Re: [Tcpcrypt] New version of the charter text
marcelo bagnulo braun <marcelo@it.uc3m.es> Mon, 28 April 2014 12:17 UTC
Return-Path: <marcelo@it.uc3m.es>
X-Original-To: tcpcrypt@ietfa.amsl.com
Delivered-To: tcpcrypt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F5DF1A073E for <tcpcrypt@ietfa.amsl.com>; Mon, 28 Apr 2014 05:17:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.852
X-Spam-Level:
X-Spam-Status: No, score=-104.852 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TlFASxTpHGGy for <tcpcrypt@ietfa.amsl.com>; Mon, 28 Apr 2014 05:16:57 -0700 (PDT)
Received: from smtp01.uc3m.es (smtp01.uc3m.es [163.117.176.131]) by ietfa.amsl.com (Postfix) with ESMTP id EB7FD1A070F for <tcpcrypt@ietf.org>; Mon, 28 Apr 2014 05:16:56 -0700 (PDT)
Received: from smtp01.uc3m.es (localhost [127.0.0.1]) by localhost.uc3m.es (Postfix) with ESMTP id 3D05DCC808E for <tcpcrypt@ietf.org>; Mon, 28 Apr 2014 14:16:55 +0200 (CEST)
X-uc3m-safe: yes
X-uc3m-safe: yes
Received: from [163.117.85.124] (unknown [163.117.85.124]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: marcelo@smtp01.uc3m.es) by smtp01.uc3m.es (Postfix) with ESMTPSA id 2E666B47E1D for <tcpcrypt@ietf.org>; Mon, 28 Apr 2014 14:16:55 +0200 (CEST)
Message-ID: <535E46B6.60508@it.uc3m.es>
Date: Mon, 28 Apr 2014 14:16:54 +0200
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: tcpcrypt@ietf.org
References: <53576572.5030805@it.uc3m.es> <535D636D.8050108@iang.org> <535D6BF2.6040304@it.uc3m.es> <535D76BC.4060007@cs.tcd.ie> <535DE7C6.80902@it.uc3m.es> <535E308D.2090609@iang.org>
In-Reply-To: <535E308D.2090609@iang.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
X-TM-AS-Product-Ver: IMSS-7.1.0.1224-7.5.0.1017-20660.007
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpcrypt/a_sLkL8ms1UYYygVwzFvilZu1U0
Subject: Re: [Tcpcrypt] New version of the charter text
X-BeenThere: tcpcrypt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpcrypt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpcrypt/>
List-Post: <mailto:tcpcrypt@ietf.org>
List-Help: <mailto:tcpcrypt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Apr 2014 12:17:00 -0000
ok, given that we are talking about the same thing, i guess it is clear that there is no clear consensus to keep this in, so i will remove it from the charter and leave it for WG discussion El 28/04/14 12:42, ianG escribió: > On 28/04/2014 06:31 am, marcelo bagnulo braun wrote: >> El 27/04/14 23:29, Stephen Farrell escribió: >>> Hi Marcelo, >>> >>> On 27/04/14 21:43, marcelo bagnulo braun wrote: >>>> - Hooks for allowing upper layers to disable encryption must be made >>>> available. >>>> The protocol may try to avoid redundant encryption when it is >>>> possible >>>> e.g. >>>> by detecting encryption performed by upper layers (notably, when TLS >>>> is used). >>> Based on all the discussion on this so far, I'd also suggest >>> deleting this bit. I agree with Ian that the reasons for >>> including this stated so far are arm-wavy. And "detecting" >>> that higher layers are encrypting vs. compressing seems unlikely >>> in the general case too. If something is using TLS then the >>> TLS code (which normally calls the socket API I think) can >>> presumably determine if TCP Inc. would be on by default and >>> do the right thing so there's no need for TCP Inc. to do >>> anything for that case even if someone concludes that double >>> wrapping isn't what they want. >>> >>> So count me as another -1 on inclusion of the above. >> mmm, I guess i misread the previous discussion or i didnt managed to >> explain what i had in mind. >> >> Let me try to explain myself (not trying to push for this, just want to >> clarify). >> >> What i had in mind was _not_ about allowing the upper layer to disable >> the encryption in the middle of a connection. > Well, yes, I don't think anyone had that in mind. > >> What i had in mind was to allow the upper layer to say: "please for this >> connection, dont use TCP-INC, just use plain old TCP". > This is understood. I believe this will exist in implementations, > regardless, for development purposes. I also believe the smart > implementors will realise they don't need it, and nor do their users, > and that they will solve some problems by getting rid of it (which > realisation will also infect thinking about ciphersuites). > >> This is because >> the upperlayer may knwo better, for instance, it is building its onw >> security. > > If the upper layer truly knew better, it wouldn't be using TCP. > > Or, you might be saying, the upper layer is TLS. In which case the > developers are going to be really annoyed by the dual layers basically > duplicating the same thing (if tcp-crypt is any guide) and is thus shear > waste. But the users won't know any different? > > And why can't the developers spend that time turning it off (with > uncertain knowledge of whether the implementation is even there) by > instead working with the TCP-crypt layer instead of against it? > > >> If we dont provide this hook, then it is always encrypted if both ends >> support and there is nothing the upper layer can do in order to avoid it. > > Yes. But what is the problem with that? > > Obviously performance spring to mind, but many claim that is no longer > an issue. Without getting dragged into mindless academic foodfights > about citations, the point is here that performance isn't the reason it > was in 1994, when they broke HTTPS and put half the website in the > clear. I can't recall the last time I had to tweak SSH to use a faster > cipher for huge backups, it was probably late 1990s. > > Latency could be an issue with say TLS over TCP-crypt over TCP-startup. > > Secondly, you bring up dual security. Now, the nature of security is > that a security layer cannot interfere with the data being transported, > and indeed that's reflected in the charter. So it is not as if there > are going to be artifacts of interference in a proper implementation. > > Finally, it might be worth noting that it is a general NSA > recommendation that systems should be dual-encrypted where the systems > are sufficiently independent of each other. e.g., IPSec at the > point-to-point and PGP or SSH above that. FWIW. > > Point being, there is no clear MUST nor SHOULD here, this again is a > property that can and will emerge from the experimentation. > > >> Please also note that this does not allow for the peer to downgrade the >> connection or terminate encryption, as this has no impact in the wire, >> it is only at the begining of the connection. >> >> Does this clarify things? What do you think? >> >> That being said, I am perfectly fine with removing it from the charter. > > That's what is being asked. > > > > iang > > _______________________________________________ > Tcpcrypt mailing list > Tcpcrypt@ietf.org > https://www.ietf.org/mailman/listinfo/tcpcrypt >
- Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- Re: [Tcpcrypt] New version of the charter text Scharf, Michael (Michael)
- Re: [Tcpcrypt] New version of the charter text Joe Touch
- Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- Re: [Tcpcrypt] New version of the charter text Joe Touch
- Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- Re: [Tcpcrypt] New version of the charter text John-Mark Gurney
- Re: [Tcpcrypt] New version of the charter text Joe Touch
- Re: [Tcpcrypt] New version of the charter text Joe Touch
- Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- Re: [Tcpcrypt] New version of the charter text Tero Kivinen
- Re: [Tcpcrypt] New version of the charter text Wesley Eddy
- Re: [Tcpcrypt] New version of the charter text Joe Touch
- Re: [Tcpcrypt] New version of the charter text Wesley Eddy
- Re: [Tcpcrypt] New version of the charter text John-Mark Gurney
- Re: [Tcpcrypt] New version of the charter text Wesley Eddy
- Re: [Tcpcrypt] New version of the charter text Joe Touch
- Re: [Tcpcrypt] New version of the charter text ianG
- Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- Re: [Tcpcrypt] New version of the charter text ianG
- Re: [Tcpcrypt] New version of the charter text Tony Arcieri
- Re: [Tcpcrypt] New version of the charter text Stephen Farrell
- Re: [Tcpcrypt] New version of the charter text ianG
- Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- Re: [Tcpcrypt] New version of the charter text ianG
- Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- Re: [Tcpcrypt] New version of the charter text Tero Kivinen
- Re: [Tcpcrypt] New version of the charter text Joe Touch
- Re: [Tcpcrypt] New version of the charter text Tero Kivinen