IETF Logo Mail Archive

Re: Request for Authenticated but not Encrypted Traffic

Phillip Hallam-Baker <phill@hallambaker.com> Fri, 30 September 2022 02:51 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9E37C15257B for <quic@ietfa.amsl.com>; Thu, 29 Sep 2022 19:51:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.409
X-Spam-Level:
X-Spam-Status: No, score=-6.409 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fGLhbOFMQPmL for <quic@ietfa.amsl.com>; Thu, 29 Sep 2022 19:51:33 -0700 (PDT)
Received: from mail-oo1-f45.google.com (mail-oo1-f45.google.com [209.85.161.45]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 370E1C152579 for <quic@ietf.org>; Thu, 29 Sep 2022 19:51:33 -0700 (PDT)
Received: by mail-oo1-f45.google.com with SMTP id k10-20020a4ad10a000000b004756ab911f8so1391972oor.2 for <quic@ietf.org>; Thu, 29 Sep 2022 19:51:33 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=emTpmhI4MKrd0Jgtp7s86BsjfDwJLZHtq+LJsSByUnA=; b=WAOH1GnmROHLz/a22NvUOMKZG2rr2Zg6avTMotyb/MOkFcn9btusYmHAk7087z/KnV B/92gCtQr9rY+Civh31Et2reIKkdIi9wFD12UWLPLabIjTzkpPuAU7fO6DsW7VbgyA1B tLuzQ2XfLlAGmNebNEtC4/NcW3spxTtS1zV39fLYrhbCkTEt3QVm+N/5543Yq0AKYtQI gtug9W2+lLI19RKE7fsXcTU4bF4XQg3aXNWVsm5EKMI4vANqUHhS055wEgQPjPjtnwDz cWxEHQ2Gr+5L/7CCZBpfHoS1/IL+OFr/hxqkzv/sMDOUzn1hrnVwf0I1jhjXBrUYrYkj ZsNQ==
X-Gm-Message-State: ACrzQf2+hGqMVWAxeTiNNQKD/YQd+plxTemYeHchnt9p/DsfJ6PGWSNd ER/bah9W/7Vfb+dRvYoBPB9FnWkZEgBCmcyr28s=
X-Google-Smtp-Source: AMsMyM6MaPjTShDOvXOmCbpLqhnmDWWNkgNizXqwbbo7jWuXAz7DBd07x19fXzrPKzNL7WC+06toYmOUgfo9zgbQnBI=
X-Received: by 2002:a9d:ec1:0:b0:65c:2ec6:d3b5 with SMTP id 59-20020a9d0ec1000000b0065c2ec6d3b5mr2791406otj.93.1664506292112; Thu, 29 Sep 2022 19:51:32 -0700 (PDT)
MIME-Version: 1.0
References: <SJ0PR08MB82889F488CCA7D8FC4997ACEFA579@SJ0PR08MB8288.namprd08.prod.outlook.com>
In-Reply-To: <SJ0PR08MB82889F488CCA7D8FC4997ACEFA579@SJ0PR08MB8288.namprd08.prod.outlook.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Thu, 29 Sep 2022 22:51:20 -0400
Message-ID: <CAMm+Lwh1DWyVNL7M6q0gAS77HyN5KXRa3cNn732ivbAMGSFVDg@mail.gmail.com>
Subject: Re: Request for Authenticated but not Encrypted Traffic
To: "Randy Armstrong (OPC)" <randy.armstrong@opcfoundation.org>
Cc: "quic@ietf.org" <quic@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000044914f05e9dc126f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/iduP4IVDI9RYVCSdSBr2UDDfaVE>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Sep 2022 02:51:33 -0000

I see a requirement here being presented as an implementation.

The requirement is the ability of an authorized party within the network to
observe network traffic for debugging purposes. That is a very normal
requirement in process control. Process control networks are typically run
in a fashion that most IETF-ers would find unusual. The networks are
typically very quiet with absolutely no extraneous traffic. The traffic is
typically unencrypted so that systems can be monitored continuously.

The overriding objective is to protect integrity and availability.
Confidentiality is not (typically) considered a concern. The problem being
that a lot of systems depend on confidentiality of certain data to provide
for integrity. Particularly to protect against replay attacks. So I don't
think turning off encryption entirely is the right move.

A better approach for this particular requirement is to have a mechanism
which uses encryption but explicitly provides the necessary observer
decryption capabilities. But that approach has been repeatedly rejected in
IETF.



On Thu, Sep 29, 2022 at 8:31 AM Randy Armstrong (OPC) <
randy.armstrong@opcfoundation.org> wrote:

> The OPC Foundation is looking at deploying QUIC within factories as means
> for different OT devices to communicate with each other. In this
> environment, factory owners often wish to monitor traffic to check for
> anomalies. Encryption prevents this.
>
>
>
> For this reason, an authentication only option is essential to making QUIC
> a viable choice for communication within factories.
>
>
>
> Regards,
>
>
>
> Randy Armstrong
>
> OPC UA Security WG Chair
>
>

v2.23.0 | Report a Bug | By Email