IETF Logo Mail Archive

Re: [tcpinc] Call for adoption of draft-rescorla-tcpinc-tls-option-05

Matt Corallo <tcpinc@bluematt.me> Mon, 02 November 2015 01:37 UTC

Return-Path: <tcpinc@bluematt.me>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 611D51B4037 for <tcpinc@ietfa.amsl.com>; Sun, 1 Nov 2015 17:37:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.611
X-Spam-Level:
X-Spam-Status: No, score=-1.611 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8tqzoE0r9LRC for <tcpinc@ietfa.amsl.com>; Sun, 1 Nov 2015 17:37:33 -0800 (PST)
Received: from mail.bluematt.me (mail.bluematt.me [192.241.179.72]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07F3A1B4035 for <tcpinc@ietf.org>; Sun, 1 Nov 2015 17:37:33 -0800 (PST)
Received: from [172.17.0.1] (gw.vpn.bluematt.me [162.243.132.6]) by mail.bluematt.me (Postfix) with ESMTPSA id D9FAC539F7; Mon, 2 Nov 2015 01:37:31 +0000 (UTC)
To: Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>, tcpinc <tcpinc@ietf.org>
References: <56267097.7060509@tik.ee.ethz.ch>
From: Matt Corallo <tcpinc@bluematt.me>
Message-ID: <5636BE5A.9090408@bluematt.me>
Date: Mon, 02 Nov 2015 01:37:30 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <56267097.7060509@tik.ee.ethz.ch>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/Ahn_QYQOyj0-MxWp4jTJ9xGn0OQ>
Subject: Re: [tcpinc] Call for adoption of draft-rescorla-tcpinc-tls-option-05
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Nov 2015 01:37:34 -0000

I do not support adopting tcpinc-tls-option because:

* Using TLS (even a limited set of allowed options) as the tcpinc
mechanism loses the "defense in depth" property that tcpinc nicely
provides for some applications.
* I believe the extra round-trip for new connections to a new server
will significantly harm adoption of such a proposal. While it seems
reasonably possible to fix this issue, doing so brings tls-option
further from the stated(?) goal of re-using TLS and all of its many
years of study. This would seem to largely defeat the purpose.

Matt

On 10/20/15 16:49, Mirja Kühlewind wrote:
> Hi all,
> 
> please indicate if you support adoption of
> draft-rescorla-tcpinc-tls-option-05 as a tcpinc working group item, or
> not, by
> 
>     Monday, Nov 2, 2015.
> 
> draft-rescorla-tcpinc-tls-option is one candidate for tcpinc where the
> first version of this draft was proposed more than a year ago. Verison
> -04 was release about three weeks ago and specifies the TLS 1.3 profile
> as well as the use of draft-rescorla-tcpinc-tls-option with tcp-eno.
> Since then this draft received a lot of discussion. The lasted update
> was provided yesterday, but only changes a few minor fixes.
> 
> Similar as before, if you do not support adoption of this document
> because you think it is not in scope for the wg or has fundamental
> technicals flaws and would therefore harm the goals of the wg, it would
> be great if you could given some reasoning/explanation with your response.
> 
> This is solely an adoption call for draft-rescorla-tcpinc-tls-option
> independent of any other documents. If you have a personal preference
> for a different approach that should not be a reason to reject this
> adoption. Forcing the wg to make a decision has not worked previously,
> and even though both proposed approaches have evolved, I do not see any
> indication that the wg is now ready to make a decision. The goal of this
> adoption call is to figure out if there is enough interest and energy to
> further follow the approach as outlined in
> draft-rescorla-tcpinc-tls-option-05.
> 
> This process may lead to the situation where the wg will adopt and work
> on two solution approaches. This does not mean that the wg will publish
> two (incompatible) approaches, as this would not fulfill our charter. If
> we end up adopting more than one approach, I currently see three way to
> proceed:
> 
> 1) Both approaches (naturally) converge into one approach.
> 
> 2) We work on both approaches to get them into a (similar) state where
> the wg is able to make a decision (and withdraw the other doc).
> 
> 3) We publish both approaches as different 'versions' of tcpinc that can
> be negotiated in the tcp-eno handshake, where at least one of them is
> mandatory to support/implement.
> 
> Thanks!
> Mirja
> 
> _______________________________________________
> Tcpinc mailing list
> Tcpinc@ietf.org
> https://www.ietf.org/mailman/listinfo/tcpinc

v2.23.0 | Report a Bug | By Email