Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno-01

Kyle Rose <> Wed, 26 August 2015 17:25 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id BCC321ABD3F for <>; Wed, 26 Aug 2015 10:25:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id hX4YgYNlAB6h for <>; Wed, 26 Aug 2015 10:25:21 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4001:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A655B1ACE36 for <>; Wed, 26 Aug 2015 10:25:21 -0700 (PDT)
Received: by igui7 with SMTP id i7so17301903igu.0 for <>; Wed, 26 Aug 2015 10:25:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=7fjMOYqEmiXcC77ARqSsgOtOZuVrL9pqy3I+Rhwb0N4=; b=Vk+/xIUNihxuw0McfCZpBIA1kFCQ5ShzQXdyaPovUpsy8STb29TPgxdpi4y24bOIWb 6C0ScNfythEJ1k7vNafbQBKPm8fyOcXKJAAwdK54XK7+aCEClYD+RsQMnI1gEoj8T6hA LpC7eL1f1KM49YA9udJCw4YtIqOAHSNzkrONw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=7fjMOYqEmiXcC77ARqSsgOtOZuVrL9pqy3I+Rhwb0N4=; b=ZrKjva9z9UhwVPytylb5dsn3PwRdQYcyZZRG4fHWUqi67xAk2nDoCpVKehPMZvRL7Y EH32OzQS1KQ/PAGZ2oQHJTYXKX4t0WHVcIClp9ledPdfao5Jql9fcBJ3C5R5FzKyvCSy PmFjWvHZPszl+Izp7JZfWyC/UadQsiRocicXcObtvXgfi1S364H0iNIHcz/w4Ss8mtVD O4UNZThnq9sPVkczaSeVaqMpleZpUgNLxt8LuceFhnSR5BoZFJ+U1lPX2b3cioTgXQ70 ofrMB2H7OMMsobVxt5PjozVwTOSydi+TdZf7QL3xp92JJtn25DvsaCpmk8xEDrpFm41T FA2Q==
X-Gm-Message-State: ALoCoQn2D8BqQ9RlF5MYHef8tZ2kzowGSCCYK2Sin0Nl77IcUp2AF/lLKdO44jWEEOyqkBkOOib2
MIME-Version: 1.0
X-Received: by with SMTP id v2mr12970940igh.11.1440609921106; Wed, 26 Aug 2015 10:25:21 -0700 (PDT)
Received: by with HTTP; Wed, 26 Aug 2015 10:25:20 -0700 (PDT)
X-Originating-IP: []
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <>
Date: Wed, 26 Aug 2015 13:25:20 -0400
Message-ID: <>
From: Kyle Rose <>
To: ianG <>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Cc: tcpinc <>
Subject: Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno-01
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 26 Aug 2015 17:25:22 -0000

> ps; The argument doesn't apply generally either:
> a. We here are far better placed to choose the Internet's crypto suite for
> the general case than any manager, committee, or sysadm.

Agreed, but how are you proposing to force a change when a particular
cipher suite starts to show its age? It seems that those decisions
need to be made locally as software is upgraded, and certainly it is
not realistic for a global change to be done atomically. No agility
now => no ability to change, ever. I've been down this path too many
times to have hope.

> b. If the Russians don't trust it, they are entirely at liberty to write
> their own crypto protocol and back-fit it into their software.  It's not
> that hard, and if they care - which they do for natsec - they'll be
> backfitting software anyway.

I think I might agree about any one specific case, but at what point
are the goals of the WG defeated by this attitude? Only the Russians?
"Ok, I guess." The Russians and the Chinese? "Well, that's a lot of
people..." The entire US government too? "Uh..." What about the
banking system? "..."

The high level goal here is to have a framework for global encryption
of all TCP traffic. Fragmentation acts against this goal.

> d. Unlike the WB/IMF/UN, IETF isn't a subsidy organisation to deliver
> solutions to governments.  It delivers to the masses, not any particular
> squeaky wheel.

Absolutely. But I think there are enough squeaky wheels on this issue
that they are a substantial constituent of the wider internet
community, and not simply ornery outliers.