IETF Logo Mail Archive

Re: [Tcpcrypt] disabling encryption in the middle of a connection (was Re: Draft charter text

Joe Touch <touch@isi.edu> Wed, 23 April 2014 23:08 UTC

Return-Path: <touch@isi.edu>
X-Original-To: tcpcrypt@ietfa.amsl.com
Delivered-To: tcpcrypt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F230B1A0728 for <tcpcrypt@ietfa.amsl.com>; Wed, 23 Apr 2014 16:08:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.472
X-Spam-Level:
X-Spam-Status: No, score=-4.472 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.272] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ACc6ZWywHg72 for <tcpcrypt@ietfa.amsl.com>; Wed, 23 Apr 2014 16:08:10 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by ietfa.amsl.com (Postfix) with ESMTP id 5D5991A072A for <tcpcrypt@ietf.org>; Wed, 23 Apr 2014 16:08:10 -0700 (PDT)
Received: from [128.9.160.166] (abc.isi.edu [128.9.160.166]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id s3NN74tN025426 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 23 Apr 2014 16:07:04 -0700 (PDT)
Message-ID: <53584798.70808@isi.edu>
Date: Wed, 23 Apr 2014 16:07:04 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Tony Arcieri <bascule@gmail.com>
References: <533C33D2.4060004@it.uc3m.es> <534569A0.9020505@fifthhorseman.net> <20140410085034.tv16loo60c0wco8k@webcartero01.uc3m.es> <5348528D.1030101@isi.edu> <20140413090902.x1yd873rkcco4g8o@webcartero01.uc3m.es> <CABu4T3+yYoNReA+S7S057_aWBwia-Tw_y8YX8ALdup-_soN3Tw@mail.gmail.com> <CAKC-DJgf3wXAq97Rpiri52MgE8U7mPBpxCVJE=u_4JCWnTUa1g@mail.gmail.com> <534ACCE5.2080103@isi.edu> <53575A81.300@it.uc3m.es> <CAHOTMVJJxiQ31RrmNCNvNJgqWuz_J9Dfh2xWdpc6p=8dtXcdJg@mail.gmail.com> <53583CB2.3050604@isi.edu> <CAHOTMVLt7f-fq3CQHZzdXgCi9FWC-DuJjOQWF4Eh7KR_LrRcMQ@mail.gmail.com> <535840B8.6040509@isi.edu> <CAHOTMV+zBsAc=dOrCPn9EwEf3gUBQGGLKQ5b4wbECpeBFdFSMA@mail.gmail.com>
In-Reply-To: <CAHOTMV+zBsAc=dOrCPn9EwEf3gUBQGGLKQ5b4wbECpeBFdFSMA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpcrypt/zHeECygfR3RZ6llcdV01vwXLeeg
Cc: marcelo bagnulo braun <marcelo@it.uc3m.es>, "tcpcrypt@ietf.org" <tcpcrypt@ietf.org>
Subject: Re: [Tcpcrypt] disabling encryption in the middle of a connection (was Re: Draft charter text
X-BeenThere: tcpcrypt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpcrypt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpcrypt/>
List-Post: <mailto:tcpcrypt@ietf.org>
List-Help: <mailto:tcpcrypt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpcrypt>, <mailto:tcpcrypt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Apr 2014 23:08:12 -0000

On 4/23/2014 3:58 PM, Tony Arcieri wrote:
> On Wed, Apr 23, 2014 at 3:37 PM, Joe Touch <touch@isi.edu
> <mailto:touch@isi.edu>> wrote:
>
>     No one needs to measure the power cost to know it's non-zero. If it
>     were, we'd have bigger problems (i.e., violation of the second law
>     of thermodynamics).
>
>
> It's still premature optimization, and will come at a non-zero cost to
> the protocol's security:

Security is a premature optimization too, in that sense. I.e., I already 
care about my cellphone's battery, but don't currently experience 
attacks on TCP connections that a TCP-level solution would be needed to 
secure. You keep claiming that nobody has measured performance impact of 
security, but that's not true (see refs below). The converse is that 
there's very little evidence of attacks at the TCP level of connections 
except between routers.

So if you're core point is that performance is a premature optimization, 
then so is TCP-layer security, and then there's little utility in 
pursuing the solution at all.

Joe

J. Touch, “Performance Analysis of MD5,” in Proc. ACM Sigcomm ’95, pp. 
77-86.

J. Touch, Y. Yang, “Reducing the Impact of DoS Attacks on Endpoint IP 
Security,” Proc. NPSec 2006, in conjunction with ICNP 2006, Nov. 2006.

v2.23.0 | Report a Bug | By Email