Re: [Tcpcrypt] New version of the charter text

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sun, 27 April 2014 21:29 UTC

Message-ID: <535D76BC.4060007@cs.tcd.ie>
Date: Sun, 27 Apr 2014 22:29:32 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: marcelo bagnulo braun <marcelo@it.uc3m.es>, tcpcrypt@ietf.org
References: <53576572.5030805@it.uc3m.es> <535D636D.8050108@iang.org> <535D6BF2.6040304@it.uc3m.es>
In-Reply-To: <535D6BF2.6040304@it.uc3m.es>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpcrypt/SPnJul28PWtNIjmxnGmIsOtSGN4
Subject: Re: [Tcpcrypt] New version of the charter text
Precedence: list

Hi Marcelo,

On 27/04/14 21:43, marcelo bagnulo braun wrote:
> 
> - Hooks for allowing upper layers to disable encryption must be made
> available.
>    The protocol may try to avoid redundant encryption when it is possible
> e.g.
>    by detecting encryption performed by upper layers (notably, when TLS
> is used).

Based on all the discussion on this so far, I'd also suggest
deleting this bit. I agree with Ian that the reasons for
including this stated so far are arm-wavy. And "detecting"
that higher layers are encrypting vs. compressing seems unlikely
in the general case too. If something is using TLS then the
TLS code (which normally calls the socket API I think) can
presumably determine if TCP Inc. would be on by default and
do the right thing so there's no need for TCP Inc. to do
anything for that case even if someone concludes that double
wrapping isn't what they want.

So count me as another -1 on inclusion of the above.

That said, I think that the argument for null ciphers could
still be made later (which might be one way to deal with the
wish expressed above), and I'm sure someone will inevitably
make the argument for that for debugging purposes so since
we know it'll happen we don't really need to argue about
whether that's ok or not now:-) As I've also said before,
I'd need to be convinced that those are worthwhile myself
so as of now I'd say not defining 'em is the right thing.

S.

Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
[Tcpcrypt] New version of the charter text marcelo bagnulo braun
Re: [Tcpcrypt] New version of the charter text Scharf, Michael (Michael)
Re: [Tcpcrypt] New version of the charter text Joe Touch
Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
Re: [Tcpcrypt] New version of the charter text Joe Touch
Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
Re: [Tcpcrypt] New version of the charter text John-Mark Gurney
Re: [Tcpcrypt] New version of the charter text Joe Touch
Re: [Tcpcrypt] New version of the charter text Joe Touch
Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
Re: [Tcpcrypt] New version of the charter text Tero Kivinen
Re: [Tcpcrypt] New version of the charter text Wesley Eddy
Re: [Tcpcrypt] New version of the charter text Joe Touch
Re: [Tcpcrypt] New version of the charter text Wesley Eddy
Re: [Tcpcrypt] New version of the charter text John-Mark Gurney
Re: [Tcpcrypt] New version of the charter text Wesley Eddy
Re: [Tcpcrypt] New version of the charter text Joe Touch
Re: [Tcpcrypt] New version of the charter text ianG
Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
Re: [Tcpcrypt] New version of the charter text ianG
Re: [Tcpcrypt] New version of the charter text Tony Arcieri
Re: [Tcpcrypt] New version of the charter text Stephen Farrell
Re: [Tcpcrypt] New version of the charter text ianG
Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
Re: [Tcpcrypt] New version of the charter text ianG
Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
Re: [Tcpcrypt] New version of the charter text Tero Kivinen
Re: [Tcpcrypt] New version of the charter text Joe Touch
Re: [Tcpcrypt] New version of the charter text Tero Kivinen