Re: Quic: the Elephant in the Room

Michael Thomas <mike@mtcc.com> Wed, 21 April 2021 16:56 UTC

Return-Path: <mike@fresheez.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC2043A2F42 for <quic@ietfa.amsl.com>; Wed, 21 Apr 2021 09:56:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtcc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AwVT7rKz-K6i for <quic@ietfa.amsl.com>; Wed, 21 Apr 2021 09:56:30 -0700 (PDT)
Received: from mail-pf1-x42d.google.com (mail-pf1-x42d.google.com [IPv6:2607:f8b0:4864:20::42d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CB313A2F45 for <quic@ietf.org>; Wed, 21 Apr 2021 09:56:30 -0700 (PDT)
Received: by mail-pf1-x42d.google.com with SMTP id 10so20543170pfl.1 for <quic@ietf.org>; Wed, 21 Apr 2021 09:56:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mtcc.com; s=fluffulence; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=3EyjPqH8FAlut2u3xne214vhoTTrqNL6TTPcMP3BeRQ=; b=AQ+A6GaB94m1A13qukbQAeYQGPe70xn9f/STJYDKSd6AI0o+ex4rXFdLnt7ie/z9TY 0xjraSOQX2ndwuSz039Zam4+N/9sdajMF86td+6A3Gd9aBd6t6RXyC1cVRiIoT4nj+1q rkN82sZU8iys04V6iZ89zo1406/r2Uul5D+T7ksxOVeEbEwyVXeM6voSfWjpeb5CTYAT 7cRmEVrNCee/MTPDH5b6aqqukfz7nI0LpEGoPcKr2HjX/KJogUNUe7sc2QaXY6ad5ejB jZX9o1QECSfZj5Qd64vIcJPNRvb+1W2W9mwDc6gAggJx9r+YYxOCaPs/5UAGsAxhSKFd GWyg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=3EyjPqH8FAlut2u3xne214vhoTTrqNL6TTPcMP3BeRQ=; b=FdNY1BruhAJW/yIPRvqsso0+QlqsEimh1GgMXUzp/X0iZIPVUZ3Qrf8BrtlhRodQ57 IyUwkXYq8ylPTvJZ/V7oia4MuqBRswM8i/Z0auXAdYj0OV2Ocu5QkXti4L/3+zp341RV I+cH2hq2teVcm4XoE5kyDR5CcX9n5yoZyC1LPW8hZJc+jR1voidxs/55AC01k72tcUi9 pIi+VuElY1DBYJmMxuheng6lyBVpKaiyhXmN/ZPwh6GeJaJZdjK1XJzka77iR4itn4fg BQW000vu7VC0vOdd9Mgi1Yy07ZJEx5DB4/zIVTLeGJTS2ftNrtmy13aUVqy1/QU8bFsP ai1A==
X-Gm-Message-State: AOAM530wqfeerMfqTd93bnYIg6a2iHBOmjm0WvaBF+fdNfB78TgnUkhG 8tsKS0M6mEklYF0PKbqpAAJNtMO7aBLIwg==
X-Google-Smtp-Source: ABdhPJw74e6IRQWEcbWna9/r7/uSaCGAMNBBOPQBBvKXQDyoEFuLqXat7JSb2xX3HHhMpfd7FVE1bw==
X-Received: by 2002:a62:f84a:0:b029:245:17e4:bde2 with SMTP id c10-20020a62f84a0000b029024517e4bde2mr30457137pfm.64.1619024189467; Wed, 21 Apr 2021 09:56:29 -0700 (PDT)
Received: from mike-mac.lan (107-182-43-245.volcanocom.com. [107.182.43.245]) by smtp.gmail.com with ESMTPSA id u25sm17574pgk.34.2021.04.21.09.56.28 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 21 Apr 2021 09:56:29 -0700 (PDT)
Subject: Re: Quic: the Elephant in the Room
To: Lars Eggert <lars@eggert.org>
Cc: Eric Rescorla <ekr@rtfm.com>, Phillip Hallam-Baker <phill@hallambaker.com>, Matt Joras <matt.joras@gmail.com>, Lucas Pardue <lucaspardue.24.7@gmail.com>, David Schinazi <dschinazi.ietf@gmail.com>, IETF QUIC WG <quic@ietf.org>
References: <311e3e67-2e87-1650-22b3-614378fbf88f@mtcc.com> <CADdTf+jRMfNo1EiFBj-fOeZJkKM2TCvN9yJFEmJEVcZj5JMD_Q@mail.gmail.com> <e5856173-5c7a-1f2b-3be0-b2a155786ff8@mtcc.com> <CALGR9oY0-aVT+Hv0gj45pxwH7zxTw=TVpQGqCVC2NFCa+y16JA@mail.gmail.com> <4191ed66-11e4-7ac6-bd0d-d4713dd0873b@mtcc.com> <CAPDSy+6rWkgB49RKThFCsBLdMjquBBX9=h-Mz9AMAknu=2KhEA@mail.gmail.com> <2c400bd6-30cf-c46f-6e87-9ca62ef25ed2@mtcc.com> <CAPDSy+55oPNi8DBkQO+XGyrBMMB4kMLtVnDVU75Myh116jnwbw@mail.gmail.com> <CABcZeBPDDLbOkVDLQy0JkOBDrOXop6RORQ5YQYdKxJ4QLg+6LQ@mail.gmail.com> <CAMm+LwiDA-DWCPwB+N-dxTs-cuQrtaKb=_wtc-CP=Ckn4_sg7g@mail.gmail.com> <9b21b764-bdd4-7d1c-a89f-b7d2e947fdb8@mtcc.com> <CABcZeBNW3zShZU=HrQA=oKr82UeNTQEr3P=9GkpnFgzaJoG19A@mail.gmail.com> <7a0f6733-d084-0d2b-d054-a3ed5890cdbd@mtcc.com> <B557B8E7-45ED-4BE1-8ECB-E65826E04DF9@eggert.org> <513baf35-5ec5-e9f1-95a3-0bb1547c08be@mtcc.com> <8BA5A095-268D-494B-A272-D43B5CA5F7F4@eggert.org>
From: Michael Thomas <mike@mtcc.com>
Message-ID: <11194e47-bf5d-13b4-3df0-20565472722a@mtcc.com>
Date: Wed, 21 Apr 2021 09:56:27 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.9.0
MIME-Version: 1.0
In-Reply-To: <8BA5A095-268D-494B-A272-D43B5CA5F7F4@eggert.org>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/b-jLxu_cNFAuV0_IJn_zJOlsGKs>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Apr 2021 16:56:35 -0000

On 4/21/21 9:46 AM, Lars Eggert wrote:
>
> I also got told that signing a zone is tantamount to "boiling the ocean".
> You're misquoting David. He said:
>
> On 2021-4-20, at 20:20, David Schinazi <dschinazi.ietf@gmail.com> wrote:
>> I'm not saying that a 3-packet handshake would be bad, I'm saying
>> that it's not worth boiling the ocean to remove 2 packets.
> Nowhere in that sentence or the rest of David's email do I see any mention of signing zones.

  > Again, not a topic for *this* mailing list.

Chrome has already implemented DANE once upon a time. The only thing 
left is for Google to DNSSec sign their zone. That's it. If there is 
something else, I'm all ears.

And I am asking in your capacity as IETF chair if signing your zone is 
tantamount to "boiling the ocean". Taken at face value, that is a 
stunning indictment.

Mike