Re: [Tcpcrypt] disabling encryption in the middle of a connection (was Re: Draft charter text
Joe Touch <touch@isi.edu> Wed, 23 April 2014 23:08 UTC
Return-Path: <touch@isi.edu>
X-Original-To: tcpcrypt@ietfa.amsl.com
Delivered-To: tcpcrypt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F230B1A0728 for <tcpcrypt@ietfa.amsl.com>; Wed, 23 Apr 2014 16:08:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.472
X-Spam-Level:
X-Spam-Status: No, score=-4.472 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.272] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ACc6ZWywHg72 for <tcpcrypt@ietfa.amsl.com>; Wed, 23 Apr 2014 16:08:10 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by ietfa.amsl.com (Postfix) with ESMTP id 5D5991A072A for <tcpcrypt@ietf.org>; Wed, 23 Apr 2014 16:08:10 -0700 (PDT)
Received: from [128.9.160.166] (abc.isi.edu [128.9.160.166]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id s3NN74tN025426 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 23 Apr 2014 16:07:04 -0700 (PDT)
Message-ID: <53584798.70808@isi.edu>
Date: Wed, 23 Apr 2014 16:07:04 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Tony Arcieri <bascule@gmail.com>
References: <533C33D2.4060004@it.uc3m.es> <534569A0.9020505@fifthhorseman.net> <20140410085034.tv16loo60c0wco8k@webcartero01.uc3m.es> <5348528D.1030101@isi.edu> <20140413090902.x1yd873rkcco4g8o@webcartero01.uc3m.es> <CABu4T3+yYoNReA+S7S057_aWBwia-Tw_y8YX8ALdup-_soN3Tw@mail.gmail.com> <CAKC-DJgf3wXAq97Rpiri52MgE8U7mPBpxCVJE=u_4JCWnTUa1g@mail.gmail.com> <534ACCE5.2080103@isi.edu> <53575A81.300@it.uc3m.es> <CAHOTMVJJxiQ31RrmNCNvNJgqWuz_J9Dfh2xWdpc6p=8dtXcdJg@mail.gmail.com> <53583CB2.3050604@isi.edu> <CAHOTMVLt7f-fq3CQHZzdXgCi9FWC-DuJjOQWF4Eh7KR_LrRcMQ@mail.gmail.com> <535840B8.6040509@isi.edu> <CAHOTMV+zBsAc=dOrCPn9EwEf3gUBQGGLKQ5b4wbECpeBFdFSMA@mail.gmail.com>
In-Reply-To: <CAHOTMV+zBsAc=dOrCPn9EwEf3gUBQGGLKQ5b4wbECpeBFdFSMA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpcrypt/zHeECygfR3RZ6llcdV01vwXLeeg
Cc: marcelo bagnulo braun <marcelo@it.uc3m.es>, "tcpcrypt@ietf.org" <tcpcrypt@ietf.org>
Subject: Re: [Tcpcrypt] disabling encryption in the middle of a connection (was Re: Draft charter text
X-BeenThere: tcpcrypt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpcrypt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpcrypt/>
List-Post: <mailto:tcpcrypt@ietf.org>
List-Help: <mailto:tcpcrypt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Apr 2014 23:08:12 -0000
On 4/23/2014 3:58 PM, Tony Arcieri wrote: > On Wed, Apr 23, 2014 at 3:37 PM, Joe Touch <touch@isi.edu > <mailto:touch@isi.edu>> wrote: > > No one needs to measure the power cost to know it's non-zero. If it > were, we'd have bigger problems (i.e., violation of the second law > of thermodynamics). > > > It's still premature optimization, and will come at a non-zero cost to > the protocol's security: Security is a premature optimization too, in that sense. I.e., I already care about my cellphone's battery, but don't currently experience attacks on TCP connections that a TCP-level solution would be needed to secure. You keep claiming that nobody has measured performance impact of security, but that's not true (see refs below). The converse is that there's very little evidence of attacks at the TCP level of connections except between routers. So if you're core point is that performance is a premature optimization, then so is TCP-layer security, and then there's little utility in pursuing the solution at all. Joe J. Touch, “Performance Analysis of MD5,” in Proc. ACM Sigcomm ’95, pp. 77-86. J. Touch, Y. Yang, “Reducing the Impact of DoS Attacks on Endpoint IP Security,” Proc. NPSec 2006, in conjunction with ICNP 2006, Nov. 2006.
- [Tcpcrypt] Draft charter text marcelo bagnulo braun
- Re: [Tcpcrypt] Draft charter text Derek Fawcus
- Re: [Tcpcrypt] Draft charter text Brandon Williams
- Re: [Tcpcrypt] Draft charter text marcelo bagnulo braun
- Re: [Tcpcrypt] Draft charter text Paul Lambert
- Re: [Tcpcrypt] Draft charter text marcelo bagnulo braun
- Re: [Tcpcrypt] Draft charter text Derek Fawcus
- Re: [Tcpcrypt] Draft charter text Sandeep Kumar
- Re: [Tcpcrypt] Draft charter text marcelo bagnulo braun
- Re: [Tcpcrypt] Draft charter text marcelo bagnulo braun
- Re: [Tcpcrypt] Draft charter text Daniel Kahn Gillmor
- Re: [Tcpcrypt] Draft charter text Stephen Farrell
- Re: [Tcpcrypt] Draft charter text marcelo bagnulo braun
- Re: [Tcpcrypt] Draft charter text Erik Nygren
- Re: [Tcpcrypt] Draft charter text marcelo bagnulo braun
- Re: [Tcpcrypt] Draft charter text Daniel Kahn Gillmor
- Re: [Tcpcrypt] Draft charter text Stephen Farrell
- Re: [Tcpcrypt] Draft charter text John-Mark Gurney
- Re: [Tcpcrypt] Draft charter text John-Mark Gurney
- Re: [Tcpcrypt] Draft charter text Daniel Kahn Gillmor
- Re: [Tcpcrypt] Draft charter text Stephen Farrell
- Re: [Tcpcrypt] Draft charter text Paul Lambert
- Re: [Tcpcrypt] Draft charter text MARCELO BAGNULO BRAUN
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text MARCELO BAGNULO BRAUN
- Re: [Tcpcrypt] Draft charter text Andrea Bittau
- Re: [Tcpcrypt] Draft charter text Erik Nygren
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text Tony Arcieri
- Re: [Tcpcrypt] Draft charter text Erik Nygren
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text John-Mark Gurney
- Re: [Tcpcrypt] Draft charter text John-Mark Gurney
- Re: [Tcpcrypt] Draft charter text John-Mark Gurney
- Re: [Tcpcrypt] Draft charter text John-Mark Gurney
- Re: [Tcpcrypt] Draft charter text Daniel Kahn Gillmor
- Re: [Tcpcrypt] Draft charter text Stephen Farrell
- Re: [Tcpcrypt] Draft charter text Daniel Kahn Gillmor
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text MARCELO BAGNULO BRAUN
- Re: [Tcpcrypt] Draft charter text MARCELO BAGNULO BRAUN
- Re: [Tcpcrypt] Draft charter text MARCELO BAGNULO BRAUN
- Re: [Tcpcrypt] Draft charter text MARCELO BAGNULO BRAUN
- Re: [Tcpcrypt] Draft charter text MARCELO BAGNULO BRAUN
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text John-Mark Gurney
- Re: [Tcpcrypt] Draft charter text John-Mark Gurney
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text Tony Arcieri
- Re: [Tcpcrypt] Draft charter text John-Mark Gurney
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text John-Mark Gurney
- Re: [Tcpcrypt] Draft charter text John-Mark Gurney
- Re: [Tcpcrypt] Draft charter text John-Mark Gurney
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text MARCELO BAGNULO BRAUN
- Re: [Tcpcrypt] Draft charter text MARCELO BAGNULO BRAUN
- Re: [Tcpcrypt] Draft charter text MARCELO BAGNULO BRAUN
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text Wesley Eddy
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text MARCELO BAGNULO BRAUN
- Re: [Tcpcrypt] Draft charter text MARCELO BAGNULO BRAUN
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text MARCELO BAGNULO BRAUN
- Re: [Tcpcrypt] Draft charter text MARCELO BAGNULO BRAUN
- Re: [Tcpcrypt] Draft charter text Stephen Farrell
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text Stephen Farrell
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text Stephen Farrell
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text MARCELO BAGNULO BRAUN
- Re: [Tcpcrypt] Draft charter text Stephen Farrell
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text Pasi Sarolahti
- Re: [Tcpcrypt] Draft charter text Stephen Farrell
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text MARCELO BAGNULO BRAUN
- Re: [Tcpcrypt] Draft charter text Derek Fawcus
- Re: [Tcpcrypt] Draft charter text Joe Touch
- Re: [Tcpcrypt] Draft charter text John-Mark Gurney
- Re: [Tcpcrypt] Draft charter text Wesley Eddy
- Re: [Tcpcrypt] Draft charter text MARCELO BAGNULO BRAUN
- [Tcpcrypt] disabling encryption in the middle of … marcelo bagnulo braun
- Re: [Tcpcrypt] Draft charter text marcelo bagnulo braun
- Re: [Tcpcrypt] disabling encryption in the middle… Olivier Bonaventure
- Re: [Tcpcrypt] disabling encryption in the middle… marcelo bagnulo braun
- Re: [Tcpcrypt] disabling encryption in the middle… Paul Lambert
- Re: [Tcpcrypt] disabling encryption in the middle… Tony Arcieri
- Re: [Tcpcrypt] disabling encryption in the middle… Joe Touch
- Re: [Tcpcrypt] disabling encryption in the middle… Joe Touch
- Re: [Tcpcrypt] disabling encryption in the middle… Tony Arcieri
- Re: [Tcpcrypt] disabling encryption in the middle… Joe Touch
- Re: [Tcpcrypt] disabling encryption in the middle… Tony Arcieri
- Re: [Tcpcrypt] disabling encryption in the middle… Joe Touch
- Re: [Tcpcrypt] disabling encryption in the middle… Tony Arcieri
- Re: [Tcpcrypt] disabling encryption in the middle… Joe Touch
- Re: [Tcpcrypt] disabling encryption in the middle… Alfie John
- Re: [Tcpcrypt] disabling encryption in the middle… ianG
- Re: [Tcpcrypt] disabling encryption in the middle… Joe Touch
- Re: [Tcpcrypt] disabling encryption in the middle… Tony Arcieri
- Re: [Tcpcrypt] disabling encryption in the middle… Tony Arcieri
- Re: [Tcpcrypt] disabling encryption in the middle… Joe Touch
- Re: [Tcpcrypt] disabling encryption in the middle… Joe Touch
- Re: [Tcpcrypt] disabling encryption in the middle… Tony Arcieri
- Re: [Tcpcrypt] disabling encryption in the middle… Tony Arcieri
- Re: [Tcpcrypt] disabling encryption in the middle… Joe Touch
- Re: [Tcpcrypt] disabling encryption in the middle… Tony Arcieri
- Re: [Tcpcrypt] disabling encryption in the middle… Joe Touch
- Re: [Tcpcrypt] disabling encryption in the middle… Joe Touch
- Re: [Tcpcrypt] disabling encryption in the middle… Tony Arcieri
- [Tcpcrypt] Asking for proof, but not reading the … Joe Touch
- Re: [Tcpcrypt] Asking for proof, but not reading … Tony Arcieri
- Re: [Tcpcrypt] Asking for proof, but not reading … Joe Touch
- Re: [Tcpcrypt] Asking for proof, but not reading … Tony Arcieri
- Re: [Tcpcrypt] disabling encryption in the middle… Eggert, Lars
- Re: [Tcpcrypt] disabling encryption in the middle… ianG
- Re: [Tcpcrypt] disabling encryption in the middle… marcelo bagnulo braun
- Re: [Tcpcrypt] disabling encryption in the middle… ianG
- Re: [Tcpcrypt] disabling encryption in the middle… marcelo bagnulo braun
- Re: [Tcpcrypt] disabling encryption in the middle… ianG
- Re: [Tcpcrypt] disabling encryption in the middle… marcelo bagnulo braun
- Re: [Tcpcrypt] disabling encryption in the middle… ianG
- Re: [Tcpcrypt] disabling encryption in the middle… marcelo bagnulo braun
- Re: [Tcpcrypt] disabling encryption in the middle… ianG
- Re: [Tcpcrypt] disabling encryption in the middle… John-Mark Gurney
- Re: [Tcpcrypt] disabling encryption in the middle… Joe Touch
- Re: [Tcpcrypt] disabling encryption in the middle… Joe Touch
- Re: [Tcpcrypt] disabling encryption in the middle… ianG
- Re: [Tcpcrypt] disabling encryption in the middle… Joe Touch
- Re: [Tcpcrypt] Asking for proof, but not reading … Joe Touch
- Re: [Tcpcrypt] Asking for proof, but not reading … Tony Arcieri
- Re: [Tcpcrypt] Asking for proof, but not reading … Joe Touch
- Re: [Tcpcrypt] Asking for proof, but not reading … Tony Arcieri
- Re: [Tcpcrypt] Asking for proof, but not reading … Tony Arcieri
- Re: [Tcpcrypt] Asking for proof, but not reading … Joe Touch
- Re: [Tcpcrypt] Asking for proof, but not reading … Tony Arcieri
- Re: [Tcpcrypt] Asking for proof, but not reading … Joe Touch
- Re: [Tcpcrypt] Asking for proof, but not reading … Joe Touch
- Re: [Tcpcrypt] Asking for proof, but not reading … Tony Arcieri
- Re: [Tcpcrypt] Asking for proof, but not reading … Joe Touch
- Re: [Tcpcrypt] Asking for proof, but not reading … ianG
- Re: [Tcpcrypt] Asking for proof, but not reading … Chris Palmer
- Re: [Tcpcrypt] Asking for proof, but not reading … Joe Touch
- Re: [Tcpcrypt] Asking for proof, but not reading … Joe Touch
- Re: [Tcpcrypt] Asking for proof, but not reading … Alfie John
- Re: [Tcpcrypt] Asking for proof, but not reading … Stephen Farrell
- Re: [Tcpcrypt] Asking for proof, but not reading … ianG
- [Tcpcrypt] NULL cipher or not (was: Re: Asking fo… Stephen Farrell
- Re: [Tcpcrypt] NULL cipher or not (was: Re: Askin… Tony Arcieri
- Re: [Tcpcrypt] NULL cipher or not (was: Re: Askin… Tony Arcieri
- Re: [Tcpcrypt] Asking for proof, but not reading … Tony Arcieri
- Re: [Tcpcrypt] NULL cipher or not (was: Re: Askin… Mark Handley
- Re: [Tcpcrypt] NULL cipher or not Stephen Farrell
- Re: [Tcpcrypt] NULL cipher or not (was: Re: Askin… Tony Arcieri
- Re: [Tcpcrypt] NULL cipher or not Guido Witmond
- Re: [Tcpcrypt] NULL cipher or not Tony Arcieri
- Re: [Tcpcrypt] Asking for proof, but not reading … Joe Touch
- Re: [Tcpcrypt] NULL cipher or not Stephen Farrell
- Re: [Tcpcrypt] Asking for proof, but not reading … Tony Arcieri
- Re: [Tcpcrypt] NULL cipher or not Guido Witmond
- [Tcpcrypt] Getting back to the charter, maybe? Re… marcelo bagnulo braun
- Re: [Tcpcrypt] NULL cipher or not Stephen Farrell
- Re: [Tcpcrypt] NULL cipher or not Joe Touch
- Re: [Tcpcrypt] NULL cipher or not (was: Re: Askin… Paul Lambert
- Re: [Tcpcrypt] NULL cipher or not (was: Re: Askin… Alfie John
- Re: [Tcpcrypt] NULL cipher or not Stephen Farrell
- Re: [Tcpcrypt] NULL cipher or not David Mazieres
- Re: [Tcpcrypt] NULL cipher or not ianG
- Re: [Tcpcrypt] NULL cipher or not David Mazieres
- Re: [Tcpcrypt] NULL cipher or not (was: Re: Askin… John-Mark Gurney
- Re: [Tcpcrypt] NULL cipher or not (was: Re: Askin… David Mazieres
- Re: [Tcpcrypt] NULL cipher or not Paul Lambert
- Re: [Tcpcrypt] NULL cipher or not ianG
- Re: [Tcpcrypt] NULL cipher or not marcelo bagnulo braun