Re: A non-TLS standard is needed
Roberto Peon <fenix@fb.com> Mon, 27 April 2020 17:25 UTC
Return-Path: <prvs=138664ab30=fenix@fb.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD3003A1218 for <quic@ietfa.amsl.com>; Mon, 27 Apr 2020 10:25:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fb.com header.b=dk0dKJ+l; dkim=pass (1024-bit key) header.d=fb.onmicrosoft.com header.b=eNs2VKRz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uC28yZl9JoXz for <quic@ietfa.amsl.com>; Mon, 27 Apr 2020 10:25:48 -0700 (PDT)
Received: from mx0b-00082601.pphosted.com (mx0b-00082601.pphosted.com [67.231.153.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 778093A1217 for <quic@ietf.org>; Mon, 27 Apr 2020 10:25:48 -0700 (PDT)
Received: from pps.filterd (m0109331.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 03RHNhfZ026762; Mon, 27 Apr 2020 10:25:42 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=facebook; bh=GJrkKPI4+aOYrq+NW5MGz0/QxqZ2VcNoCaWmc0pt7A0=; b=dk0dKJ+lOVYtQnWmvhJJEUce0+CHMgwMQJkEviQltlSas/8MWx+MfgZRoEv5ebhMx0hs ZkNuso2ckllAoGWXZe35UivH34OnOTjZpWHT3bHVdtjLN2ZMzOasq5lrqLV66BfPg9TZ hr0+0tPR3jdaEWfAKgx6F3mfIt9Y4V2hrz4=
Received: from mail.thefacebook.com ([163.114.132.120]) by mx0a-00082601.pphosted.com with ESMTP id 30mk1gd11a-5 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 27 Apr 2020 10:25:42 -0700
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (100.104.98.9) by o365-in.thefacebook.com (100.104.94.199) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1847.3; Mon, 27 Apr 2020 10:25:25 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZyEgvpe5WymoJNOjmnkJhEoyhzZE/GI65aijtATSGbSv1vbqgJCUU4x099+yl4PBE8UGNX7fqORD4xZCq7fG2+xVovC4WRWM/BmOrvicjMVkSnc2Ir9+R2Ysa+4wF9dbNGWtPGGvMNz5LHZiPgWy8RkONcvxE61E4GaPgxA9wDWPIni7xljrVVTRTFHg351/Bav8CrtR7rgm3EcmH+cQqnroP0tePEnPW30NLFo1xn6UVEfJ17/LpRaXUI88lIXGt2QqLHjq726aolx9qZva4epGMGDxymko8FAKja4hiWDK2ljE0lwkHZesEem47CgfKd12tIh1Ow8R+qsnR86lKw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GJrkKPI4+aOYrq+NW5MGz0/QxqZ2VcNoCaWmc0pt7A0=; b=R58ympdLbbCN1IKyqEjDXkOx/KFBL1k70SPCkRGtzNBTwS9SggI3qoVdG3DoAmzGazEDglhwIfttQPQ8hginiQPv+HJnrUDp/6vymr7uJhNijRetgA6BcGKx+1HELTHDi5L2596RrAWSWoPE1HoTLTnJ/vBSCslYaO7StkIKSRCuvKKfIeVXohz2aRCf3qicYETpRdj8LD4h4efy+/wKZd0/b6fo28EQMiAXWmKh3coeNKhOhA8TgBCyLOhjDP6sHGQ7Zs4pmj3RuKBHAGajkt33ouLwMOJtRzeHLxLxlXs2eXTtmwDAlq8/k2sq7ZBk2F5EY26Xyxg+kZGb8T2wxA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=fb.com; dmarc=pass action=none header.from=fb.com; dkim=pass header.d=fb.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector2-fb-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GJrkKPI4+aOYrq+NW5MGz0/QxqZ2VcNoCaWmc0pt7A0=; b=eNs2VKRzuAbyeaGciCFfKuAl4r55aqYHhnRnB80m/fWxE8lIE71UNoSIm/1/wpUS2B8B8ORO9laybOphZpW+7jgcZNUAJzf/LJzSXnqoOY1BR3k6vtTkIyy8gfwyTxG0tMvv0QD/O4NMbErmx5oYmePZoObU6JIGQ+0TqsdXnUk=
Received: from MW3PR15MB3948.namprd15.prod.outlook.com (2603:10b6:303:4b::7) by MW3PR15MB4026.namprd15.prod.outlook.com (2603:10b6:303:50::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.22; Mon, 27 Apr 2020 17:25:24 +0000
Received: from MW3PR15MB3948.namprd15.prod.outlook.com ([fe80::4449:9ccd:6458:4a35]) by MW3PR15MB3948.namprd15.prod.outlook.com ([fe80::4449:9ccd:6458:4a35%3]) with mapi id 15.20.2937.020; Mon, 27 Apr 2020 17:25:24 +0000
From: Roberto Peon <fenix@fb.com>
To: Lars Eggert <lars@eggert.org>, Paul Vixie <paul@redbarn.org>
CC: quic <quic@ietf.org>
Subject: Re: A non-TLS standard is needed
Thread-Topic: A non-TLS standard is needed
Thread-Index: AQHWG6JtH0h9pIE/YUSie8ZfEjoi7qiLm/6AgAAlkoCAARzmAP//5paA
Date: Mon, 27 Apr 2020 17:25:24 +0000
Message-ID: <0DD20AA3-47B0-4E28-BC91-1E32337E80B6@fb.com>
References: <tencent_458BB4AFD3E32DBAAEA3F09FAEF063800605@qq.com> <7C5E535B-FA7B-4039-A286-7393C3B232CE@akamai.com> <2208100.KEu4SK8F6j@linux-9daj> <72518FA2-4D02-4498-BFED-C6F694C5687A@eggert.org>
In-Reply-To: <72518FA2-4D02-4498-BFED-C6F694C5687A@eggert.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.35.20030802
x-originating-ip: [98.234.190.115]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6263304c-9649-43c8-df9d-08d7eacff87c
x-ms-traffictypediagnostic: MW3PR15MB4026:
x-microsoft-antispam-prvs: <MW3PR15MB40268FACE071AFF639701CCBCDAF0@MW3PR15MB4026.namprd15.prod.outlook.com>
x-fb-source: Internal
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 0386B406AA
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW3PR15MB3948.namprd15.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(346002)(376002)(396003)(136003)(366004)(39860400002)(66574012)(86362001)(36756003)(4744005)(71200400001)(6512007)(2906002)(316002)(33656002)(66556008)(110136005)(8676002)(66446008)(26005)(81156014)(6486002)(76116006)(66946007)(64756008)(4326008)(91956017)(8936002)(66476007)(6506007)(478600001)(186003)(2616005)(5660300002); DIR:OUT; SFP:1102;
received-spf: None (protection.outlook.com: fb.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: qAKnwShBsqSOuWicQy0Od6NYzo97BzbfpyVi/6ZVvPiqlacHGSXREL56ie8NiuA08pxMynuKaPY+SOYFY+5JJMHIRemTYJWrSyhHyxmbk/Fv20iZ7GBcFYk2WlU5S6AG5ONSySPyM46nQaeuKtP0krcDBkxqPAQ1I/83T5f5Y8TDvATaSx+3kvYRjM9ABnrJN/n9Gdi2Mmx/cEK6g0boxO0LYd4n7F3X8PIX45rmIOCsN5vjkv2Dnrz3rNfTnE2jzwXHO/j2+O3QtGjiI0G3pBOD3eK2CsPXtbEh27y2ozYwROM33hLjsx1nnIvScg3HdDyk7tTALs95pUgDLVr84Z0cQfzwP+SV0AoQu+fej0/2/Sd1swnIgjAKQ0nSAn9EJNXK3I0PRtdcRLG/7zWVkmm112OCv81xgkzgXemV3J7GzKRs3OVRREVuujNo6MnG
x-ms-exchange-antispam-messagedata: JMHpJxmbNcAWtYEPMvHlNr7odGLRgkAYjRMpieoZA8EzoPML9e+Q9tZZfR1oQq9hsqSMOyvJaAyDj5BdDfqmwnY7iv7/K7REGd6iZ0fN3PjT5XFUUEmyFvIDVk1iqOHXieQGxOG0rtq+eNPywKYCjtttxM5ThQUhHfr+m9YjqP1eOLjjj/Jq5pUdM0PqoAV9Ae/YFgcJfvyhWtuHit0g/uzV77UCrw+nhALDLpjZtBEYVgQlwG70K2rkk27R1D8KwRxAVLq7G8MfE0i0bAJws53T7ASwrjIpYecU6fERQJPEZenXHqlMXkqYKf5wCODCn0RCHrhwTqMjeXloUV4co8vk6ADxWMk9numd3TtBviOUvmvf25CY08mkGD8vg4qDcxdS0b6t12RjC6k1KF9WsL+UTXFsTnutBNGYB/Eb/f/NVP5IJuyBj6oDcj+1trOkDoy9sdecYyOf1AJxUKf0SfNO1NmUAyCv4JJQa3fihz+ZzAepclOUFAFOMsmmvPxXLaJYAuD/B/L6w32QxKr2a3iNRw54mhFdA+nqQPCpFSPJENq+THvgs37uWUMLZDGL+076ExET0bDx7i09jA6qxoclChfmZQ7IVohT/RRt3rvY6K37Y6RViRpr/IeIF84unyu9dWEzWAVZE9A/Oa9J9g4oFOhg2Z4U7FnpkeKTrkBtbg4qZBRNBTpKI9F0WAAZwcDgDiLkCCH6VNQxd+CiM0dfMTLqlYF6xMGTgZdHxBTEJWiglzluJdkUaYVT37FTY9D6X+LjAyZis1Ta+00H3EDGkH2OYnX13ML9dDeHVs0=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <8600AFD117FE874A81943A3610C74DAE@namprd15.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 6263304c-9649-43c8-df9d-08d7eacff87c
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Apr 2020 17:25:24.2784 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: aUhMWt2rrYOU3LlaJ5dHza0uDtvSG+CT3BmJzR4GB0xezx9hRarKinb9DB4h+WEL
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR15MB4026
X-OriginatorOrg: fb.com
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-27_12:2020-04-27, 2020-04-27 signatures=0
X-Proofpoint-Spam-Details: rule=fb_default_notspam policy=fb_default score=0 impostorscore=0 suspectscore=0 mlxlogscore=794 priorityscore=1501 lowpriorityscore=0 mlxscore=0 malwarescore=0 bulkscore=0 spamscore=0 adultscore=0 clxscore=1011 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004270143
X-FB-Internal: deliver
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/Uq7fMfdoKhfkCOJd7PqhrXAXlDU>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Apr 2020 17:25:50 -0000
Trusting your hosts is not the same as trusting your network. It isn't that difficult to get an observer 3rd party on/into the supposedly secure network. The larger the network, the easier that is to do. We'll have forgotten some interesting moderately recent episodes in Internet and IETF history if we go down the plaintext route, and so I'd be surprised if there was consensus around this (as others have said). -=R On 4/27/20, 4:57 AM, "QUIC on behalf of Lars Eggert" <quic-bounces@ietf.org on behalf of lars@eggert.org> wrote: Hi Paul, this is definitely a broader discussion - it's popping up in other places as well. The IETF can certainly have this discussion somewhere, but the QUIC list is probably not the right home for it, esp. not as we've entered the home stretch with regards to closing the final open issues that will let us WGLC the current specs. Lars
- A non-TLS standard is needed 援北斗兮酌桂浆
- Re: A non-TLS standard is needed Lars Eggert
- Re: A non-TLS standard is needed Salz, Rich
- Re: A non-TLS standard is needed Paul Vixie
- Re: A non-TLS standard is needed Töma Gavrichenkov
- Re: A non-TLS standard is needed Paul Vixie
- Re: A non-TLS standard is needed Salz, Rich
- Re: A non-TLS standard is needed Lars Eggert
- Re: A non-TLS standard is needed Mirja Kuehlewind
- Re: A non-TLS standard is needed Roberto Peon
- Re: A non-TLS standard is needed Paul Vixie
- Re: A non-TLS standard is needed Stephen Farrell
- Re: A non-TLS standard is needed Matt Joras
- Re: A non-TLS standard is needed Lucas Pardue
- Re: A non-TLS standard is needed Paul Vixie
- Re: A non-TLS standard is needed Paul Vixie
- 回复: A non-TLS standard is needed 援北斗兮酌桂浆
- Re: A non-TLS standard is needed Mark Nottingham
- Re: 回复: A non-TLS standard is needed Paul Vixie