IETF Logo Mail Archive

Re: Request for Authenticated but not Encrypted Traffic

"Salz, Rich" <rsalz@akamai.com> Thu, 29 September 2022 22:06 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E1D4C14CF0B for <quic@ietfa.amsl.com>; Thu, 29 Sep 2022 15:06:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.674
X-Spam-Level:
X-Spam-Status: No, score=-2.674 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tX2QuqI5WOYU for <quic@ietfa.amsl.com>; Thu, 29 Sep 2022 15:06:15 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E06FC14F74D for <quic@ietf.org>; Thu, 29 Sep 2022 15:06:15 -0700 (PDT)
Received: from pps.filterd (m0122332.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28TJHlJx009679; Thu, 29 Sep 2022 23:06:15 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=6okztFP6nJ33wd+1jSalZajWL4Xf8m9lc6x8pp0UOdE=; b=PpzM5WXTqzP/euWshJBON/wCxfYYQHJI4pB2bLknjQmGMlaS7mRqu7N2lhCbXIlcd31D eFGnmyuNM9j7A7ObYoYtFyy69qcVvQMO+oeY5hNYReLYFptfBAtD7ikTBAsGEZboTJyG 2SivWO8SrleI6TtMleS+wPQZJKvUio8Yq6Tf2sUgTjAxvRRxi7vwgJV7i4IgD3/am2sU pWom3UoteUabsjc4RjrCej17zT9Akj1s3hdUrrJ66BoPHuE8U6tVK04tCtU+vV0BGzds CERTR3eT8lPwygB+FTAs2vui8Y+gxDeCoaJGLLLo9oD5wfL3jjyor2FqT44zQ5+I/mZa sQ==
Received: from prod-mail-ppoint3 (a72-247-45-31.deploy.static.akamaitechnologies.com [72.247.45.31] (may be forged)) by mx0a-00190b01.pphosted.com (PPS) with ESMTPS id 3jwe28k219-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 29 Sep 2022 23:06:14 +0100
Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1]) by prod-mail-ppoint3.akamai.com (8.17.1.5/8.17.1.5) with ESMTP id 28TKkajf028634; Thu, 29 Sep 2022 18:06:14 -0400
Received: from email.msg.corp.akamai.com ([172.27.50.201]) by prod-mail-ppoint3.akamai.com (PPS) with ESMTPS id 3jucgch0rs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 29 Sep 2022 18:06:13 -0400
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com (172.27.50.203) by ustx2ex-dag4mb7.msg.corp.akamai.com (172.27.50.206) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.12; Thu, 29 Sep 2022 15:06:13 -0700
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) by ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) with mapi id 15.02.1118.012; Thu, 29 Sep 2022 15:06:13 -0700
From: "Salz, Rich" <rsalz@akamai.com>
To: "Randy Armstrong (OPC)" <randy.armstrong@opcfoundation.org>
CC: "quic@ietf.org" <quic@ietf.org>
Subject: Re: Request for Authenticated but not Encrypted Traffic
Thread-Topic: Request for Authenticated but not Encrypted Traffic
Thread-Index: AdjT/etteyPc96T0SA+BuKbhQ9/5AQAdr+0AAAF55QAAAk0LgAAAy2cA///Dv4A=
Date: Thu, 29 Sep 2022 22:06:13 +0000
Message-ID: <221F1853-32D4-4963-92E3-DB168CD23AB1@akamai.com>
References: <SJ0PR08MB82889F488CCA7D8FC4997ACEFA579@SJ0PR08MB8288.namprd08.prod.outlook.com> <e0c93db9-785b-fbfc-604a-5aa047d3c25b@redbarn.org> <SJ0PR08MB8288E1364214A9BCA4DBC6A5FA579@SJ0PR08MB8288.namprd08.prod.outlook.com> <MW5PR15MB51459BB0DCAD6E47A5A89C49D4579@MW5PR15MB5145.namprd15.prod.outlook.com> <SJ0PR08MB8288533C964762C760477D46FA579@SJ0PR08MB8288.namprd08.prod.outlook.com>
In-Reply-To: <SJ0PR08MB8288533C964762C760477D46FA579@SJ0PR08MB8288.namprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.65.22091101
x-originating-ip: [172.27.118.139]
Content-Type: multipart/alternative; boundary="_000_221F185332D4496392E3DB168CD23AB1akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-29_13,2022-09-29_03,2022-06-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 mlxlogscore=945 malwarescore=0 spamscore=0 bulkscore=0 suspectscore=0 phishscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2209130000 definitions=main-2209290139
X-Proofpoint-ORIG-GUID: iVf1Zz8qiXu7yn7OWgVvv4BnYU0dSzTD
X-Proofpoint-GUID: iVf1Zz8qiXu7yn7OWgVvv4BnYU0dSzTD
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-29_13,2022-09-29_03,2022-06-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 mlxlogscore=901 spamscore=0 adultscore=0 phishscore=0 clxscore=1011 mlxscore=0 impostorscore=0 bulkscore=0 lowpriorityscore=0 priorityscore=1501 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2209130000 definitions=main-2209290139
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/QSl0hAbzJpqrL9N99ljUPVXqTzY>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2022 22:06:19 -0000

There are a couple of conflicting trends here. Most IETF security-related work is aimed at the public Internet, not internal enterprise. On the other hand, it makes sense to want COTS solutions and not purpose-built things. We have direct experience with users being forcibly “downgraded” when options to do that are available which is why many participants are loathe to add things like “static RSA key exchange” or “no content encryption” to the protocols developed here. As Paul alluded, you’re unlikely to find much agreement for your use-case given the perceived risks.

On the other hand, you might be able to convince your vendors to support RFC 9150 and make it a requirement in your RFP’s.

v2.23.0 | Report a Bug | By Email