Re: [saag] reviews needed of draft-knodel-e2ee-definition
Eric Rescorla <ekr@rtfm.com> Thu, 29 September 2022 20:49 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C6CCC14F726 for <saag@ietfa.amsl.com>; Thu, 29 Sep 2022 13:49:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZaxkHZYBEUtS for <saag@ietfa.amsl.com>; Thu, 29 Sep 2022 13:49:38 -0700 (PDT)
Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2061EC14CF1E for <saag@ietf.org>; Thu, 29 Sep 2022 13:49:01 -0700 (PDT)
Received: by mail-io1-xd2e.google.com with SMTP id r134so1854890iod.8 for <saag@ietf.org>; Thu, 29 Sep 2022 13:49:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=MBle81bmWk004IIvVgvuaU07DelbMtLbEz/ohhjYCgQ=; b=6/1zj9hISk7P8tojFB7HoYo6U9S9eh9j9HhxXrochhphsAG+XNLaL3G2WLCaPt8uKE 6bnCmEA9xj9rSmonAzITS9Ecs0GerkjxlaaLHk7XykvG51fKEQCw5WR+jdtDVwvaowvC WB3Et/cKNxyyKlyHHlWhL4lO42wfjekvtYBoT+tmjun+88XuQ7yK5J81BuRipRll9uRF 5RTB9ftVrEWmG+K6wUnG3q7+KPqDu+dWkIRhD8lc7eNNOTo4Av6SB//Po4p5hliW6313 vZfzRba5ozCWtcDEA7AhtmFfM2rWtXXGoRodDegA0iPtMQx6LSAS/vhAtHq8yNBHQRBd js+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=MBle81bmWk004IIvVgvuaU07DelbMtLbEz/ohhjYCgQ=; b=Doh9OofPEbE5zhBUwEZ7k0fbsHR0YwOQlc/2DZZbz89PAkUlpmrCzedfhlSwBE1ika Wnf7OJA0V6z6pcF8A+0b0rN8+mIO8ZaWyiqkzdo2pFZoMGnYqiDtSfSl9nrh/DyyOxQZ AtBIlNHedmyutv/crxrbiyli5rAUCh98wUqaO2Yx4An83lfS/qqsPHexqzGQoVRECAPp VuZnYgNyT1nXYmaqFphKcjmLPZYauppLIkcViTxUuxQisJyL0NiepcwYltzkwFk6Ml+E YhIEG7TAjF/tBR8mBfWZEtBTkQyzz4YrIlewy4BiQZ/clNaZX0kKHCA+zdmdekyVwuV0 LpnA==
X-Gm-Message-State: ACrzQf0LFCaDsNfkDY55ijxlwuJCgAQnzGZAgtX9b3v/QESvfimgmNlt ztLvo2xaUKweMgfPeSLNKhCkSM6dlKr1xSQ0Oy1CWA==
X-Google-Smtp-Source: AMsMyM6K6bIa48JpRVlKruIDExUx/A/TZb+kQ9k5gKSRTzk/Ev3UyKjyVZMNR9bEYuNiOnG3GTwz+O1CQZFmUJynuA4=
X-Received: by 2002:a05:6638:1396:b0:357:148d:8705 with SMTP id w22-20020a056638139600b00357148d8705mr2742802jad.61.1664484539823; Thu, 29 Sep 2022 13:48:59 -0700 (PDT)
MIME-Version: 1.0
References: <CAGL5yWZFpPts5VHgFHxS4xy9Z73xTTFxOac39e0t8SgigV7R8w@mail.gmail.com> <DBBPR08MB5915FDA64649AC913B855AE1FA579@DBBPR08MB5915.eurprd08.prod.outlook.com> <94e4b690-32d7-04c3-4ca1-c21f27dbeb31@lear.ch>
In-Reply-To: <94e4b690-32d7-04c3-4ca1-c21f27dbeb31@lear.ch>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 29 Sep 2022 13:48:23 -0700
Message-ID: <CABcZeBMV41-7fabp62gnzxLC0=BHw3D-yLVh98zOfS7yB+LrvA@mail.gmail.com>
To: Eliot Lear <lear@lear.ch>
Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Paul Wouters <paul.wouters=40aiven.io@dmarc.ietf.org>, IETF SAAG <saag@ietf.org>, "draft-knodel-e2ee-definition.authors@ietf.org" <draft-knodel-e2ee-definition.authors@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000bb111f05e9d70102"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/-SNwuz-iebNB9Kq33SItkz_OsrE>
Subject: Re: [saag] reviews needed of draft-knodel-e2ee-definition
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2022 20:49:39 -0000
Document: draft-knodel-e2ee-definition-07.txt I too have concerns about this draft as-is. I reviewed a previous version of this document (-02) and I see that a number of my comments [0] still apply, but in this message I want to talk about the bigger picture, specifically what function we expect this document to serve in the IETF. The basic mismatch I see in that respect is that the IETF designs protocols and this document focuses on systems. For instance, consider three instant messaging systems: - In System 1, all messages are TLS-encrypted between clients and the server but in the clear on the server. - In System 2, everyone has an app that they use for messaging and data is encrypted all the way to the app using MLS. - System 3, is much like System 1 except that someone has built a client which runs on the server and which exposes a Web interface. Based on the text in Section 2.2, I take it that the position that this document takes is that only System 2 is E2E secure and that Systems 1 and 3 are not. While I agree that this is true from a systems level, it's not helpful in IETF, which concerns itself with designing protocols. Specifically, there is an important distinction between a protocol like MLS, which is *compatible* with a fully E2E system and a protocol like TLS, which is not--at least for messaging--though it might be E2E in other contexts. And because the IETF's job is to design protocols, having a definition which tends to elide that distinction doesn't seem very helpful for our purposes, though it might of course be useful for other purposes. I think this document would be a lot more useful if it focused on protocol functionality and the system architectures it enables; the result would be something much shorter and more targeted, but would be more applicable to the work of the IETF. -Ekr [0] https://mailarchive.ietf.org/arch/msg/secdispatch/BwmdjEnXlAjd8u4DWQgeSOKr6rA/ [1] There are, of course, settings in which TLS is used end-to-end, but that's a separate topic. On Thu, Sep 29, 2022 at 4:23 AM Eliot Lear <lear@lear.ch> wrote: > I have to agree with Hannes, and would go further. The document as it is > should not be published, and needs some refocusing. > > The problems begin in the abstract where it is not made clear what the > reader will learn. They continue into the introduction where the > motivations for the work are not stated. > > There are already far more concise definitions of end-to-end encryption. > The definition isn't the problem. Attaining end-to-end encryption and > understanding the tradeoffs and implications is at least one problem. That > is, intersecting Section 3.2 and 4 could make for a good piece of work. > Also, stuffing a definition of end-to-end security in the middle of the > document is asking for trouble. > > I could see value in exploring the relationship between the end-to-end > principle and end-to-end encryption, but that to me strikes me as an > academic exercise. If that's what the authors want to do, great. There > are portions of RFC 3742 that could be addressed. Absent that, huge > swathes of Section 2 should shrink, and that which remains needs to be far > better supported, and must support the thesis of the work. > > I could see value in exploring end-to-end encryption in the context of RFC > 8890. But that doesn't always mean that the user is quite so visible. > Think about that water coming out of your tap and the control systems > involved. > > Anyway, to quote Yogi Berra, when you come to a fork in the road, take > it. Here we are. > > Eliot > > > On 29.09.22 10:13, Hannes Tschofenig wrote: > > I have read through the document. I am curious to what event has triggered > the authors to work on it. > > > > I have been asking myself several times in the document “Why are they > writing about this issue?” > > > > Ciao > Hannes > > > > *From:* saag <saag-bounces@ietf.org> <saag-bounces@ietf.org> *On Behalf > Of * Paul Wouters > *Sent:* Wednesday, September 28, 2022 11:49 PM > *To:* IETF SAAG <saag@ietf.org> <saag@ietf.org>; > draft-knodel-e2ee-definition.authors@ietf.org > *Subject:* [saag] reviews needed of draft-knodel-e2ee-definition > > > > Hi, > > > > A few people have been working on a document to define what it means to be > end-to-end encrypted, and wrote this up in a draft. > > > > https://datatracker.ietf.org/doc/html/draft-knodel-e2ee-definition-07 > > > > I believe this work small and self-contained and would be beneficial to > the community. Please provide feedback to the list and authors. Even if you > just agree with publication, please let the list (or me) know so that we > can gather some insights on the community consensus on this draft. > > > > Authors: if you can, please respond to this message with any IPR claims or > lack there of for the public record. > > > > Paul > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > > _______________________________________________ > saag mailing listsaag@ietf.orghttps://www.ietf.org/mailman/listinfo/saag > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag >
- [saag] reviews needed of draft-knodel-e2ee-defini… Paul Wouters
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Eric Rescorla
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Fred Baker
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Paul Wouters
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Eric Rescorla
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Kathleen Moriarty
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Michael Richardson
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Hannes Tschofenig
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Eliot Lear
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Salz, Rich
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Mallory Knodel
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Viktor Dukhovni
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Fred Baker
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Eric Rescorla
- Re: [saag] [MLS] Fwd: reviews needed of draft-kno… Brendan McMillion
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Russ Housley
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Antoine FRESSANCOURT
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Harry Halpin
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Keith Moore
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Mallory Knodel
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Paul Wouters
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Keith Moore
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Paul Wouters
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Keith Moore
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Eric Rescorla
- Re: [saag] reviews needed of draft-knodel-e2ee-de… Keith Moore