IETF Logo Mail Archive

Re: [saag] Fw:Fw:New Version Notification for draft-cui-dhc-dhcpv6-encryption-02.txt

ianG <iang@iang.org> Sat, 01 August 2015 01:21 UTC

Return-Path: <iang@iang.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA6EE1A1BD2 for <saag@ietfa.amsl.com>; Fri, 31 Jul 2015 18:21:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_20=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jpLlG0WaYiBA for <saag@ietfa.amsl.com>; Fri, 31 Jul 2015 18:21:06 -0700 (PDT)
Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B41B1A1A51 for <saag@ietf.org>; Fri, 31 Jul 2015 18:21:06 -0700 (PDT)
Received: from tormenta.local (iang.org [209.197.106.187]) by virulha.pair.com (Postfix) with ESMTPSA id AB4DC6D786; Fri, 31 Jul 2015 21:21:05 -0400 (EDT)
Message-ID: <55BC1F00.9030702@iang.org>
Date: Sat, 01 Aug 2015 02:21:04 +0100
From: ianG <iang@iang.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: saag@ietf.org
References: <313da830.6be8.14ed8564467.Coremail.lilishan48@126.com> <m2mvyfh1re.wl%randy@psg.com> <55B8A692.8080409@cs.tcd.ie> <m2a8ufgpjn.wl%randy@psg.com>
In-Reply-To: <m2a8ufgpjn.wl%randy@psg.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/zQuUhuQ_xNdF8JayOlRUYVid8KA>
Subject: Re: [saag] Fw:Fw:New Version Notification for draft-cui-dhc-dhcpv6-encryption-02.txt
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Aug 2015 01:21:07 -0000

On 29/07/2015 12:40 pm, Randy Bush wrote:
> TOFU is a bit oxymoronic, or certainly abuses 'trust'.  it is more like
> You Undergo Big Attack.  it just gives you some assurance the attacker
> is reproducible.
>
> but this is a tangent.  the point is that protocols which rely on
> keying really need to nail the key distribution model(s).
>
> while tofu may be one, is it really one that security folk think the
> ietf should advocate for set-up authenticity?


Hell yeah!  It's worked to deliver pretty much 100% security &/= 
availability for the worlds that use it.

The balance we want is TOFU every time all time with option of upgrading 
to something stronger if user cares.


> it's not how i want to
> make the wsj; and coffee shop mitm will be in the wsj soon enough.


Oddly - coffee shops & pubs in UK have been MITM routinely for at least 
a couple of years that I've noticed.  Shocking really, but nobody seems 
to care.  The trick is to find a coffee house that has its own WIFI - 
and gives you a password.  The ones with franchise WIFIs are all doing 
MITMs as far as I can see.



iang

v2.23.0 | Report a Bug | By Email