IETF Logo Mail Archive

Re: [saag] Fw:Fw:New Version Notification for draft-cui-dhc-dhcpv6-encryption-02.txt

Randy Bush <randy@psg.com> Wed, 29 July 2015 11:40 UTC

Return-Path: <randy@psg.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F0001A8788 for <saag@ietfa.amsl.com>; Wed, 29 Jul 2015 04:40:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SXwCxsXiy2SX for <saag@ietfa.amsl.com>; Wed, 29 Jul 2015 04:40:32 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26D721A8787 for <saag@ietf.org>; Wed, 29 Jul 2015 04:40:32 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=ryuu.psg.com) by ran.psg.com with esmtp (Exim 4.82) (envelope-from <randy@psg.com>) id 1ZKPin-0004Hq-Gf; Wed, 29 Jul 2015 11:40:29 +0000
Date: Wed, 29 Jul 2015 20:40:28 +0900
Message-ID: <m2a8ufgpjn.wl%randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
In-Reply-To: <55B8A692.8080409@cs.tcd.ie>
References: <313da830.6be8.14ed8564467.Coremail.lilishan48@126.com> <m2mvyfh1re.wl%randy@psg.com> <55B8A692.8080409@cs.tcd.ie>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/72ftDfRVH9du2Sl3tvGUUEtH0bk>
Cc: Security Area Advisory Group <saag@ietf.org>
Subject: Re: [saag] Fw:Fw:New Version Notification for draft-cui-dhc-dhcpv6-encryption-02.txt
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2015 11:40:33 -0000

TOFU is a bit oxymoronic, or certainly abuses 'trust'.  it is more like
You Undergo Big Attack.  it just gives you some assurance the attacker
is reproducible.  

but this is a tangent.  the point is that protocols which rely on
keying really need to nail the key distribution model(s).  

while tofu may be one, is it really one that security folk think the
ietf should advocate for set-up authenticity?  it's not how i want to
make the wsj; and coffee shop mitm will be in the wsj soon enough.

randy

v2.23.0 | Report a Bug | By Email