RE: Request for Authenticated but not Encrypted Traffic
"Randy Armstrong (OPC)" <randy.armstrong@opcfoundation.org> Fri, 30 September 2022 08:38 UTC
Return-Path: <randy.armstrong@opcfoundation.org>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 921D9C15791C for <quic@ietfa.amsl.com>; Fri, 30 Sep 2022 01:38:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=opcfoundation.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FExpXtjioUL1 for <quic@ietfa.amsl.com>; Fri, 30 Sep 2022 01:38:16 -0700 (PDT)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2051.outbound.protection.outlook.com [40.107.93.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3E93C157901 for <quic@ietf.org>; Fri, 30 Sep 2022 01:38:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=L9wV3xzUcPX3I5JSDUKWlawRECRKgBy9WwbKsy1Jy4ADBN8aE1UEpEM3Q+j+/Jl5cdeSy+yzGvhwo+6FWxyOH/MgszgOSRt9nNALLJTvRnybac+5rM1jliBy/A86gThWGAMkn0nkoyTVhk3RGC7chRybAAjen1z5jrEeNyzy/YszHK6WfmiU3BLAqdRSg+JS0u53cVLMa6Jw/0tWaJuxeKwQ+e6Vnl881Dzus9AjxjQrr8GoTp8BJ3FCUZAsavfnN09ZmT8gAp5UVVOzqqBvDpa6yFEFSDooekk6DCL8FWpfFR5h2Ob8puOaj+roIT3JwszUw0g/HbfUPD+K1J9FrA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XMetjqkFwiZZoKtJhojeBzLRnwH+gAbcbM95roTfg3s=; b=cexj1resAKdhH3xEGh7dKUzYEiKWm/jLjAHDgMhw30VRCsibcBsMY+i2COjiR2+bv0WsAjYDzsUuRby8JygUld1ReRUvc98H+wmPc+rpQKoJfzTXUrIDl/wunqJ9ZVRoh7ll3bkksiHShpb/M+Ka7bTHEw1VWNzeOEMq/pgaRQVZqULfHgIagaxSy82GEEY5JIygwFFDkvHebeHqgJj22CUfm58jdB3WuKmE+QQawjNIOemT7SKcjoNPPqLuRrGJZECik74p3M2Q4wyEaObpBxNNDO///nQp4uavq7CcnUFVjTndSOH+4TNdNPHFCVbItKKbwue4WL5EEORPH5Dnzw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=opcfoundation.org; dmarc=pass action=none header.from=opcfoundation.org; dkim=pass header.d=opcfoundation.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=opcfoundation.org; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XMetjqkFwiZZoKtJhojeBzLRnwH+gAbcbM95roTfg3s=; b=AZQpjR4Kj9HIqWJmWT3x1WC4e7Biqg3YQfk4VWuCgsjec4RBvCQoBkUwQ39P4Kgv+/NL1kRMOnDdkK03tKLNomRakEkA0XmhfuC7Sa34ytpXCOadAnkuyB6anz3bxZgzaRKxe1B04T0EKzyDYWXKnvnqFePupY0NZSSOTEZmLkY=
Received: from SJ0PR08MB8288.namprd08.prod.outlook.com (2603:10b6:a03:41a::13) by BN6PR08MB3444.namprd08.prod.outlook.com (2603:10b6:405:65::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5654.24; Fri, 30 Sep 2022 08:38:11 +0000
Received: from SJ0PR08MB8288.namprd08.prod.outlook.com ([fe80::708f:4a6d:ca77:cef0]) by SJ0PR08MB8288.namprd08.prod.outlook.com ([fe80::708f:4a6d:ca77:cef0%9]) with mapi id 15.20.5676.017; Fri, 30 Sep 2022 08:38:11 +0000
From: "Randy Armstrong (OPC)" <randy.armstrong@opcfoundation.org>
To: Eliot Lear <lear@lear.ch>, Phillip Hallam-Baker <phill@hallambaker.com>
CC: "quic@ietf.org" <quic@ietf.org>
Subject: RE: Request for Authenticated but not Encrypted Traffic
Thread-Topic: Request for Authenticated but not Encrypted Traffic
Thread-Index: AdjT/etteyPc96T0SA+BuKbhQ9/5AQAeZlEAAAE43xAABNiTgAAEnpxw
Date: Fri, 30 Sep 2022 08:38:10 +0000
Message-ID: <SJ0PR08MB8288B7C5823FC9069D83A23AFA569@SJ0PR08MB8288.namprd08.prod.outlook.com>
References: <SJ0PR08MB82889F488CCA7D8FC4997ACEFA579@SJ0PR08MB8288.namprd08.prod.outlook.com> <CAMm+Lwh1DWyVNL7M6q0gAS77HyN5KXRa3cNn732ivbAMGSFVDg@mail.gmail.com> <SJ0PR08MB82888EE2140D219EF758CF76FA569@SJ0PR08MB8288.namprd08.prod.outlook.com> <da161bf2-2eea-77b9-c96f-e391fe867c3b@lear.ch>
In-Reply-To: <da161bf2-2eea-77b9-c96f-e391fe867c3b@lear.ch>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=opcfoundation.org;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR08MB8288:EE_|BN6PR08MB3444:EE_
x-ms-office365-filtering-correlation-id: ac82959b-50fa-4519-e1d8-08daa2bf1b83
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: dKtMvguUu7qOwi82xnPv7KRXoBEQS1B9IFiQgfLadcA1z/SJYHPUojTdyJAfSLZdp5XTrHNHrVqWjQMj3rBtbRZGc3fLLqm29NUD3zBOCnC58uy1K/QlqY4kuZL/1mfejOMbiWMfEmqWzLDc2KElkkiYTHJ5TdZGD6p/pgmIl3gJXUyVNc7eT0OzT7CVqmF84yEQyP/RwgnJIvKaWll9SXwbePzLGrgj4Jpl+BjkSQgTzneTIdJG0Gx2UjEr9sQwb3QUsKTKk9XYcQReT+SXe18j3258c35WQSY716CP/MIeCn/HjDzkmfLtahMZaBJUBGXcpYuSKL6gwjx6cOUgxV29EX1iuPNzRHqqSce52sGxmRGI21H7kcTPZtUwOgFdXH83JnC99pW4FIwIRJC8uIoyllWdQA26B6CBuvO7c4ekHjHYT+snEOhA4ablBQMCGp3KxteQhaUMyKlE8gSRwOUQzJBfCdId8ZEHp6qcYQ03q7PzY4kNAtIgy1W7/o5qPenxPC++1YJ/dP47srnfiyzufmJ4lpI0sUF9DhpD5xJptucMD8clV94fk9SOxtWCLiL5g8tjZ41hlqs+OvL1kMCVEniBMbdxnXVSxLSxOL0UKoaUJOK93W6ltHBFiUTonH5XrrIeaNdtXmOj7dQjeZsXp47YHnEaKffRbmh7tL/3+MOt+DyAb1vvPfH5i+UocRnFp/EScFgbQoPrT1TSPpu8+eYMKZdLMONIG+E3x2O8fDy/EP9hH1gS27Pb/sRoLO59mcgRz//CbWCNF1VpKA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR08MB8288.namprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(346002)(376002)(366004)(136003)(39830400003)(396003)(451199015)(33656002)(26005)(9686003)(6506007)(7696005)(316002)(122000001)(38100700002)(71200400001)(38070700005)(86362001)(76116006)(55016003)(83380400001)(66556008)(478600001)(5660300002)(186003)(52536014)(2906002)(4744005)(110136005)(8936002)(41300700001)(66476007)(8676002)(66946007)(4326008)(66446008)(64756008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: k8qOiK1QRuHk36a5XpMYKYkE1w/gcRPfPR3i4QT8ILfiRVmQM5exe610Noi04KOgDHq91H6b1T60XGcnqwhnZOH+1Vl9OhyVzQnyWINXjb5QQIpg6+eOUVckUnuSv2ocmfbyv0vuDngxg45MiHOidppmWRQ3WK9PObruh+vlB9JcqD4y760ncQltwDlnkafwNbN7uUgd/jGLk6sSlKFTXv52z1Blz9ap0SDl7Gp+jtG78QFx7W3Pd/E8VRNOWnHdN7EFYk2MiP3lCzquweh3hHgV4N6d9YC9WxiOLeCw3hYKYqitjd7yi3WwRVcplC1Gtv0pSP+T9t2zpOFMvmaCBGQRAOhaB//Chxq6nII54t4e/gTqYsvEYmFIB+7BvInVSok+LK2+Kowo7i9m/5yyVprJSH2yDzBOxcakMwEUL7WpEvA0/qKukpJhHAUKr4H7SZzI+g2el/jn+vGwkJbgjc3hLf4OOqEQ+i3kmbquocD+28gdSbQKVt069lmPI0KhQmVMSrn0GeGp5vCifsupA/a8vqnuHeA1fXiunYL9i+WaIdoTUmEjdWLFOuEbLXST5Cv2C1hq1BQy/Q59FXsrofe7YbBIAi27eAiTONFVGoFbK5kkn4PuAer2pr7Erb+f9fepfSqIA7tfT5C9WJV3bHJcllehFSUl9pcuFkvq9dUP5GRmXA9FpFWJ0TsnmBvrgcuwHP8D1mP0aGUAo/I01iXf3h11wSu3nlWBQZkzcCAKcD5xvyr0AGoNQgxzzn8r2zpkLPZeEhXbv+JViVkWjdTNz2dHelKWPOJgWjW5+TrxEL/n7JuJjx8I91/dOGj2pgCRhs8ez9+n2tu8T50fB0fKXAw/aJz3xGL0aLO+kT2+DX4cGwzAiuxW91PA3tyip2xHZ+a3tumy/GCijPGJUrcru9CVKbV3Xu+vT7MICP6yhwA9T4vA5PufIYu1pq0suSrVrWcddqllKxnb/ijMZ2NBbEJfS+YlMEzMyRy6vVzU7tgxdDlRXtXNBGWUWOgqhZz2A3c4E+AYtMBsiDZvDTpq80Om2A/AWTZ0ryYUVMaGebGVa4kyWf681t4LGdlhe5rcoGZNsx3tBdRrGUlPM3g9WMJezFJJeqUBJcU/5vL1XJF8Vufp+4b9BFxj0VZDVynmuqemy7vvZHbAm68LGuFNhXWaErJB5edLXqD0nuBqCrqEOcYz3FJ7Sasi90BXDQCK2qLsDQhdtACiWLMpEuEO/LkoiHg/LKwEWlCtMiipFsUhYPV0IgMjPYZeen7xWBoS1unRQN+uUpKNbBTGv+NeQUHNGLCOzOs0qO14nRjUNJuLJhGGKdKf2M2LvotBjhCTiBbgDl41xTaPk+9+bEBKgSHPOE6QGVkXCDzUdOxsTkh60V6x7ypBKXbMPDhic2XMoIuLfm81j39JGz1bzy6O4sECCzycWeYos+aKGzbnlPRQnzUdE4WjYL5q3mPZZrdYstP/DgyCZR3lSuJZj/Fdom5Gipb+O464xT9N3NIxgpqkSfi4afej1XlAqPzwQYMuRxGvs9xvu2yHoaug42LRy5QJiWPkYyCz5b+AoxsLr5xOifcd3pLNZPaprQxchhCQhVI92DhJs1Fv9NtgkjDbi+Z05BhJd7/l0lYJ+kk=
Content-Type: multipart/alternative; boundary="_000_SJ0PR08MB8288B7C5823FC9069D83A23AFA569SJ0PR08MB8288namp_"
MIME-Version: 1.0
X-OriginatorOrg: opcfoundation.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR08MB8288.namprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ac82959b-50fa-4519-e1d8-08daa2bf1b83
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Sep 2022 08:38:11.0115 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2d8ef4e4-d41c-489c-8004-bb99304b60fe
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: SgxU9GgluTAPtPwS780p2y6qWADzG1ECG0PGukHPfhZmwRnhmE5IlWMdl3dqKPeQqf3Io1PeElWQa7fAsT0NC0a/+1yP9ePPF6O1HpbnAjuU/p1aJJH7YrkkIHvr6/I2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR08MB3444
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/NqgVGu_ORQKL1GuJWNktfFWl6Tc>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Sep 2022 08:38:21 -0000
* I think the key point here is that sometimes observability is a feature and not a bug. This is particularly important in industrial/critical infrastructure. That observability can be achieved in many ways. One question is whether the observability itself should itself be authorized. Putting backdoors into protocols is not equivalent to letting applications decide to skip encryption. A backdoor is like giving law enforcement codes to break into a cellphone and hoping that they will never abuse the power or the codes will never fall into the hands of criminals. Letting applications decide is equivalent to an owner of a cellphone choosing not to lock their screen because they decide there is nothing that needs protecting. IOW, the fact that some users might be willing to live with the risk of a compromised system by allowing for backdoors is not a reason to refuse to allow other users to make a decision send data in clear text when and only when they decide it is safe.
- Request for Authenticated but not Encrypted Traff… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Roberto Peon
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Salz, Rich
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- Re: Request for Authenticated but not Encrypted T… Martin Thomson
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Eliot Lear
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- Re: Request for Authenticated but not Encrypted T… Carsten Bormann
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- Re: Request for Authenticated but not Encrypted T… Carsten Bormann
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Eliot Lear
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Eliot Lear
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Lars Eggert
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Behcet Sarikaya
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Matt Joras
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- Re: Request for Authenticated but not Encrypted T… Dave Taht
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- Re: Request for Authenticated but not Encrypted T… Christian Huitema
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Christian Huitema
- Re: Request for Authenticated but not Encrypted T… Christian Huitema
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- RE: Request for Authenticated but not Encrypted T… Randy Armstrong (OPC)
- Re: Request for Authenticated but not Encrypted T… Willy Tarreau
- Re: Request for Authenticated but not Encrypted T… Paul Vixie
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- RE: Request for Authenticated but not Encrypted T… Antoine FRESSANCOURT
- Re: Request for Authenticated but not Encrypted T… Dirkjan Ochtman
- Re: Request for Authenticated but not Encrypted T… Behcet Sarikaya
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- Re: Request for Authenticated but not Encrypted T… Martin Duke
- Re: Request for Authenticated but not Encrypted T… Michael Tuexen
- Re: Request for Authenticated but not Encrypted T… Roberto Peon
- Re: Request for Authenticated but not Encrypted T… Behcet Sarikaya
- Re: Request for Authenticated but not Encrypted T… Lucas Pardue
- Re: Request for Authenticated but not Encrypted T… Eliot Lear
- Re: Request for Authenticated but not Encrypted T… Phillip Hallam-Baker