IETF Logo Mail Archive

Re: [Secdispatch] The Mathematical Mesh

Michael Richardson <mcr+ietf@sandelman.ca> Tue, 23 April 2019 20:22 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F313F12013D for <secdispatch@ietfa.amsl.com>; Tue, 23 Apr 2019 13:22:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 75IRZUff7cpJ for <secdispatch@ietfa.amsl.com>; Tue, 23 Apr 2019 13:22:31 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00::f03c:91ff:feae:de77]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2813A120344 for <secdispatch@ietf.org>; Tue, 23 Apr 2019 13:22:31 -0700 (PDT)
Received: from dooku.sandelman.ca (unknown [75.98.19.133]) by relay.sandelman.ca (Postfix) with ESMTPS id D51CB1F457 for <secdispatch@ietf.org>; Tue, 23 Apr 2019 20:22:29 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id B8A5E3B51; Tue, 23 Apr 2019 16:14:47 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: secdispatch@ietf.org
In-reply-to: <CAMm+LwiF3iGiRO5reW4KCgf8vp=Kv=+4pD+_rGOcxEsD1Hxk4g@mail.gmail.com>
References: <CAMm+LwiF3iGiRO5reW4KCgf8vp=Kv=+4pD+_rGOcxEsD1Hxk4g@mail.gmail.com>
Comments: In-reply-to Phillip Hallam-Baker <phill@hallambaker.com> message dated "Mon, 22 Apr 2019 12:58:11 -0400."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Tue, 23 Apr 2019 16:14:47 -0400
Message-ID: <31215.1556050487@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/BPa_tzvtFROx8M-GlGcI2qOQA90>
Subject: Re: [Secdispatch] The Mathematical Mesh
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Apr 2019 20:22:34 -0000

I have been reading Phill's work off and on as he has progressed over a few
years.  I think that Richard Barnes' question, "who will implement this"
is relevant, but I prefer not to take it too strongly at this point.
We have published many things that seemed to have multi-vendor support, which
went nowhere, and some things that are uni-vendor (TACACS..) which are widely
used. 

BOF's attempt to establish such things, and at this point, I don't think
it is time for an IETF BOF yet.

Often things happen in the open source space and by the time it's clear that
it is popular, serious protocol mistakes have occured.  For instance, the
Matrix system had a version issue early on, and clearly would have benefitted
From having an open specification around it, and it probably could have
benefitting (maybe it is...) from our MLS work. 
   https://lwn.net/Articles/779331/
   (google found me this, while I was searching for this article.
   Looks like implementation not specification issue
      https://thehackernews.com/2019/04/france-Tchap-secure-messenger.html

Here are the directions (not mutually exclusive) that I suggest we consider:

1) an IRTF group. (We did this with HIP for instance)
2) publish some of the foundational documents as AD sponsor
3) thank PHB for his work, ask him to do an IAB plenary talk on it,
   and update us in 18 months.
4) Informational via the ISE.   

Having said this, I want to use the udf: mechanism to avoid sending large
IDevIDs across constrained networks (whether with DTLS or EDHOC).  I'm sure
that I can cook up something else, but it won't be as general.

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

v2.23.0 | Report a Bug | By Email