Re: [Tcpcrypt] New version of the charter text
ianG <iang@iang.org> Sun, 27 April 2014 21:34 UTC
Return-Path: <iang@iang.org>
X-Original-To: tcpcrypt@ietfa.amsl.com
Delivered-To: tcpcrypt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3DC81A03DF for <tcpcrypt@ietfa.amsl.com>; Sun, 27 Apr 2014 14:34:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wRXYoC3JkPnc for <tcpcrypt@ietfa.amsl.com>; Sun, 27 Apr 2014 14:33:59 -0700 (PDT)
Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) by ietfa.amsl.com (Postfix) with ESMTP id 054611A03C9 for <tcpcrypt@ietf.org>; Sun, 27 Apr 2014 14:33:59 -0700 (PDT)
Received: from tormenta.local (iang.org [209.197.106.187]) by virulha.pair.com (Postfix) with ESMTPSA id 4C5CA6D49C; Sun, 27 Apr 2014 17:33:55 -0400 (EDT)
Message-ID: <535D77C2.6060609@iang.org>
Date: Sun, 27 Apr 2014 22:33:54 +0100
From: ianG <iang@iang.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: tcpcrypt@ietf.org
References: <53576572.5030805@it.uc3m.es> <535D636D.8050108@iang.org> <535D6BF2.6040304@it.uc3m.es> <535D701E.6030004@iang.org> <CAHOTMVKYvgkF79YgcOQtWbALvtPNU5r22jShS+zwy0kxWGL-Xw@mail.gmail.com>
In-Reply-To: <CAHOTMVKYvgkF79YgcOQtWbALvtPNU5r22jShS+zwy0kxWGL-Xw@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpcrypt/hlR5M2ii6nV5c9mUCUuNbPsJfVQ
Subject: Re: [Tcpcrypt] New version of the charter text
X-BeenThere: tcpcrypt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpcrypt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpcrypt/>
List-Post: <mailto:tcpcrypt@ietf.org>
List-Help: <mailto:tcpcrypt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Apr 2014 21:34:01 -0000
On 27/04/2014 22:07 pm, Tony Arcieri wrote: > On Sun, Apr 27, 2014 at 2:01 PM, ianG <iang@iang.org > <mailto:iang@iang.org>> wrote: > > Well. I think the RFC should list it as a MAY so that people who read > it can be alerted to the fact that they had better figure out how this > happens and make sure it never happens on their watch. > > I don't think it should be a SHOULD because I've yet to see a valid > reason for it. All of the reasons so far presented have been handwavy, > very edge-case or development only. > > And I don't see its place in the Charter. It seems like cursing the > baby before its been born. > > > I'm not even sure why it's being considered for the charter. I don't understand it either. But if you look at the tcp-crypt draft, it's firmly in there. http://tcpcrypt.org/draft-bittau-tcp-crypt.txt This may be a cultural thing. Us user folk might just not want it, but in the WG world it might be something they can't conceive of not mandating. I await with interest the reasons... However, what I'm more concerned about is that in the draft, it does the old "cipher suite negotiation" thing. I would have thought that was so obviously unrequired, but apparently not. If we have cipher suite negotiation in there, talking about the universal kill switch is rather moot because someone will slip in some bad ciphers. Interesting debates ahead I suspect. Keep your powder dry. iang > This is not > a feature offered by, say, full disk encryption software, even though > people may wind up double encrypting files. It's also proven not to be a > problem in practice, even though the need to decrypt bypasses things > like DMA. > > It seems even less important for ubiquitous network encryption, where > the network is far more likely to be the bottleneck. > > -- > Tony Arcieri
- Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- Re: [Tcpcrypt] New version of the charter text Scharf, Michael (Michael)
- Re: [Tcpcrypt] New version of the charter text Joe Touch
- Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- Re: [Tcpcrypt] New version of the charter text Joe Touch
- Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- Re: [Tcpcrypt] New version of the charter text John-Mark Gurney
- Re: [Tcpcrypt] New version of the charter text Joe Touch
- Re: [Tcpcrypt] New version of the charter text Joe Touch
- Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- Re: [Tcpcrypt] New version of the charter text Tero Kivinen
- Re: [Tcpcrypt] New version of the charter text Wesley Eddy
- Re: [Tcpcrypt] New version of the charter text Joe Touch
- Re: [Tcpcrypt] New version of the charter text Wesley Eddy
- Re: [Tcpcrypt] New version of the charter text John-Mark Gurney
- Re: [Tcpcrypt] New version of the charter text Wesley Eddy
- Re: [Tcpcrypt] New version of the charter text Joe Touch
- Re: [Tcpcrypt] New version of the charter text ianG
- Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- Re: [Tcpcrypt] New version of the charter text ianG
- Re: [Tcpcrypt] New version of the charter text Tony Arcieri
- Re: [Tcpcrypt] New version of the charter text Stephen Farrell
- Re: [Tcpcrypt] New version of the charter text ianG
- Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- Re: [Tcpcrypt] New version of the charter text ianG
- Re: [Tcpcrypt] New version of the charter text marcelo bagnulo braun
- Re: [Tcpcrypt] New version of the charter text Tero Kivinen
- Re: [Tcpcrypt] New version of the charter text Joe Touch
- Re: [Tcpcrypt] New version of the charter text Tero Kivinen