Re: New drafts: draft-kuehlewind-quic-manageability-00 and draft-kuehlewind-quic-applicability-00
Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch> Thu, 23 March 2017 12:26 UTC
Return-Path: <mirja.kuehlewind@tik.ee.ethz.ch>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C6CF1315BC for <quic@ietfa.amsl.com>; Thu, 23 Mar 2017 05:26:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q31tuadMtE-n for <quic@ietfa.amsl.com>; Thu, 23 Mar 2017 05:26:46 -0700 (PDT)
Received: from virgo02.ee.ethz.ch (virgo02.ee.ethz.ch [129.132.72.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1EDA1315D2 for <quic@ietf.org>; Thu, 23 Mar 2017 05:26:34 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by virgo02.ee.ethz.ch (Postfix) with ESMTP id 3vpm4n2sK2z15Ndh; Thu, 23 Mar 2017 13:26:33 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at virgo02.ee.ethz.ch
Received: from virgo02.ee.ethz.ch ([127.0.0.1]) by localhost (virgo02.ee.ethz.ch [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nA7uYi88x--c; Thu, 23 Mar 2017 13:26:31 +0100 (CET)
X-MtScore: NO score=0
Received: from [192.168.178.33] (p5DEC22AF.dip0.t-ipconnect.de [93.236.34.175]) by virgo02.ee.ethz.ch (Postfix) with ESMTPSA; Thu, 23 Mar 2017 13:26:31 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Subject: Re: New drafts: draft-kuehlewind-quic-manageability-00 and draft-kuehlewind-quic-applicability-00
From: Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
In-Reply-To: <CABkgnnVLGcPB5_Kt73O+Xuarx9g98iGQzNtP9XnGuysxdDXSaQ@mail.gmail.com>
Date: Thu, 23 Mar 2017 13:26:30 +0100
Cc: Christian Huitema <huitema@huitema.net>, IETF QUIC WG <quic@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <59A08C0B-2AD3-4369-8274-F9E6B548D18B@tik.ee.ethz.ch>
References: <8F3C60B8-BB54-422A-8E48-747CE3F43CC0@tik.ee.ethz.ch> <CABkgnnVN9fddRpVCu0EPtA1aFED0wMDP0oFC78VPcCgQSv5K5w@mail.gmail.com> <58b235ad-a9bb-d453-0157-f874687ae241@tik.ee.ethz.ch> <CABkgnnWm5scJHEc4wv_Yj3WosJibXnc+PvyaiY_hrVLkMzFb6Q@mail.gmail.com> <771e4500-02bc-53cc-fb3c-543c9ebc39e2@huitema.net> <CABkgnnVLGcPB5_Kt73O+Xuarx9g98iGQzNtP9XnGuysxdDXSaQ@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/kkCKyujnRkvsZQ71rDkBBPIz7Xw>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Mar 2017 12:26:49 -0000
I think one thing we easily can say it that if you fall back to TCP, you MUST fallback to TLS over TCP. > Am 22.03.2017 um 01:34 schrieb Martin Thomson <martin.thomson@gmail.com>: > > On 22 March 2017 at 10:30, Christian Huitema <huitema@huitema.net> wrote: >> I am not sure that security expectations for DNS over QUIC should be >> lower. I would expect DNS over QUIC to match the security of DNS over >> TLS (RFC 7858). > > I did assumed that that did not exist, which might be unfair. > >> We need consider the "game theory" aspects of any downgrade. If we allow >> fall back to a non encrypted alternative, then we reward the attackers. >> They block QUIC, observe the protocol silently switching to clear text, >> get access to the data that they are seeking, and all that without >> causing too many customer complaints. On the other hand, if blocking >> QUIC just blocks the service, customers will complain, to the service >> providers of course, but also very quickly to the intermediaries that >> set the block. For these blockers, the support cost will be much higher. >> And that means they will be less likely to block random services. > > An excellent point. Though you are condoning a denial of service > attack of a sort. Not sure where I stand on the morality of that. >
- New drafts: draft-kuehlewind-quic-manageability-0… Mirja Kühlewind
- Re: New drafts: draft-kuehlewind-quic-manageabili… Martin Thomson
- Re: New drafts: draft-kuehlewind-quic-manageabili… Mirja Kühlewind
- Re: New drafts: draft-kuehlewind-quic-manageabili… Martin Thomson
- Re: New drafts: draft-kuehlewind-quic-manageabili… Christian Huitema
- Re: New drafts: draft-kuehlewind-quic-manageabili… Martin Thomson
- Re: New drafts: draft-kuehlewind-quic-manageabili… Mirja Kühlewind