IETF Logo Mail Archive

Re: [Tcpcrypt] Initial questions

Joe Touch <touch@isi.edu> Fri, 20 June 2014 22:24 UTC

Return-Path: <touch@isi.edu>
X-Original-To: tcpcrypt@ietfa.amsl.com
Delivered-To: tcpcrypt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F0DE1A031C for <tcpcrypt@ietfa.amsl.com>; Fri, 20 Jun 2014 15:24:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.851
X-Spam-Level:
X-Spam-Status: No, score=-4.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MqJ_oeCWD5yO for <tcpcrypt@ietfa.amsl.com>; Fri, 20 Jun 2014 15:24:39 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7267A1A0313 for <tcpcrypt@ietf.org>; Fri, 20 Jun 2014 15:24:39 -0700 (PDT)
Received: from [128.9.160.166] (abc.isi.edu [128.9.160.166]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id s5KMNUvE007532 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 20 Jun 2014 15:23:30 -0700 (PDT)
Message-ID: <53A4B462.7010106@isi.edu>
Date: Fri, 20 Jun 2014 15:23:30 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: ianG <iang@iang.org>, tcpcrypt@ietf.org
References: <CACXcFmmQCgTu6-QLJZdH8Q+ZST97ugoTaUWCUV0S6AWsjvCGfg@mail.gmail.com> <53A2066A.4090802@isi.edu> <53A2BF69.3040001@iang.org> <53A3242E.7020106@isi.edu> <53A32AAA.1060400@iang.org> <53A32D5A.10007@isi.edu> <53A3D122.8030501@iang.org>
In-Reply-To: <53A3D122.8030501@iang.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpcrypt/v1kscz1-twvF8EgMthNhS8Ibphk
Subject: Re: [Tcpcrypt] Initial questions
X-BeenThere: tcpcrypt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpcrypt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpcrypt/>
List-Post: <mailto:tcpcrypt@ietf.org>
List-Help: <mailto:tcpcrypt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jun 2014 22:24:40 -0000


On 6/19/2014 11:13 PM, ianG wrote:
...
>   Why bother about the freak occurrence of an algorithm break when it can
> be hit by MITM anyway?  When we're losing most of the marketplace to
> slowness in install?

Two algorithms, with one as the preferred default is prudent as a 
pre-deployed backup...

> How are you going to tell people to switch, given that our problem space
> is automatic operation, without people knowing?

and it also helps us validate that the system can support other 
algorithms without major revision (i.e., we need an answer to this 
question, and the best way to test it is with two algorithms).

That's my view, and you've already disagreed with it; let's see what 
others have to say.

Joe

v2.23.0 | Report a Bug | By Email