Re: A non-TLS standard is needed
Mark Nottingham <mnot@mnot.net> Wed, 29 April 2020 03:48 UTC
Return-Path: <mnot@mnot.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D82993A0DF4 for <quic@ietfa.amsl.com>; Tue, 28 Apr 2020 20:48:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=deqFOfQL; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=dgP5f6eB
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KFwENZ3NNTuv for <quic@ietfa.amsl.com>; Tue, 28 Apr 2020 20:48:53 -0700 (PDT)
Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A72273A0DF7 for <quic@ietf.org>; Tue, 28 Apr 2020 20:48:53 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 9BD99CAC; Tue, 28 Apr 2020 23:48:51 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Tue, 28 Apr 2020 23:48:51 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h= content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; s=fm2; bh=iX2OYW5iCQjI8WqWQ0NN1FMKiYL nSXynl/nydouK8JY=; b=deqFOfQLKSYtsU+28dldvGgbSQ6ildIdHx3223/3trv zStvXh5NoJlEdDQ9F14fZlV0/FNVTWPl6GUqjuVt2vE8kGBOq0kHZUzhXDqMQ6Af m2YQEyg36ZQATO0zMu+ArXUjCxZbPbFT0Y4/vgKeSFz06SOeQ8TStcYc5IDqc/3L 4LObYTrtOYM0WDWeXzL3n8dIOI4a6x1NRQA7/rdCHpydtLmigQ225sNsBvLlndkA hBRlV+IVfFL4KJuAl96nN0wUDxrVtwGSh/uca3IFV09n2kD1F44otDWLW45NzncP VAqzAk71T53djXtIb1JVRO/z/FzZydERoCM3QMfaT+A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=iX2OYW 5iCQjI8WqWQ0NN1FMKiYLnSXynl/nydouK8JY=; b=dgP5f6eB65qJgvpCy9yXEV CmvfTNK3YNQ5HeCPI75gCVOyyv3iOylDR9IkQcLPGiy5kN/T/FG4XzcDkuZ6EFVa QcnJV7HQ1kiM1KMMf/iC3SLroB1ce0OAolY24IJ7HeRiPCpq/iYom1fyQT3nQOM4 fuSH7ubIDGuf5RQsRy9WuFhHBhE5kM4HeBGDhPTRAgR5EfFR6N+mLEtg8O+F3gkF IUUj6JyoRosLDzPB8wKxJ1Urzv/txOUVkWD0AXBI/9xcYmKYKDPp/oGwJGgKLGFl ESrKQ5VAPDvC2HNtQ7jut6pwU36pgjOKFZKs0+prizGIbj/pRBCChb2OZhKa89cQ ==
X-ME-Sender: <xms:IvmoXhZ6B8zmsQalD50DHOAAGPWlralMW-xltYPfvdAP2QPYuBLPcQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedriedvgdejfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurheptggguffhrfgjfffkfhfvofesrgdtmh erhhdtjeenucfhrhhomhepofgrrhhkucfpohhtthhinhhghhgrmhcuoehmnhhothesmhhn ohhtrdhnvghtqeenucffohhmrghinhepihgvthhfrdhorhhgpdhmnhhothdrnhgvthenuc fkphepudduledrudejrdduheekrddvhedunecuvehluhhsthgvrhfuihiivgeptdenucfr rghrrghmpehmrghilhhfrhhomhepmhhnohhtsehmnhhothdrnhgvth
X-ME-Proxy: <xmx:IvmoXuw9kYn4iUX9W71rLpo2-kbzxoxgN6re4fISj7ovVlkccXTmkA> <xmx:IvmoXgOH-UpId-V_7-0oIUYvq2wHOtEwpgPltuis--aQGAFemjTVTg> <xmx:IvmoXtfNvJG-mpXHjugKSySwQi73ZNRgx3PJoC7Crq1Q_QrzWuqjaw> <xmx:I_moXkL59B2N1e-V0fFfVJcIZkyNY27r8QkL22yFeqZzedL5vwQALA>
Received: from macbook-air.mnot.net (119-17-158-251.77119e.mel.static.aussiebb.net [119.17.158.251]) by mail.messagingengine.com (Postfix) with ESMTPA id CB0833065ED1; Tue, 28 Apr 2020 23:48:47 -0400 (EDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_CCE2741E-C59A-4FCD-91B3-3DE10F72105C"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Subject: Re: A non-TLS standard is needed
From: Mark Nottingham <mnot@mnot.net>
X-Priority: 3
In-Reply-To: <tencent_A9C74BB466C7C73F64A1C54012D66E1FA706@qq.com>
Date: Wed, 29 Apr 2020 13:48:44 +1000
Cc: quic <quic@ietf.org>
Message-Id: <96773435-8D97-4550-A040-1652E6691E35@mnot.net>
References: <tencent_458BB4AFD3E32DBAAEA3F09FAEF063800605@qq.com> <7C5E535B-FA7B-4039-A286-7393C3B232CE@akamai.com> <2208100.KEu4SK8F6j@linux-9daj> <tencent_A9C74BB466C7C73F64A1C54012D66E1FA706@qq.com>
To: 援北斗兮酌桂浆 <cang.mang@foxmail.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/jwbViHYfTCkoc7DzsXL3gOyUXLI>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Apr 2020 03:48:58 -0000
> On 29 Apr 2020, at 1:31 pm, 援北斗兮酌桂浆 <cang.mang@foxmail.com> wrote: > > The plaintext-QUIC is not used between human beings under the same sub-network. > It is used between server-machines. > Server-machines for solving same service in the same equipment room needn't encryption while communicating between each other. > If we use QUIC for these machines communicating between each other, a non-TLS standard is needed. Yes, I think I've seen an illustration of a network like that: Cheers, > > ------------------ 原始邮件 ------------------ > 发件人: "Paul Vixie"<paul@redbarn.org>; > 发送时间: 2020年4月27日(星期一) 凌晨2:56 > 收件人: "quic"<quic@ietf.org>; > 主题: Re: A non-TLS standard is needed > > rich, lars, 援北斗兮酌桂浆, et al, please read below. > > On Sunday, 26 April 2020 16:42:11 UTC Salz, Rich wrote: > > * Currently QUIC has a TLS layer, and it defines a security standard. > > But we also have inner reliable network, in such network, every host knows > > each other, so encryption is not necessary. If we use QUIC in such network, > > the TLS layer will waste much CPU time. So I think QUIC need a standard of > > non-TLS. > > > Lars already mentioned the charter, which is the description of what the > > QUIC WG works on. Adding plaintext QUIC would require revising that, and > > it would be surprising to me if there were consensus to do this. > > > There are also technical problems with this. For example, how does the > > protocol library “know” that it’s on a secure network? How does it know > > that node C isn’t trying to read messages that A sends to B? How do you > > negotiate between encrypted-quic and plaintext-quic, without being > > “tricked” into downgrading to plaintext over the public Internet, for > > example? These are hard problems. > > i was directed to the following i-d when i asked about QUIC manageability: > > https://tools.ietf.org/html/draft-ietf-quic-manageability-06#section-3 > > a careful re-reading of this section shows that every possible method by which > the operator of a hardened private network can detect or block QUIC flows has > been foreclosed. the outcome of #section-3 is the null set. > > the QUIC charter has some security goals but they are all related to third > parties (on-path adversaries). my security goals are more expansive than this: > > 1. a rent-seeking browser may prohibit content filtering or ad blocking apps > from entering its store; this is the "browser-as-platform" business model. > much filtering and blocking occurs in the OS, hypervisor, proxy, or firewall. > > 2. malicious content either passive or active, or malware, or IoT, or > intruders, may wish to make contact with its mothership for tracking or > command/control or exfiltration purposes. > > 3. an insider such as a disgruntled employee or disgruntled underaged person > subject to either corporate or family controls may seek to bypass these. user > centric or app centric networking is adversarial to such policies and > controls. > > tens of billions of dollars are spent by hardened private network operators > every year to detect and possibly prevent attacks of these kinds. the demand > for such services won't shrink any time soon. > > because the QUIC model requires encryption and seeks unmanageability, those of > us operating hardened private networks are in a bad position. the beyondcorp > model is beyond most of us at this time, for reasons of history outside our > control. > > with the QUIC charter as it is, it'll be broadly necessary to treat UDP itself > as a privileged activity, such that whenever it occurs it's either explicitly > expected or implicitly anomalous. this will force the use of an edge proxy > capable of inspecting most outbound communications to enforce policy. i expect > that the edge proxy will be permitted by most network policy to regenerate > outbound flows using QUIC, so QUIC's advantages will be present on the long- > haul and far end, just not on the near end. > > hardened private networks include the hypervisor on my laptop. no operating > system or app i run will be allowed to communicate in any way that i can't > verify using some BPF application like "tcpdump" or commercial edge protection > software. i know i'm an outlier on this, but i'm far from alone. government > and enterprise networks, if told to allow either unmanaged communications on > their hardened private network, or to move to the beyondcorp model, will do > neither: they will find a "third way", no matter what their costs. > > it's that third way which should concern the authors of the QUIC WG charter. > we may be best served by cooperating with hardened private network operators > (a first party), even though these are spectacularly similar to hardened > national ISP's in authoritative regimes (a third party). > > anyhow, this is what went through my mind when i read 援北斗兮酌桂浆's question. > since your reply and lars' reply were completely on-topic, but the question > has broader implications, i thought i'd de-cloak for a moment to explain why. > > thank you for reading this far. > > -- > Paul > > -- Mark Nottingham https://www.mnot.net/
- A non-TLS standard is needed 援北斗兮酌桂浆
- Re: A non-TLS standard is needed Lars Eggert
- Re: A non-TLS standard is needed Salz, Rich
- Re: A non-TLS standard is needed Paul Vixie
- Re: A non-TLS standard is needed Töma Gavrichenkov
- Re: A non-TLS standard is needed Paul Vixie
- Re: A non-TLS standard is needed Salz, Rich
- Re: A non-TLS standard is needed Lars Eggert
- Re: A non-TLS standard is needed Mirja Kuehlewind
- Re: A non-TLS standard is needed Roberto Peon
- Re: A non-TLS standard is needed Paul Vixie
- Re: A non-TLS standard is needed Stephen Farrell
- Re: A non-TLS standard is needed Matt Joras
- Re: A non-TLS standard is needed Lucas Pardue
- Re: A non-TLS standard is needed Paul Vixie
- Re: A non-TLS standard is needed Paul Vixie
- 回复: A non-TLS standard is needed 援北斗兮酌桂浆
- Re: A non-TLS standard is needed Mark Nottingham
- Re: 回复: A non-TLS standard is needed Paul Vixie