From leifj@sunet.se Wed Nov 29 01:14:42 2023 Return-Path: X-Original-To: tigress@ietfa.amsl.com Delivered-To: tigress@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46688C14CF15 for ; Wed, 29 Nov 2023 01:14:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.107 X-Spam-Level: X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sunet.se Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1sk7_bkYO-4f for ; Wed, 29 Nov 2023 01:14:37 -0800 (PST) Received: from mail-lf1-x132.google.com (mail-lf1-x132.google.com [IPv6:2a00:1450:4864:20::132]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB4FAC14CF17 for ; Wed, 29 Nov 2023 01:14:36 -0800 (PST) Received: by mail-lf1-x132.google.com with SMTP id 2adb3069b0e04-50bb92811c0so677082e87.1 for ; Wed, 29 Nov 2023 01:14:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sunet.se; s=google; t=1701249275; x=1701854075; darn=ietf.org; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:from:to:cc:subject :date:message-id:reply-to; bh=IibTlpCZUuuQGtU+z8v2Ar1OZVv6EhClIZHt++SmEJ0=; b=SS9Zfee95MvzyKCrS22ApRSg1JQJiSTA65Jv2njJteHk8+wft0NWOFI1BtTWC391Kv iPmvsej+7IrS7DMKJDESaHFl9ae0xop2WjHCcTq6uaF925twxIfBxxLXtU/nLMM46R/o /pvNbDtcHsoFvh5XDkb6qxLXx33wpcZV9jmemxLQlcr5+e6Lu3zQ6PpCuudSe4TTjN01 IotD9m6PJoBt+6IEMtiLEId5J53NfZ/dc+JGGl7LF72m7Ib/PTh8vxNDIlupAbiC+XVf tvIZJIYHWR5bLxoB6gW4rcibIkTlExJuKOfRImhjdZNfpJvhRRaLXMZ0uNFSK5+eYjTc CpDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701249275; x=1701854075; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=IibTlpCZUuuQGtU+z8v2Ar1OZVv6EhClIZHt++SmEJ0=; b=kBi+tXetL7y+62tKjfZ1ZOYfUz/2BSFW2/ZFDibs0iUKGYj1IdIeDEVpCb++WmUTv/ 2KvKjuQJv3H3I1kj5yPMkCoRuVtHdT3ZJxtT/01A4Su6wHjF+zOJotubrRR8f1Z4PYIE 77qngs/jG3BBNrgxz0md4dY97lpgl+8fN78euqa7UkYv79Cl3UHPiTT+AWo3d/nRuf+x SnrXCHttxEuM8IwktMhEbB9fu5Z69aEDyVnZkwtxEHt2nnFHZ+9meHYtmaLrEkZ5Qy7L w3jZAJ7gt0QEHtynzQidZvkGa+q0UadeXqAza3KUaEohptFIjdnqIZVslOBxKCXiuGzp LIKA== X-Gm-Message-State: AOJu0YyIsTQJ2f2uV6fl/bG1WwgZM9dRFdenk6CwRoLE72/42XJs1MAj XwjCxYVj9Xj/U9hB+QLI/7w9ftkL+7cyb71SQBdi4g== X-Google-Smtp-Source: AGHT+IHshvmefZQTvB8s5AiuukFYhtF4uOxjcB9chISbdsbjqC/Ku09RRndGP1ItZSwjOkySD84mpA== X-Received: by 2002:ac2:5314:0:b0:50b:be4c:6348 with SMTP id c20-20020ac25314000000b0050bbe4c6348mr1151932lfh.34.1701249274784; Wed, 29 Nov 2023 01:14:34 -0800 (PST) Received: from [192.168.10.50] ([192.36.125.12]) by smtp.gmail.com with ESMTPSA id s16-20020a197710000000b0050bc25e301asm247836lfc.281.2023.11.29.01.14.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Nov 2023 01:14:34 -0800 (PST) Message-ID: <6e11be7cac39b5f6907d4255fe09e2c8113a1a4c.camel@sunet.se> From: Leif Johansson To: Eric Rescorla Cc: tigress@ietf.org Date: Wed, 29 Nov 2023 10:14:32 +0100 In-Reply-To: References: <866c814027bb35ad96524dd451eaa837d3318a61.camel@sunet.se> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.44.4-0ubuntu2 MIME-Version: 1.0 Archived-At: Subject: Re: [Tigress] post-118 direction X-BeenThere: tigress@ietf.org X-Mailman-Version: 2.1.39 Precedence: list List-Id: Transfer dIGital cREdentialS Securely List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Nov 2023 09:14:42 -0000 On Tue, 2023-11-28 at 20:27 -0800, Eric Rescorla wrote: >=20 >=20 > On Thu, Nov 23, 2023 at 6:01=E2=80=AFAM Leif Johansson > wrote: > >=20 > > Folks, > >=20 > > The chairs have conferred and we recognize the following consensus: > >=20 > > 1. assume that the invite channel is secure and adjust proposals > > accordingly - at some point we need to identify what (if any) > > consensus > > exists within the WG to pursue a solution > >=20 >=20 >=20 > This seems fine. And I think we should identity that consensus sooner > rather than later. > =C2=A0 >=20 > > 2. address invitation channels that are not fully secure in a way > > that > > is orthogonal to the solutions the WG decides to pursue for the > > core > > protocol. > >=20 >=20 >=20 > I don't understand what this means and I'm not sure that it will > work. > Depending on what assumptions you make about the system it may > or may not be possible to address this problem independently. >=20 I am merely trying to reflect what was said in the room at 118.=20 Several folks expressed an interest in trying to find mitigation for *some* situations where you want to use an invitation channel that doesn't fulfil security requirements. This I hope also answers Yogesh question: The assumption that the invitation channel is secure only means that if you want to use some channel that doesn't fulfil the security assumptions, you need to add protection either to the message layer or to the channel itself (eg adding TLS).=C2=A0 Point (2) in our consensus summary just means that the chairs heard that some folks expressed an interest to work on certain solutions for adding security independently from the protocol itself. This may or may not be relevant work for TIGRESS. Cheers Leif > -Ekr >=20 > =C2=A0 > >=20 > > Please respond with your support and/or disagreement. If you > > disagree > > please provide whatever insights you are able to. > >=20 > > Also please indicate your willingness to eventually implement > > and/or > > support the results of (1) and (2). > >=20 > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 Best R > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 Leif & Prachi > >=20