Re: [tcpinc] Summary of arguments from call
Eric Rescorla <ekr@rtfm.com> Mon, 03 August 2015 20:04 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5C581ACDFF for <tcpinc@ietfa.amsl.com>; Mon, 3 Aug 2015 13:04:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9ouwO3pmVi1r for <tcpinc@ietfa.amsl.com>; Mon, 3 Aug 2015 13:04:37 -0700 (PDT)
Received: from mail-wi0-f182.google.com (mail-wi0-f182.google.com [209.85.212.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D5AE1ACD7B for <tcpinc@ietf.org>; Mon, 3 Aug 2015 13:04:37 -0700 (PDT)
Received: by wibud3 with SMTP id ud3so149926492wib.1 for <tcpinc@ietf.org>; Mon, 03 Aug 2015 13:04:36 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=7+ULeg34uZhAesnwhUm0hxLqEQHP0RS29GADtfu+GzI=; b=IAITHDGEgB0jo1fstHkJWT9OpXHoKbZGbysYdPIHxrbR8zgl6EmwmMwjoTERdrlWxk 0HiRw3GIwjKGEdGS3Vk0SiJIK2CUYFlPQTVkZdM1Db21RD1BSyVXfzVDZs8WBXo5h5MH KdJ5DS2z+n7kfDHCEZPj23SawA43BT3FcT7bAgW63MbQrEKcun6gRMohkT4XlAfJd+ZY qyRu5rl67AyTw4Uw32Z3RZXMit1+YQhj0UtFkzYDwMigX5CVPwHOO26xpQYvBG7PRHe1 xMPv9n6ShXKr9R+33PNSMnjPFAwMhHYYFOYcA4lfPEOWaDZ+FV85wDUUb5uqCV7DmV+m BhWA==
X-Gm-Message-State: ALoCoQnGm6n4V4Ny1qQJ4DaHW2AAV2KBWoreKYdJmNS9KdwK1YFIycKBWwaN+W8U1NK0Ux9YXYKe
X-Received: by 10.194.133.73 with SMTP id pa9mr37028089wjb.148.1438632276368; Mon, 03 Aug 2015 13:04:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.27.85.86 with HTTP; Mon, 3 Aug 2015 13:03:56 -0700 (PDT)
In-Reply-To: <55BFC6EF.5040508@gmail.com>
References: <6F2592D7-158D-481C-A5F7-3CC1EDD774BC@tik.ee.ethz.ch> <CABkgnnWDP3EoAT=P_g+gP6jjvjTPPCmpuXjQ_BgFThrHANKAzg@mail.gmail.com> <55BFC6EF.5040508@gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 03 Aug 2015 13:03:56 -0700
Message-ID: <CABcZeBO65ronRw+=1SwfKurxYtC-MY2BYDEpAVe665++ewe6Dw@mail.gmail.com>
To: Martin Stiemerling <mls.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="089e011771a9cbaac7051c6dada7"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/VErtOEgRowlmBbaTpb3WTNafucM>
Cc: tcpinc <tcpinc@ietf.org>
Subject: Re: [tcpinc] Summary of arguments from call
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Aug 2015 20:04:39 -0000
On Mon, Aug 3, 2015 at 12:54 PM, Martin Stiemerling <mls.ietf@gmail.com> wrote: > Hi, > > Am 03.08.15 um 18:51 schrieb Martin Thomson: > >> In the interest of factual accuracy, and because I didn't have a >> chance to refute these arguments previously... >> >> On 3 August 2015 at 08:15, Mirja Kühlewind >> <mirja.kuehlewind@tik.ee.ethz.ch> wrote: >> >>> a) TCP-use-TLS >>> Contra: >>> - dependency on TLS and update cycles of other working group >>> >> >> Also a Pro. We know that TLS is going to get continued maintenance. >> >> - can’t not be implemented in the kernel: >>> >> >> Not entirely true. I believe that Microsoft does this. Netflix have >> done a partial kernel port. Of course, I appreciate that it might be >> considered more difficult as a result of living in the kernel, and >> that the existing TLS code for operating systems like Linux is likely >> a poor fit. >> > > Believe is not a proof. Any evidence for this? > For the claim that MSFT has kernel-mode TLS? Here's what Christian said yesterday: "That argument rings a bit hollow for a Windows kernel developer, since we have in fact access to S-Channel in the Windows kernel. Windows web servers rely on the HTTP.SYS kernel driver, which implements TLS using the kernel API for S-Channel. HTTP.SYS has been doing that for a long time, so there is indeed some experience with that solution. " -Ekr > Martin > > > _______________________________________________ > Tcpinc mailing list > Tcpinc@ietf.org > https://www.ietf.org/mailman/listinfo/tcpinc >
- [tcpinc] Summary of arguments from call Mirja Kühlewind
- Re: [tcpinc] Summary of arguments from call Martin Thomson
- Re: [tcpinc] Summary of arguments from call Martin Stiemerling
- Re: [tcpinc] Summary of arguments from call Eric Rescorla
- Re: [tcpinc] Summary of arguments from call Joe Touch
- Re: [tcpinc] Summary of arguments from call ianG
- Re: [tcpinc] Summary of arguments from call John-Mark Gurney