIVg98n5IYOtWGsf+lBp4bvCR1GCrBYstvLZ0HDq4YBURplfxG/srQAkwqwgXA=
X-Received: by 2002:a67:7c50:: with SMTP id x77mr20098431vsc.187.1588038261404; Mon, 27 Apr 2020 18:44:21 -0700 (PDT)
MIME-Version: 1.0
References: <tencent_458BB4AFD3E32DBAAEA3F09FAEF063800605@qq.com> <2208100.KEu4SK8F6j@linux-9daj> <72518FA2-4D02-4498-BFED-C6F694C5687A@eggert.org> <2010266.tehQBtF6zN@linux-9daj>
In-Reply-To: <2010266.tehQBtF6zN@linux-9daj>
From: Matt Joras <matt.joras@gmail.com>
Date: Mon, 27 Apr 2020 18:44:10 -0700
Message-ID: <CADdTf+h-a9UkLPCEgMXJVfCUO0yEkk5uLV_VoY+vrRKshS8Geg@mail.gmail.com>
Subject: Re: A non-TLS standard is needed
To: Paul Vixie <paul@redbarn.org>
Cc: Lars Eggert <lars@eggert.org>, quic <quic@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000075f81b05a44ff89d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/ChxezVDUZ9T-49OYv8plJ26CiEI>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Apr 2020 01:44:25 -0000

On Mon, Apr 27, 2020 at 3:47 PM Paul Vixie <paul@redbarn.org> wrote:

> On Monday, 27 April 2020 11:56:20 UTC Lars Eggert wrote:
> > Hi Paul,
> >
> > this is definitely a broader discussion - it's popping up in other
> places as
> > well.
> >
> > The IETF can certainly have this discussion somewhere, but the QUIC list
> is
> > probably not the right home for it, esp. not as we've entered the home
> > stretch with regards to closing the final open issues that will let us
> WGLC
> > the current specs.
>
> lars, et al, thank you for such recognition. if mirjam's draft isn't a WG
> item, i hope that those in charge will find a place for it. i do not
> expect to
> relitigate the mandate for TLS, but i do hope we can recommend some signal
> beyond destination UDP port number, which is arbitrary given ALT-SVC and
> the
> HTTPSSVC mechanisms, as the way a hardened private network can recognize
> some
> UDP flows as likely to be HTTP-related and thus permitted to form outbound
> flows. without this the applicability of QUIC will be less than it could
> be.
>
> in other words i am requesting advice, a redirect, beyond the source
> quench.
>
> I'm not saying I like the practice, but it is already somewhat common
place to make such decisions based on the ALPN. E.g. you could allow it if
the ALPN is "h3-whatever". This is still possible with QUIC as the ALPN is
encrypted but not private.

Matt Joras

v2.23.0 | Report a Bug | By Email