Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno-01

Kyle Rose <krose@krose.org> Wed, 26 August 2015 17:25 UTC

Return-Path: <krose@krose.org>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCC321ABD3F for <tcpinc@ietfa.amsl.com>; Wed, 26 Aug 2015 10:25:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Level:
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hX4YgYNlAB6h for <tcpinc@ietfa.amsl.com>; Wed, 26 Aug 2015 10:25:21 -0700 (PDT)
Received: from mail-ig0-x22b.google.com (mail-ig0-x22b.google.com [IPv6:2607:f8b0:4001:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A655B1ACE36 for <tcpinc@ietf.org>; Wed, 26 Aug 2015 10:25:21 -0700 (PDT)
Received: by igui7 with SMTP id i7so17301903igu.0 for <tcpinc@ietf.org>; Wed, 26 Aug 2015 10:25:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=7fjMOYqEmiXcC77ARqSsgOtOZuVrL9pqy3I+Rhwb0N4=; b=Vk+/xIUNihxuw0McfCZpBIA1kFCQ5ShzQXdyaPovUpsy8STb29TPgxdpi4y24bOIWb 6C0ScNfythEJ1k7vNafbQBKPm8fyOcXKJAAwdK54XK7+aCEClYD+RsQMnI1gEoj8T6hA LpC7eL1f1KM49YA9udJCw4YtIqOAHSNzkrONw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=7fjMOYqEmiXcC77ARqSsgOtOZuVrL9pqy3I+Rhwb0N4=; b=ZrKjva9z9UhwVPytylb5dsn3PwRdQYcyZZRG4fHWUqi67xAk2nDoCpVKehPMZvRL7Y EH32OzQS1KQ/PAGZ2oQHJTYXKX4t0WHVcIClp9ledPdfao5Jql9fcBJ3C5R5FzKyvCSy PmFjWvHZPszl+Izp7JZfWyC/UadQsiRocicXcObtvXgfi1S364H0iNIHcz/w4Ss8mtVD O4UNZThnq9sPVkczaSeVaqMpleZpUgNLxt8LuceFhnSR5BoZFJ+U1lPX2b3cioTgXQ70 ofrMB2H7OMMsobVxt5PjozVwTOSydi+TdZf7QL3xp92JJtn25DvsaCpmk8xEDrpFm41T FA2Q==
X-Gm-Message-State: ALoCoQn2D8BqQ9RlF5MYHef8tZ2kzowGSCCYK2Sin0Nl77IcUp2AF/lLKdO44jWEEOyqkBkOOib2
MIME-Version: 1.0
X-Received: by 10.50.30.226 with SMTP id v2mr12970940igh.11.1440609921106; Wed, 26 Aug 2015 10:25:21 -0700 (PDT)
Received: by 10.79.31.197 with HTTP; Wed, 26 Aug 2015 10:25:20 -0700 (PDT)
X-Originating-IP: [72.246.0.14]
In-Reply-To: <55DDE33D.8030803@iang.org>
References: <CABcZeBNEFVkDi38y3G-C2nQF=dzW2mGDsj5DVK_OKVkPwK=G0g@mail.gmail.com> <878u92oadf.fsf@ta.scs.stanford.edu> <CACsn0ckQskjLqo0=YfJrmBEsyCaq0jpcSzGUwKhRo0BzzQ=wDA@mail.gmail.com> <871teuo7nu.fsf@ta.scs.stanford.edu> <CACsn0ckn-QdoXmTgjW8gYQyVqZ0x9JHEYvZO5VHQkG9nKA3-Ew@mail.gmail.com> <87wpwmnenv.fsf@ta.scs.stanford.edu> <CACsn0cnq9cZdkn=yp8-GJfXDGMP8r1sib3qrQQEQYhF25kYZPg@mail.gmail.com> <87twrpokpz.fsf@ta.scs.stanford.edu> <CACsn0ck2PfKQ8pkDLiSmuLH+81s2GzsBnKYH7e=5ga5nSJvo1Q@mail.gmail.com> <87io85ofkl.fsf@ta.scs.stanford.edu> <55DDE33D.8030803@iang.org>
Date: Wed, 26 Aug 2015 13:25:20 -0400
Message-ID: <CAJU8_nX8m8s+yJVmf83ZdCcv9VE7SE4ZR9JEiMHGWxxN3zOEyA@mail.gmail.com>
From: Kyle Rose <krose@krose.org>
To: ianG <iang@iang.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/-EzDOIFg4_iakiNWE7CMltlDy3s>
Cc: tcpinc <tcpinc@ietf.org>
Subject: Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno-01
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Aug 2015 17:25:22 -0000

> ps; The argument doesn't apply generally either:
>
> a. We here are far better placed to choose the Internet's crypto suite for
> the general case than any manager, committee, or sysadm.

Agreed, but how are you proposing to force a change when a particular
cipher suite starts to show its age? It seems that those decisions
need to be made locally as software is upgraded, and certainly it is
not realistic for a global change to be done atomically. No agility
now => no ability to change, ever. I've been down this path too many
times to have hope.

> b. If the Russians don't trust it, they are entirely at liberty to write
> their own crypto protocol and back-fit it into their software.  It's not
> that hard, and if they care - which they do for natsec - they'll be
> backfitting software anyway.

I think I might agree about any one specific case, but at what point
are the goals of the WG defeated by this attitude? Only the Russians?
"Ok, I guess." The Russians and the Chinese? "Well, that's a lot of
people..." The entire US government too? "Uh..." What about the
banking system? "..."

The high level goal here is to have a framework for global encryption
of all TCP traffic. Fragmentation acts against this goal.

> d. Unlike the WB/IMF/UN, IETF isn't a subsidy organisation to deliver
> solutions to governments.  It delivers to the masses, not any particular
> squeaky wheel.

Absolutely. But I think there are enough squeaky wheels on this issue
that they are a substantial constituent of the wider internet
community, and not simply ornery outliers.

Kyle