Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno-01
ianG <iang@iang.org> Wed, 26 August 2015 18:58 UTC
Return-Path: <iang@iang.org>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD8F21AC3B4 for <tcpinc@ietfa.amsl.com>; Wed, 26 Aug 2015 11:58:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2ZANvPv-DB12 for <tcpinc@ietfa.amsl.com>; Wed, 26 Aug 2015 11:58:33 -0700 (PDT)
Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 599771A903A for <tcpinc@ietf.org>; Wed, 26 Aug 2015 11:58:33 -0700 (PDT)
Received: from tormenta.local (iang.org [209.197.106.187]) by virulha.pair.com (Postfix) with ESMTPSA id 38CEB6D79D; Wed, 26 Aug 2015 14:58:32 -0400 (EDT)
Message-ID: <55DE0C57.4070808@iang.org>
Date: Wed, 26 Aug 2015 19:58:31 +0100
From: ianG <iang@iang.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Kyle Rose <krose@krose.org>
References: <CABcZeBNEFVkDi38y3G-C2nQF=dzW2mGDsj5DVK_OKVkPwK=G0g@mail.gmail.com> <878u92oadf.fsf@ta.scs.stanford.edu> <CACsn0ckQskjLqo0=YfJrmBEsyCaq0jpcSzGUwKhRo0BzzQ=wDA@mail.gmail.com> <871teuo7nu.fsf@ta.scs.stanford.edu> <CACsn0ckn-QdoXmTgjW8gYQyVqZ0x9JHEYvZO5VHQkG9nKA3-Ew@mail.gmail.com> <87wpwmnenv.fsf@ta.scs.stanford.edu> <CACsn0cnq9cZdkn=yp8-GJfXDGMP8r1sib3qrQQEQYhF25kYZPg@mail.gmail.com> <87twrpokpz.fsf@ta.scs.stanford.edu> <CACsn0ck2PfKQ8pkDLiSmuLH+81s2GzsBnKYH7e=5ga5nSJvo1Q@mail.gmail.com> <87io85ofkl.fsf@ta.scs.stanford.edu> <55DDE33D.8030803@iang.org> <CAJU8_nX8m8s+yJVmf83ZdCcv9VE7SE4ZR9JEiMHGWxxN3zOEyA@mail.gmail.com>
In-Reply-To: <CAJU8_nX8m8s+yJVmf83ZdCcv9VE7SE4ZR9JEiMHGWxxN3zOEyA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/p2hC-NBgNzViRKtt4rUzlW4T3lc>
Cc: tcpinc <tcpinc@ietf.org>
Subject: Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno-01
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Aug 2015 18:58:35 -0000
On 26/08/2015 18:25 pm, Kyle Rose wrote: >> ps; The argument doesn't apply generally either: >> >> a. We here are far better placed to choose the Internet's crypto suite for >> the general case than any manager, committee, or sysadm. > > Agreed, but how are you proposing to force a change when a particular > cipher suite starts to show its age? v += 1 Eg: SSL v2 -> v3 -> TLS 1.0 -> 1.1 -> 1.2 -> 1.3 The changes in the protocols needed generally exceed the lifetime of well-chosen ciphersuites, so any upgrades won't unduly increase the cycle count much. > It seems that those decisions > need to be made locally as software is upgraded, and certainly it is > not realistic for a global change to be done atomically. No agility > now => no ability to change, ever. I've been down this path too many > times to have hope. Well, the experience is pointing to security upgrades being pushed by the product supporter out to user land, and sysadms following the general advice "keep all software up to date." In user land this is enacted by Apply updates, patch Tuesday and the like. The sore thumb here is Android. 99% of sysadms don't care whether it is TLS 1.1 or TLS 1.2, they just want it to work. >> b. If the Russians don't trust it, they are entirely at liberty to write >> their own crypto protocol and back-fit it into their software. It's not >> that hard, and if they care - which they do for natsec - they'll be >> backfitting software anyway. > > I think I might agree about any one specific case, but at what point > are the goals of the WG defeated by this attitude? Only the Russians? > "Ok, I guess." The Russians and the Chinese? "Well, that's a lot of > people..." The entire US government too? "Uh..." What about the > banking system? "..." That's a hypothetical. But assuming that there is some merit to that, why not? The goal is to stop mass surveillance, right? And, for TCPINC - do we care that much? Why not have the Russians, the Chinese, and the NSA advise that TCPINC is bad for them, so they're going to ... do their own. Isn't that the endorsement we need? > The high level goal here is to have a framework for global encryption > of all TCP traffic. Fragmentation acts against this goal. Right. And being all things to all governments is probably going to be a bigger fragmentation than charging ahead and doing the tcpcrypt thing fast and furious, with one cipher suite. Tcpcrypt could have been already out in v0.1 by now. We could have been rolling it out for 6m already, and starting to think about v1.0. Instead we're chasing a "perfect" protocol in an imperfect MITMable threat scenario. Who's winning here? >> d. Unlike the WB/IMF/UN, IETF isn't a subsidy organisation to deliver >> solutions to governments. It delivers to the masses, not any particular >> squeaky wheel. > > Absolutely. But I think there are enough squeaky wheels on this issue > that they are a substantial constituent of the wider internet > community, and not simply ornery outliers. The nature of the squeaky wheel is to say "squeak! Listen to me or else." But if you don't listen, the wheel suddenly starts rolling, because it doesn't want to miss out. It's an economic thing - formation of cartels, equilibria and all - the incumbent argues against the new order, as much as possible, but once it's a done deal, the incumbent adopts. Which is to say, in order to make this argument stick "we have to listen to the Russians, Chinese, NSA and other squeaky wheels" you'd also have to show that they won't suddenly find some oil when the machine starts moving without them, *and* they represent a constituency that can shift the internet. Of course - you will recognise I am actually arguing against consensus model to an extent. But that's a given for this topic. Mass surveillance, TCPINC, we know there are going to be people who fight this one. All governments are recused. iang ps; if you want to take this private, I'm happy - I'm pretty sure I'm arguing from the golf course rough, not the IETF rough.
- [tcpinc] Review of draft-bittau-tcpinc-tcpeno-01 Eric Rescorla
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… David Mazieres
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Watson Ladd
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… David Mazieres
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Eric Rescorla
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Watson Ladd
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… David Mazieres
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… David Mazieres
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Watson Ladd
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… David Mazieres
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Watson Ladd
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… David Mazieres
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Watson Ladd
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… David Mazieres
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Watson Ladd
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… David Mazieres
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Watson Ladd
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Ilari Liusvaara
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Watson Ladd
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Mark Handley
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Yoav Nir
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Watson Ladd
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Kyle Rose
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Stephen Kent
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Watson Ladd
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Stephen Farrell
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Watson Ladd
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Martin Thomson
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… David Mazieres
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Stephen Farrell
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… David Mazieres
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… David Mazieres
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Scharf, Michael (Michael)
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Stephen Farrell
- [tcpinc] Simultaneous open tie breaking Tero Kivinen
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Stephen Kent
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Stephen Kent
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Kyle Rose
- Re: [tcpinc] Simultaneous open tie breaking David Mazieres
- Re: [tcpinc] Simultaneous open tie breaking Kyle Rose
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… David Mazieres
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Watson Ladd
- Re: [tcpinc] Simultaneous open tie breaking David Mazieres
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Stephen Farrell
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… John Leslie
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Eric Rescorla
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… David Mazieres
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Kyle Rose
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Stephen Kent
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Stephen Farrell
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… David Mazieres
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Mirja Kühlewind
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… ianG
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… ianG
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… ianG
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… ianG
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Kyle Rose
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Kyle Rose
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Stephen Farrell
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… ianG
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… ianG
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Mirja Kühlewind
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… David Mazieres
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Stephen Farrell
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Eric Rescorla
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… David Mazieres
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Mirja Kühlewind
- Re: [tcpinc] Simultaneous open tie breaking Tero Kivinen
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Mirja Kühlewind
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… David Mazieres
- Re: [tcpinc] Simultaneous open tie breaking dm-list-tcpcrypt
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… dm-list-tcpcrypt
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Kyle Rose
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… David Mazieres
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Eric Rescorla
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… David Mazieres
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Eric Rescorla
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Eric Rescorla
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Eric Rescorla
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… David Mazieres
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… David Mazieres
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Eric Rescorla
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… Eric Rescorla
- Re: [tcpinc] Review of draft-bittau-tcpinc-tcpeno… dm-list-tcpcrypt