IETF Logo Mail Archive

Re: Request for Authenticated but not Encrypted Traffic

Lucas Pardue <lucaspardue.24.7@gmail.com> Fri, 30 September 2022 08:56 UTC

Return-Path: <lucaspardue.24.7@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AAC2C1522C6 for <quic@ietfa.amsl.com>; Fri, 30 Sep 2022 01:56:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.857
X-Spam-Level:
X-Spam-Status: No, score=-1.857 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ydEe6DkHyjvf for <quic@ietfa.amsl.com>; Fri, 30 Sep 2022 01:56:12 -0700 (PDT)
Received: from mail-oa1-x33.google.com (mail-oa1-x33.google.com [IPv6:2001:4860:4864:20::33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCF21C1522C4 for <quic@ietf.org>; Fri, 30 Sep 2022 01:56:12 -0700 (PDT)
Received: by mail-oa1-x33.google.com with SMTP id 586e51a60fabf-1318106fe2cso4694656fac.13 for <quic@ietf.org>; Fri, 30 Sep 2022 01:56:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=ivFeaOJREud/oxvbJV9aAsnIzom0i9jdznfEOYwm6RI=; b=oio+7NCH8BXQB8D5CbKi5g5Cg3e35XxUhgdEMBbaTrzXR1tz3WdaxtlEJOJRi4ziKR bCXX3KV+s7DW/AqaTvGtPEzgQ5r6DQSPX23Q/gOPMANa+GMw+ffHBcmnRe4odjnF/tOz NnM2oKGzOFkBf6Ito4ZfPkpomz3cExvL3d8R0hvVSmIEcxHFtB/tm7lw9mIz/7ATKozx +nhfbxBfy2HNMkjDUeWwfxSMjVtWmQejaLde2XqsQ9ccNRywVwRgcUshu4EZDTa1DSr5 j2hVJmFfWMIQ6ovqzT9Phdluj/C2ZAwDIUCJNHyBDVOazVW+w1LYyy9J1lWMTIWO7vuH 1S+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=ivFeaOJREud/oxvbJV9aAsnIzom0i9jdznfEOYwm6RI=; b=xiU1FyJXaM0raVxghXv/YMBMH8A5K6Qa3dvQhXB2PDrjCSVu6Lfx5WsJfakzafhdzl 28k7OJt7Zi0ewwZsUbotReR5VpRuk9SnySKh2pCJGQE+1xUdV+vTy1PpsSa7RE4GEtgx +BJ6WtvlsdBF3eTFiNtbq0k0d86uAv9QmSyMOMO/Q83+JPhUoQozmcB9PSuRmatCoch1 7GXjR7Jg73YCWFLVMk36VoiMoiRDkg4MjWx9Q62ImERACBLAon1/ALOfw51HyQ3/xCeR rCt3oyJu/gkAv+Ns6gggK1AAaMtoixgIK0Jqz/P3GfPxm1W+TD7JBUuaVJUqN8ib+iCB Sjrg==
X-Gm-Message-State: ACrzQf1mKPoMbrb8kbmldLMsnqArI/eoskCLix2561et4i8YD3sznLZ+ c1vJ5UQDMJqXBR8F7BSGEq8ykjbsupMUmvtpLxuamfYK
X-Google-Smtp-Source: AMsMyM4SSpb0Sg+XW3zFXQ/c6YcjmNxD5zv8a+R6Cfht7OuVNnkP4dPu7pQjDct6b9yh9Wz5+n/pJRn+EwXRmLIu+Ug=
X-Received: by 2002:a05:6870:73cf:b0:131:9c6b:4cf9 with SMTP id a15-20020a05687073cf00b001319c6b4cf9mr4169820oan.150.1664528172155; Fri, 30 Sep 2022 01:56:12 -0700 (PDT)
MIME-Version: 1.0
References: <SJ0PR08MB82889F488CCA7D8FC4997ACEFA579@SJ0PR08MB8288.namprd08.prod.outlook.com> <CAMm+Lwh1DWyVNL7M6q0gAS77HyN5KXRa3cNn732ivbAMGSFVDg@mail.gmail.com> <SJ0PR08MB82888EE2140D219EF758CF76FA569@SJ0PR08MB8288.namprd08.prod.outlook.com> <da161bf2-2eea-77b9-c96f-e391fe867c3b@lear.ch> <SJ0PR08MB8288B7C5823FC9069D83A23AFA569@SJ0PR08MB8288.namprd08.prod.outlook.com>
In-Reply-To: <SJ0PR08MB8288B7C5823FC9069D83A23AFA569@SJ0PR08MB8288.namprd08.prod.outlook.com>
From: Lucas Pardue <lucaspardue.24.7@gmail.com>
Date: Fri, 30 Sep 2022 09:55:59 +0100
Message-ID: <CALGR9oaZNXD=Sdn16LpqsdbdPPU6iNpT9wdK-esXkAy0EmbUKw@mail.gmail.com>
Subject: Re: Request for Authenticated but not Encrypted Traffic
To: "Randy Armstrong (OPC)" <randy.armstrong@opcfoundation.org>
Cc: Eliot Lear <lear@lear.ch>, Phillip Hallam-Baker <phill@hallambaker.com>, QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006b86cc05e9e12ae7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/N_n8-YBTu9j1uJwura54QFB5J0M>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Sep 2022 08:56:13 -0000

Hi,

On Fri, 30 Sept 2022, 09:38 Randy Armstrong (OPC), <
randy.armstrong@opcfoundation.org> wrote:

>
>    - I think the key point here is that sometimes observability is a
>    feature and not a bug.  This is particularly important in
>    industrial/critical infrastructure.  That observability can be achieved in
>    many ways.  One question is whether the observability itself should itself
>    be authorized.
>
> Putting backdoors into protocols is not equivalent to letting applications
> decide to skip encryption.
>
> A backdoor is like giving law enforcement codes to break into a cellphone
> and hoping that they will never abuse the power or the codes will never
> fall into the hands of criminals. Letting applications decide is equivalent
> to an owner of a cellphone choosing not to lock their screen because they
> decide there is nothing that needs protecting.
>
> IOW, the fact that some users might be willing to live with the risk of a
> compromised system by allowing for backdoors is not a reason to refuse to
> allow other users to make a decision send data in clear text when and only
> when they decide it is safe.
>

The example given was SSLKEYLOGFILE. This isn't a protocol backdoor.
Instead it's an endpoint opt in action that extracts the negotiated session
key and puts it somewhere that can be used by others. It would be feasible
to build a system where clients share such session keys with trusted
parties in your network. Those parties could then use them for inspection.

This seems about as explicit a choice as an endpoint deciding it is in a
network that is safe enough to configure the use a transport connection
that discards confidentiality and/or integrity protections. It comes at a
cost of having to build an architecture that can support such actions but
it sounds like there is already an architecture for operational monitoring
in that network.

>

v2.23.0 | Report a Bug | By Email