IETF Logo Mail Archive

Re: Quic: the Elephant in the Room

Phillip Hallam-Baker <phill@hallambaker.com> Wed, 21 April 2021 17:03 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE3CA3A2FBB for <quic@ietfa.amsl.com>; Wed, 21 Apr 2021 10:03:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2DecXBoHm-Al for <quic@ietfa.amsl.com>; Wed, 21 Apr 2021 10:03:55 -0700 (PDT)
Received: from mail-yb1-f169.google.com (mail-yb1-f169.google.com [209.85.219.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 122303A2F9D for <quic@ietf.org>; Wed, 21 Apr 2021 10:03:51 -0700 (PDT)
Received: by mail-yb1-f169.google.com with SMTP id 130so4221522ybd.10 for <quic@ietf.org>; Wed, 21 Apr 2021 10:03:51 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GQ6lJ/TxPbmYlQocBBo0aVUsSofh9vyUY4m7vFjeMK4=; b=KCQ22dnfK/o3HxHwB5ng/8wS3AGjOrCXguI/P+ICDH55WDOEhZHadfRuOnmN+Umbrr /mZR6iZpzSg7yW/f14XvgwH8meusF/FJMIGWnbEcxSVz0WqOUahh1WpiDRVR+8+zQHlm fiKTlbkE9D3zv9u68qiqM9PYIPawaoJMzGxNQ2e2CyaM7V4XGB4Tw5vo+ynubAwKHeUC 0MDx8gjxyrkuwo324/AgCi6iVC51rTrr3i0V4UihXFSjX4GCd2/jYzeckAwteKjVRWBm fvB7JecZ86TVwS+jcNIqkdC6PtfTGQFNPLqlnJQl8NX5Kz7t1V5LC8QLFs8sslF6l84w PpbQ==
X-Gm-Message-State: AOAM5314nnF+JM+4CSScL6oy4Hymp6ju7gCHLgJfF3kMd9KWfGb49KEu RjL74wlnu4A+hOzHvu9MU1kukrtdhghQ9mMAkImfsnFltAuvKg==
X-Google-Smtp-Source: ABdhPJwfTufjVtvffjdGC/INWNlgRdMDEG1rLsBe0g6pIZIKRLcQ8fVbiBOwjYm7JUiDIkp05pL5uv3vq+15f6xBMT8=
X-Received: by 2002:a5b:48c:: with SMTP id n12mr35442889ybp.273.1619024631179; Wed, 21 Apr 2021 10:03:51 -0700 (PDT)
MIME-Version: 1.0
References: <311e3e67-2e87-1650-22b3-614378fbf88f@mtcc.com> <CADdTf+jRMfNo1EiFBj-fOeZJkKM2TCvN9yJFEmJEVcZj5JMD_Q@mail.gmail.com> <e5856173-5c7a-1f2b-3be0-b2a155786ff8@mtcc.com> <CALGR9oY0-aVT+Hv0gj45pxwH7zxTw=TVpQGqCVC2NFCa+y16JA@mail.gmail.com> <4191ed66-11e4-7ac6-bd0d-d4713dd0873b@mtcc.com> <CAPDSy+6rWkgB49RKThFCsBLdMjquBBX9=h-Mz9AMAknu=2KhEA@mail.gmail.com> <2c400bd6-30cf-c46f-6e87-9ca62ef25ed2@mtcc.com> <CAPDSy+55oPNi8DBkQO+XGyrBMMB4kMLtVnDVU75Myh116jnwbw@mail.gmail.com> <CABcZeBPDDLbOkVDLQy0JkOBDrOXop6RORQ5YQYdKxJ4QLg+6LQ@mail.gmail.com> <CAMm+LwiDA-DWCPwB+N-dxTs-cuQrtaKb=_wtc-CP=Ckn4_sg7g@mail.gmail.com> <9b21b764-bdd4-7d1c-a89f-b7d2e947fdb8@mtcc.com> <CABcZeBNW3zShZU=HrQA=oKr82UeNTQEr3P=9GkpnFgzaJoG19A@mail.gmail.com> <7a0f6733-d084-0d2b-d054-a3ed5890cdbd@mtcc.com> <B557B8E7-45ED-4BE1-8ECB-E65826E04DF9@eggert.org> <513baf35-5ec5-e9f1-95a3-0bb1547c08be@mtcc.com> <8BA5A095-268D-494B-A272-D43B5CA5F7F4@eggert.org> <11194e47-bf5d-13b4-3df0-20565472722a@mtcc.com>
In-Reply-To: <11194e47-bf5d-13b4-3df0-20565472722a@mtcc.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Wed, 21 Apr 2021 13:03:41 -0400
Message-ID: <CAMm+LwhTKH67xLqUJwbO=gerEjW+BqiGNuCFcO1Ahowg8RgY5w@mail.gmail.com>
Subject: Re: Quic: the Elephant in the Room
To: Michael Thomas <mike@mtcc.com>
Cc: Lars Eggert <lars@eggert.org>, Eric Rescorla <ekr@rtfm.com>, Matt Joras <matt.joras@gmail.com>, Lucas Pardue <lucaspardue.24.7@gmail.com>, David Schinazi <dschinazi.ietf@gmail.com>, IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000062cbb05c07e8c03"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/nZEdnxTUZnaKVl9dGJDhFblVbL8>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Apr 2021 17:04:03 -0000

On Wed, Apr 21, 2021 at 12:56 PM Michael Thomas <mike@mtcc.com> wrote:

>
> On 4/21/21 9:46 AM, Lars Eggert wrote:
> >
> > I also got told that signing a zone is tantamount to "boiling the ocean".
> > You're misquoting David. He said:
> >
> > On 2021-4-20, at 20:20, David Schinazi <dschinazi.ietf@gmail.com> wrote:
> >> I'm not saying that a 3-packet handshake would be bad, I'm saying
> >> that it's not worth boiling the ocean to remove 2 packets.
> > Nowhere in that sentence or the rest of David's email do I see any
> mention of signing zones.
>
>   > Again, not a topic for *this* mailing list.
>
> Chrome has already implemented DANE once upon a time. The only thing
> left is for Google to DNSSec sign their zone. That's it. If there is
> something else, I'm all ears.
>

It is very rare that I make an assertion on a public mailing list and refer
to reasons I am not prepared to discuss in public but I am going to do that
on this occasion.

There are very good reasons why Google and other large international
network service providers should not sign their DNSSEC zones. Securing the
Internet is about rather more than securing the Internet.

v2.23.0 | Report a Bug | By Email