回复: A non-TLS standard is needed
援北斗兮酌桂浆 <cang.mang@foxmail.com> Wed, 29 April 2020 03:31 UTC
Return-Path: <cang.mang@foxmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE5863A0DA7 for <quic@ietfa.amsl.com>; Tue, 28 Apr 2020 20:31:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MSGID_FROM_MTA_HEADER=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=foxmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IG1f_jrSCIfR for <quic@ietfa.amsl.com>; Tue, 28 Apr 2020 20:31:49 -0700 (PDT)
Received: from smtpbgbr2.qq.com (smtpbgbr2.qq.com [54.207.22.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C2CB3A0DA6 for <quic@ietf.org>; Tue, 28 Apr 2020 20:31:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foxmail.com; s=s201512; t=1588131092; bh=HkqcYrqc0bGspzfsgaQ/32mZvCf3WV3HNNtqZed/3H0=; h=From:To:Subject:Mime-Version:Date:Message-ID; b=nL4zfaN5zffj1Au8nfwSOAAkpgaHp61yqqBJTRkBI9Aqf6ROs2Z4Ylykjl27LNVDM U/3CevIGA99be3Dnofm8plovt8FRsxWF1CKpJkCbAnMSfPa+2LzfLjz/GCJ0fF7KNq CMYpIBEpXjtxaY5WNbu1uL1PZz4YCzdEy4U7RyLk=
X-QQ-FEAT: qejlcniKCiKkhfgVm1FXmCXwaK/gK7yw4X1thV0srwwm9idm6fSaXwfVaTd3l QbOECvL4ozRDHorphakgP25mdT46wocu4SWQKlr2O5asQ74cQY1Psv4na9Ddoy4Itynftav +1XKqf+phtKwdkMdAgGKfUhW6TwRMiwcnv0CPKZcmR+fw/tLZ9ekXCKVfpFBryJxoyD4tzM R3DwRsTzYqNPD58ZKlP2vK3W+7UEms5qCap/TqHayykswLxRolp6XvveH8dITbk7+kFVxmE uS26Y0wA7h02B8rYBLnBHrUCB0OYgecrx0YYsFlAva+7+V
X-QQ-SSF: 0000000000000010000000000000005
X-HAS-ATTACH: no
X-QQ-BUSINESS-ORIGIN: 2
X-Originating-IP: 42.120.138.181
In-Reply-To: <2208100.KEu4SK8F6j@linux-9daj>
References: <tencent_458BB4AFD3E32DBAAEA3F09FAEF063800605@qq.com> <7C5E535B-FA7B-4039-A286-7393C3B232CE@akamai.com> <2208100.KEu4SK8F6j@linux-9daj>
X-QQ-STYLE:
X-QQ-mid: webmail715t1588131090t9914887
From: 援北斗兮酌桂浆 <cang.mang@foxmail.com>
To: Paul Vixie <paul@redbarn.org>, quic <quic@ietf.org>
Subject: 回复: A non-TLS standard is needed
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_5EA8F512_0EE24E98_23E8D759"
Content-Transfer-Encoding: 8bit
Date: Wed, 29 Apr 2020 11:31:29 +0800
X-Priority: 3
Message-ID: <tencent_A9C74BB466C7C73F64A1C54012D66E1FA706@qq.com>
X-QQ-MIME: TCMime 1.0 by Tencent
X-Mailer: QQMail 2.x
X-QQ-Mailer: QQMail 2.x
X-QQ-ReplyHash: 3833257576
X-QQ-SENDSIZE: 520
Received: from qq.com (unknown [127.0.0.1]) by smtp.qq.com (ESMTP) with SMTP id ; Wed, 29 Apr 2020 11:31:31 +0800 (CST)
Feedback-ID: webmail:foxmail.com:bgforeign:bgforeign12
X-QQ-Bgrelay: 1
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/QtL62BMu0vy8JUcBnoaQFxZtA6g>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Apr 2020 03:31:58 -0000
The plaintext-QUIC is not used between human beings under the same sub-network. It is used between server-machines. Server-machines for solving same service in the same equipment room needn't encryption while communicating between each other. If we use QUIC for these machines communicating between each other, a non-TLS standard is needed. ------------------ 原始邮件 ------------------ 发件人: "Paul Vixie"<paul@redbarn.org>; 发送时间: 2020年4月27日(星期一) 凌晨2:56 收件人: "quic"<quic@ietf.org>; 主题: Re: A non-TLS standard is needed rich, lars, 援北斗兮酌桂浆, et al, please read below. On Sunday, 26 April 2020 16:42:11 UTC Salz, Rich wrote: > * Currently QUIC has a TLS layer, and it defines a security standard. > But we also have inner reliable network, in such network, every host knows > each other, so encryption is not necessary. If we use QUIC in such network, > the TLS layer will waste much CPU time. So I think QUIC need a standard of > non-TLS. > Lars already mentioned the charter, which is the description of what the > QUIC WG works on. Adding plaintext QUIC would require revising that, and > it would be surprising to me if there were consensus to do this. > There are also technical problems with this. For example, how does the > protocol library “know” that it’s on a secure network? How does it know > that node C isn’t trying to read messages that A sends to B? How do you > negotiate between encrypted-quic and plaintext-quic, without being > “tricked” into downgrading to plaintext over the public Internet, for > example? These are hard problems. i was directed to the following i-d when i asked about QUIC manageability: https://tools.ietf.org/html/draft-ietf-quic-manageability-06#section-3 a careful re-reading of this section shows that every possible method by which the operator of a hardened private network can detect or block QUIC flows has been foreclosed. the outcome of #section-3 is the null set. the QUIC charter has some security goals but they are all related to third parties (on-path adversaries). my security goals are more expansive than this: 1. a rent-seeking browser may prohibit content filtering or ad blocking apps from entering its store; this is the "browser-as-platform" business model. much filtering and blocking occurs in the OS, hypervisor, proxy, or firewall. 2. malicious content either passive or active, or malware, or IoT, or intruders, may wish to make contact with its mothership for tracking or command/control or exfiltration purposes. 3. an insider such as a disgruntled employee or disgruntled underaged person subject to either corporate or family controls may seek to bypass these. user centric or app centric networking is adversarial to such policies and controls. tens of billions of dollars are spent by hardened private network operators every year to detect and possibly prevent attacks of these kinds. the demand for such services won't shrink any time soon. because the QUIC model requires encryption and seeks unmanageability, those of us operating hardened private networks are in a bad position. the beyondcorp model is beyond most of us at this time, for reasons of history outside our control. with the QUIC charter as it is, it'll be broadly necessary to treat UDP itself as a privileged activity, such that whenever it occurs it's either explicitly expected or implicitly anomalous. this will force the use of an edge proxy capable of inspecting most outbound communications to enforce policy. i expect that the edge proxy will be permitted by most network policy to regenerate outbound flows using QUIC, so QUIC's advantages will be present on the long- haul and far end, just not on the near end. hardened private networks include the hypervisor on my laptop. no operating system or app i run will be allowed to communicate in any way that i can't verify using some BPF application like "tcpdump" or commercial edge protection software. i know i'm an outlier on this, but i'm far from alone. government and enterprise networks, if told to allow either unmanaged communications on their hardened private network, or to move to the beyondcorp model, will do neither: they will find a "third way", no matter what their costs. it's that third way which should concern the authors of the QUIC WG charter. we may be best served by cooperating with hardened private network operators (a first party), even though these are spectacularly similar to hardened national ISP's in authoritative regimes (a third party). anyhow, this is what went through my mind when i read 援北斗兮酌桂浆's question. since your reply and lars' reply were completely on-topic, but the question has broader implications, i thought i'd de-cloak for a moment to explain why. thank you for reading this far. -- Paul
- A non-TLS standard is needed 援北斗兮酌桂浆
- Re: A non-TLS standard is needed Lars Eggert
- Re: A non-TLS standard is needed Salz, Rich
- Re: A non-TLS standard is needed Paul Vixie
- Re: A non-TLS standard is needed Töma Gavrichenkov
- Re: A non-TLS standard is needed Paul Vixie
- Re: A non-TLS standard is needed Salz, Rich
- Re: A non-TLS standard is needed Lars Eggert
- Re: A non-TLS standard is needed Mirja Kuehlewind
- Re: A non-TLS standard is needed Roberto Peon
- Re: A non-TLS standard is needed Paul Vixie
- Re: A non-TLS standard is needed Stephen Farrell
- Re: A non-TLS standard is needed Matt Joras
- Re: A non-TLS standard is needed Lucas Pardue
- Re: A non-TLS standard is needed Paul Vixie
- Re: A non-TLS standard is needed Paul Vixie
- 回复: A non-TLS standard is needed 援北斗兮酌桂浆
- Re: A non-TLS standard is needed Mark Nottingham
- Re: 回复: A non-TLS standard is needed Paul Vixie