Re: [TLS] Non-TLS opportunistic encryption

Martin Thomson <martin.thomson@gmail.com> Mon, 21 July 2014 19:43 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9418A1A03A0 for <tls@ietfa.amsl.com>; Mon, 21 Jul 2014 12:43:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GQ4SkLveytVl for <tls@ietfa.amsl.com>; Mon, 21 Jul 2014 12:43:34 -0700 (PDT)
Received: from mail-we0-x22b.google.com (mail-we0-x22b.google.com [IPv6:2a00:1450:400c:c03::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2ED521A039B for <tls@ietf.org>; Mon, 21 Jul 2014 12:43:34 -0700 (PDT)
Received: by mail-we0-f171.google.com with SMTP id p10so8150086wes.2 for <tls@ietf.org>; Mon, 21 Jul 2014 12:43:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=SluaK534DUKWujkF6UJ+omDNhLFmuI8S5rstp/6ms48=; b=bB+w7ZSpyhZlZTP0LbdNxLsLLdBAkssdLOR9n6D2VyfTRQtxkZk2rCvxBWEzV2jlYb VId4xd+LW7OTS3dhgXM/ALjDkihHvEL6ZfBM3DU0RPv7cB5PSzpw+hiruSx1fVVgM010 tOw9ReTht4JSI+pKfx6F3tQ1o6jB9kZG8r0Cil8iP+eFikJ3TizeJK4qYjXouwo8yHWw QlIyyvSAL4JlngX5mAjY88gWrIrNc+KQRl/FUWMZGyH43vP9IuqSdcuudve7GPQX499L BIlpFEV9LB97KuEXLWoq5tsyM+YfEhdzM2EAB5rwnyuvU99CoP0+1QH1UwqFi/qR2G1U VhUA==
MIME-Version: 1.0
X-Received: by 10.194.185.238 with SMTP id ff14mr26625532wjc.9.1405971812289; Mon, 21 Jul 2014 12:43:32 -0700 (PDT)
Received: by 10.194.110.6 with HTTP; Mon, 21 Jul 2014 12:43:32 -0700 (PDT)
In-Reply-To: <CAMm+LwjYE2ZffBTX7=VYR9mvRFcr_vqBNucY2fx8N4opjMZ_Tg@mail.gmail.com>
References: <CAMm+LwjYE2ZffBTX7=VYR9mvRFcr_vqBNucY2fx8N4opjMZ_Tg@mail.gmail.com>
Date: Mon, 21 Jul 2014 12:43:32 -0700
Message-ID: <CABkgnnVcycqde5zUMKy6yxMMBhHyNpDW_7-HBcsJcWqRE8jV=Q@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/GlODTXJSEm7DSwrJobZW0E5TmVc
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Non-TLS opportunistic encryption
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jul 2014 19:43:36 -0000

On 19 July 2014 09:28, Phillip Hallam-Baker <phill@hallambaker.com> wrote:
> 1) TLS is a huge standard with a lot of details that have to be got
> right. It takes a lot of time and effort to implement and a lot of
> memory to run. Constrained devices are going to find it very hard to
> do TLS
>
> 2) One consequence of (1) is that opportunistic TLS risks weakening
> the https infrastructure rather than improving the http
> infrastructure. That is not a win as far as I am concerned.

I'm struggling with your premise.  I don't think that either is really true.

Yes, TLS is complex, but inventing a new protocol sounds like a cure
that is worse than the disease.

I don't know if you are aware, but there is this:
http://tools.ietf.org/html/draft-ietf-httpbis-http2-encryption-00