Re: [tcpinc] Summary of arguments from call
John-Mark Gurney <jmg@funkthat.com> Tue, 04 August 2015 20:15 UTC
Return-Path: <jmg@gold.funkthat.com>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AECCC1A21AB for <tcpinc@ietfa.amsl.com>; Tue, 4 Aug 2015 13:15:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.013
X-Spam-Level:
X-Spam-Status: No, score=-0.013 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s4f15vQQXgyV for <tcpinc@ietfa.amsl.com>; Tue, 4 Aug 2015 13:15:54 -0700 (PDT)
Received: from gold.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 575871A21A9 for <tcpinc@ietf.org>; Tue, 4 Aug 2015 13:15:54 -0700 (PDT)
Received: from gold.funkthat.com (localhost [127.0.0.1]) by gold.funkthat.com (8.14.5/8.14.5) with ESMTP id t74KFqaV032603 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 4 Aug 2015 13:15:52 -0700 (PDT) (envelope-from jmg@gold.funkthat.com)
Received: (from jmg@localhost) by gold.funkthat.com (8.14.5/8.14.5/Submit) id t74KFpMV032602; Tue, 4 Aug 2015 13:15:51 -0700 (PDT) (envelope-from jmg)
Date: Tue, 04 Aug 2015 13:15:51 -0700
From: John-Mark Gurney <jmg@funkthat.com>
To: Martin Thomson <martin.thomson@gmail.com>
Message-ID: <20150804201551.GO78154@funkthat.com>
References: <6F2592D7-158D-481C-A5F7-3CC1EDD774BC@tik.ee.ethz.ch> <CABkgnnWDP3EoAT=P_g+gP6jjvjTPPCmpuXjQ_BgFThrHANKAzg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CABkgnnWDP3EoAT=P_g+gP6jjvjTPPCmpuXjQ_BgFThrHANKAzg@mail.gmail.com>
X-Operating-System: FreeBSD 9.1-PRERELEASE amd64
X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396
X-Files: The truth is out there
X-URL: http://resnet.uoregon.edu/~gurney_j/
X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html
X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE
X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger?
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (gold.funkthat.com [127.0.0.1]); Tue, 04 Aug 2015 13:15:52 -0700 (PDT)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/3klPQRC3pyvWP1JKn7HJGiCI-1Q>
Cc: tcpinc <tcpinc@ietf.org>, Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
Subject: Re: [tcpinc] Summary of arguments from call
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Aug 2015 20:15:55 -0000
Martin Thomson wrote this message on Mon, Aug 03, 2015 at 09:51 -0700: > In the interest of factual accuracy, and because I didn't have a > chance to refute these arguments previously... > > On 3 August 2015 at 08:15, Mirja Kühlewind > <mirja.kuehlewind@tik.ee.ethz.ch> wrote: > > a) TCP-use-TLS > > Contra: > > - dependency on TLS and update cycles of other working group > > Also a Pro. We know that TLS is going to get continued maintenance. > > > - can???t not be implemented in the kernel: > > Not entirely true. I believe that Microsoft does this. Netflix have This is good evidence: https://msdn.microsoft.com/en-us/library/windows/desktop/aa364671(v=vs.85).aspx > done a partial kernel port. Of course, I appreciate that it might be > considered more difficult as a result of living in the kernel, and > that the existing TLS code for operating systems like Linux is likely > a poor fit. I'm helping out w/ the Netflix in kernel TLS code, and right now the code only does encryption (no decryption), and for normal write traffic frames are constructed in userland, only for sendfile is the frame constructed in the kernel... It requires all key negotiation to be done in userland, so isn't even close to a TLS-use-TCP implementation... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."
- [tcpinc] Summary of arguments from call Mirja Kühlewind
- Re: [tcpinc] Summary of arguments from call Martin Thomson
- Re: [tcpinc] Summary of arguments from call Martin Stiemerling
- Re: [tcpinc] Summary of arguments from call Eric Rescorla
- Re: [tcpinc] Summary of arguments from call Joe Touch
- Re: [tcpinc] Summary of arguments from call ianG
- Re: [tcpinc] Summary of arguments from call John-Mark Gurney