Re: [saag] Comments on draft-ietf-tsvwg-transport-encrypt-08.txt
Phillip Hallam-Baker <phill@hallambaker.com> Sat, 09 November 2019 17:41 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0C1C1200DF; Sat, 9 Nov 2019 09:41:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.646
X-Spam-Level:
X-Spam-Status: No, score=-1.646 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d_ou4yZr77mp; Sat, 9 Nov 2019 09:41:11 -0800 (PST)
Received: from mail-ot1-f50.google.com (mail-ot1-f50.google.com [209.85.210.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97C7C12001E; Sat, 9 Nov 2019 09:41:11 -0800 (PST)
Received: by mail-ot1-f50.google.com with SMTP id r24so7931938otk.12; Sat, 09 Nov 2019 09:41:11 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4Z2nrpbkl7DAGEImb1j1IU8wCyTShzhSLhrCU2apWGM=; b=PtNSLUwdET0DSoMOoAMi2beRQWFFOlIuDjFXjGwZftlN1vXZrKQ2T/yhILezVUkUyJ pgI3x/Ej8nWv5Sx66PJrGHLGz6c/NtpGqZqUDIZ4Kp+VgroT78PfND2XAPG0+I8oDYGJ 3Nqh4reYKsta9eWqC7SpvPAfVdov6TliPY/thUvirXItVXR4WZbBse4GOGw/aPLLsCAw TZoFr5UJZJPHQ+/5D9vVMNaZsm04W4k3GrujNK8yEZdVGLEnC5t4L76t1UBnQ1/nRc5L TDo+hFNtBMs5CWn/Dcf55wmvByLZURuLWyjYmeZyI9cXAQcwcx+CaG8fRa9YtEOTHemd xzGw==
X-Gm-Message-State: APjAAAWsc6kscYg43JBvhs8D4C50PRXLVt2hWE7wFJ7YCG0KyXJeEOul scyIp9wZE7u+TeLTzwxgK3rBH5yuQIQLpKP67VIObQ==
X-Google-Smtp-Source: APXvYqx11V670DL4Z1T5oy4mrxGKV222w34anhLmSbBKyv93X1pzyVFhKq96FcX0kwYkoNPTdJwcrUAaY3tFw2rq1Y8=
X-Received: by 2002:a9d:6f15:: with SMTP id n21mr11002779otq.231.1573321270727; Sat, 09 Nov 2019 09:41:10 -0800 (PST)
MIME-Version: 1.0
References: <CABcZeBPajzuEdw8=M1g1i-TAniJ9O+H5dEMxv8c6N3tD=7mSvw@mail.gmail.com> <CAMm+Lwg2SxwKoqS3wDe6X3X-2W5i-eR76094GqzERM0OxWOR6w@mail.gmail.com>
In-Reply-To: <CAMm+Lwg2SxwKoqS3wDe6X3X-2W5i-eR76094GqzERM0OxWOR6w@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Sat, 09 Nov 2019 12:40:59 -0500
Message-ID: <CAMm+LwiJ_kTr_eg9CBr4a+FXDtXxY6Ck2v7Xj50yBzryynCUWg@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: tsvwg IETF list <tsvwg@ietf.org>, IETF SAAG <saag@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007598730596ed6787"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/VLvrAx1qOvRJyfE2XfaWQJSWuiw>
Subject: Re: [saag] Comments on draft-ietf-tsvwg-transport-encrypt-08.txt
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Nov 2019 17:41:13 -0000
People have asked me for an infographic to illustrate my point. Well I only have text here. Encryption is like a too-short blanket when you are trying to sleep in bed. If you pull it up over your shoulders, you get cold toes. If you cover your feet, the rest of you gets cold. There is nowhere that you can put that blanket that is going to keep all of you warm and they only come in one size. So what you need is more blankets. If we only have one layer of encryption for headers and payload, it is all or nothing. If the payload is encrypted inside the encrypted transport, we can strip off the transport encryption with much less risk. And that is part of what we will be discussing in the MATHMESH BOF in the first session of the first day in Singapore.
- [saag] Comments on draft-ietf-tsvwg-transport-enc… Eric Rescorla
- Re: [saag] Comments on draft-ietf-tsvwg-transport… Bernard Aboba
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Tom Herbert
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Martin Thomson
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Mirja Kuehlewind
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Mirja Kuehlewind
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Eric Rescorla
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Mirja Kuehlewind
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Kathleen Moriarty
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Tom Herbert
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Christian Huitema
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Christian Huitema
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Bernard Aboba
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Gorry Fairhurst
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Mirja Kuehlewind
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Mirja Kuehlewind
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Gorry Fairhurst
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Tom Herbert
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Bernard Aboba
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Tom Herbert
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Martin Thomson
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Tom Herbert
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Eric Rescorla
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Gorry Fairhurst
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Mirja Kuehlewind
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Eric Rescorla
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Joe Touch
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Christopher Wood
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… David Schinazi
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Martin Thomson
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Mirja Kuehlewind
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Mirja Kuehlewind
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Frode Kileng
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Colin Perkins
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Peter Gutmann
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Stephen Farrell
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… David Schinazi
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Martin Thomson
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Peter Gutmann
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Tom Herbert
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Colin Perkins
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… David Schinazi
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Bernard Aboba
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Gorry Fairhurst
- Re: [saag] Comments on draft-ietf-tsvwg-transport… Phillip Hallam-Baker
- Re: [saag] Comments on draft-ietf-tsvwg-transport… Phillip Hallam-Baker
- Re: [saag] Comments on draft-ietf-tsvwg-transport… Michael Richardson
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Peter Gutmann
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Kathleen Moriarty
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Eric Rescorla
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Tom Herbert
- Re: [saag] [tsvwg] Comments on draft-ietf-tsvwg-t… Peter Gutmann