[TLS] New direction for TLS?

"Michael D'Errico" <mike-list@pobox.com> Fri, 14 February 2020 14:47 UTC

Return-Path: <mike-list@pobox.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2618B1200EB for <tls@ietfa.amsl.com>; Fri, 14 Feb 2020 06:47:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com header.b=mi/6MEP+; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=hZOqlXZ5
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KDZG00KzYKxj for <tls@ietfa.amsl.com>; Fri, 14 Feb 2020 06:47:33 -0800 (PST)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D21A51200CC for <tls@ietf.org>; Fri, 14 Feb 2020 06:47:33 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 3BFC82218B for <tls@ietf.org>; Fri, 14 Feb 2020 09:47:32 -0500 (EST)
Received: from imap21 ([10.202.2.71]) by compute7.internal (MEProxy); Fri, 14 Feb 2020 09:47:32 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pobox.com; h= mime-version:message-id:date:from:to:subject:content-type; s= mar2016.fm; bh=NRKXk1PCYnyXcWcdgNr1uazLP/lT60wRkvM7T0cZ9EU=; b=m i/6MEP+QNrQ3ZcrNczQunm28ittyLcyKIMWjEk6dbkkzsEH9J9/syqMK+km0+Ue7 NuwB3yCC/MGlxU5szYZS6IX+PsKfoUyCR58BkqdsARd4s842vlHNgeNbDio9jw54 sGn89wOvVHf9Y+UUHQceVAdg6biqJPnGfSwgu5sry8=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=NRKXk1PCYnyXcWcdgNr1uazLP/lT6 0wRkvM7T0cZ9EU=; b=hZOqlXZ5FkAOVr5fXi0F59EMVBfQiW6ndhVSc7ItvEFP6 K/phWVLWumWZFVxJM3XUBO97EgwOW4MZtuRfIrzBahjlddHHw1GIXP8diL5SXzVY QvWmSd2dIsTciOTgnOLYnISu/XFlS3jVcTx+t+WpGLCHVSqHGrkIXhDNbOg8eVmO mfWq3xfyQuJI/cxl7KHdvIviQsou07DKxMchRYp8OlXE+88TPpoWO6n8wqjUKxNJ o/XSZS6F/mVDIXPnUy2GIggh1CrDLWsU6D847eNZe8btpSnCosLDqJWE4k1e9xHD KvaUJHuYo4iLJrZZKiNlXk+uxPrp6kBmJR1lkfH0Q==
X-ME-Sender: <xms:BLNGXurDnVBt41ZnX1DjmKQee5eqVS8Ys2vVSY477rQxotM-yVs3KA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrjedtgdejtdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkfffhvffutgesthdtredtre ertdenucfhrhhomhepfdfoihgthhgrvghlucffkdfgrhhrihgtohdfuceomhhikhgvqdhl ihhsthesphhosghogidrtghomheqnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrg hmpehmrghilhhfrhhomhepmhhikhgvqdhlihhsthesphhosghogidrtghomh
X-ME-Proxy: <xmx:BLNGXgWarjbdirNBUCilGUUjhWHlMWRREGZ2l6to-X2enRwLv0n0vg> <xmx:BLNGXr1fy0CvAflBXJyB_yCDuWXz_c-qcsrcWnhrAu8PZXMCFfu-UQ> <xmx:BLNGXvTYV6cjI3R5qrtC7Oo-uKcF5-UewFajOWMYr0L_e-s_ibYUdA> <xmx:BLNGXhhjx9zk4XwPRholKwaGWSH3VUx5avAR3wzZ_LoCortTcppEIg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id F34B5660065; Fri, 14 Feb 2020 09:47:31 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-802-g7a41c81-fmstable-20200203v1
Mime-Version: 1.0
Message-Id: <c8452bf3-54ed-475e-8040-b3cd520b609e@www.fastmail.com>
Date: Fri, 14 Feb 2020 09:46:56 -0500
From: "Michael D'Errico" <mike-list@pobox.com>
To: tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/InMtr7AW7p8em7KpNkwRm9B31NQ>
Subject: [TLS] New direction for TLS?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Feb 2020 14:47:37 -0000

Hi,

It's been a long time since I posted to this list but saw that the charter is being updated and wanted to share an idea I had a while ago but have not found the time to work on.  The TL;DR is to deprecate TLS and rebuild security on top of DTLS. With DTLS, you have encrypted packets, so think of them as the new IP and build TCP on top of that.  It'd be like making the internet run on TCP/DTLS instead of TCP/IP, so most of the work is already done.  I think this is all I need to say to get the idea across, but I can add detail if needed.

Mike