Re: [TLS] New direction for TLS?
"Michael D'Errico" <mike-list@pobox.com> Sun, 16 February 2020 17:48 UTC
Return-Path: <mike-list@pobox.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66131120091 for <tls@ietfa.amsl.com>; Sun, 16 Feb 2020 09:48:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com header.b=ou9TlmDa; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=YRaBfoy1
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C-mrR-Fsg_E5 for <tls@ietfa.amsl.com>; Sun, 16 Feb 2020 09:48:10 -0800 (PST)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C7F412001B for <tls@ietf.org>; Sun, 16 Feb 2020 09:48:09 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id 07744698; Sun, 16 Feb 2020 12:48:07 -0500 (EST)
Received: from imap21 ([10.202.2.71]) by compute7.internal (MEProxy); Sun, 16 Feb 2020 12:48:08 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pobox.com; h= mime-version:message-id:in-reply-to:references:date:from:to:cc :subject:content-type; s=mar2016.fm; bh=lFAMI70dzKttqfgR3oR7xQ3r EDeXYjZJbyRrT0G8rew=; b=ou9TlmDaqVAF/3IDagn4BMh2N7EgJ7VH/NrBZzZ0 1/CDgFQLMJX9hlJR/AVDGkHmVS4R14PxG1daR5SKr4YlUlNNOlmuJQUZRZFo5kgf 9hh9QeaB2sMs8U+SDuVADGAXvOOm0owzSjmhuIhZu3t92zKZa3Q65TCm/sOnWg/k CLQ=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=lFAMI7 0dzKttqfgR3oR7xQ3rEDeXYjZJbyRrT0G8rew=; b=YRaBfoy1n4AN2ELN8gjnhc GHDzli1aWUJVceuQ6HiqoiUr/B32IfK8wx/qIfaKGScFlPnWdXeFysATPBXFJgOn mJuH4EOVw197OcrY9RimQsdvntKv8vs+lZlzy9TlQoxL1Qjq65PJGDhViym6sP1X KF6T2hqRFeQIA3WnmdDkZN5UNIA3uSLqRzIGsRUuQHSAGo+2FPvcFq/g7Vr4kiRz zAYJy17iT5e30V+gUBio+jGr4ZOldveXWZW4iW7zgvL5lJgkCX0NqJe48Ow5UBpT 16DZZJ1aT5OT+4ZUeswJxdhvhpUwbM3J2reD09Sfb/ZEUDcGU5oCkayLGWKKksbQ ==
X-ME-Sender: <xms:VoBJXvSAiPmhlPLprKfEfJJCC8oLkvcryiIH1Z8L2pu1odqybAQ1Fg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrjeeggddutdehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgesthdtredtreertdenucfhrhhomhepfdfoihgt hhgrvghlucffkdfgrhhrihgtohdfuceomhhikhgvqdhlihhsthesphhosghogidrtghomh eqnecuffhomhgrihhnpehivghtfhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecu rfgrrhgrmhepmhgrihhlfhhrohhmpehmihhkvgdqlhhishhtsehpohgsohigrdgtohhm
X-ME-Proxy: <xmx:VoBJXutnI7KsQrTAL-Q4JfCjETpYZoNCxSP4N4x2QKWyrJgjubz6-w> <xmx:VoBJXnKihTbGad3EOMIe66Wt-YUb9YaD0bdRn6fUkX6hJfFYbGXNaQ> <xmx:VoBJXjnxsyxvK7sdY9G7HmSO-wJsauYuAbbMio3aaNQLC7gYBTmgcw> <xmx:V4BJXqeeHhBeh5V043B90lruI31a_JuNWh2Wl4TVkdlsH7o2h9etew>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 71BE5660069; Sun, 16 Feb 2020 12:48:06 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-802-g7a41c81-fmstable-20200203v1
Mime-Version: 1.0
Message-Id: <9a237888-68ea-4290-89d6-12ed9a320890@www.fastmail.com>
In-Reply-To: <20200214200306.GA27885@akamai.com>
References: <c8452bf3-54ed-475e-8040-b3cd520b609e@www.fastmail.com> <20200214200306.GA27885@akamai.com>
Date: Sun, 16 Feb 2020 12:47:45 -0500
From: Michael D'Errico <mike-list@pobox.com>
To: Benjamin Kaduk <bkaduk@akamai.com>
Cc: tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/FtzKg_EHjY1oYoZswU0LCtbRkhQ>
Subject: Re: [TLS] New direction for TLS?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Feb 2020 17:48:11 -0000
Hi, It looks like QUIC is even better than what I proposed. Thank you for suggesting it. Mike On Fri, Feb 14, 2020, at 15:03, Benjamin Kaduk wrote: > Hi Mike, > > On Fri, Feb 14, 2020 at 09:46:56AM -0500, Michael D'Errico wrote: > > Hi, > > > > It's been a long time since I posted to this list but saw that the charter is being updated and wanted to share an idea I had a while ago but have not found the time to work on. The TL;DR is to deprecate TLS and rebuild security on top of DTLS. With DTLS, you have encrypted packets, so think of them as the new IP and build TCP on top of that. It'd be like making the internet run on TCP/DTLS instead of TCP/IP, so most of the work is already done. I think this is all I need to say to get the idea across, but I can add detail if needed. > > This sounds really similar to QUIC > (https://datatracker.ietf.org/wg/quic/documents); perhaps you could take a look > and try to describe any differences between your idea and what's being done > there? > > -Ben >
- [TLS] New direction for TLS? Michael D'Errico
- Re: [TLS] New direction for TLS? Benjamin Kaduk
- Re: [TLS] New direction for TLS? Yoav Nir
- Re: [TLS] New direction for TLS? Michael D'Errico