IETF Logo Mail Archive

Re: [TLS] Getting started, clock not set yet

Kyle Rose <krose@krose.org> Wed, 17 August 2022 15:37 UTC

Return-Path: <krose@krose.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88A9BC1524A3 for <tls@ietfa.amsl.com>; Wed, 17 Aug 2022 08:37:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=krose.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qCrWsI8nNEyV for <tls@ietfa.amsl.com>; Wed, 17 Aug 2022 08:36:59 -0700 (PDT)
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A2DBC1522C7 for <tls@ietf.org>; Wed, 17 Aug 2022 08:36:59 -0700 (PDT)
Received: by mail-ed1-x529.google.com with SMTP id t5so17979655edc.11 for <tls@ietf.org>; Wed, 17 Aug 2022 08:36:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=dlEgqnOPqlIfgbApmd4q/VCUi4MOnCZ6gzkf5sqRAAg=; b=ICjzyRg3cWEGsNi2s7edcgySB0ZtSv0DFjt3nv+bXTnFB08naKVzqlgczU4KJ2qaF+ dEwPNhOW3sqyGsNgJhssXpcSNSFNSgcXpN37lnwr44kpKnd+mohgyMbkv2ypUo+kCHjH Wnw1JzRLtreI2gJq3fEhgxYW2/yCQvSsq4iVA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=dlEgqnOPqlIfgbApmd4q/VCUi4MOnCZ6gzkf5sqRAAg=; b=IRx2Y4PdOwUvtp863gsC6Ldh1lrA/3zdAoKL/G/tZRjRjla1giY2eUt2k7c6VTJuYp A/X267t4mCu2qdWbx+C2ErtxoIg2dbVezj7i5xdoi3HtcyWSLhibXD+9sJNJFivM7PDP cID61IMlCvuaCYdajSHwzu9becRvcNlgkLV+ghAOSHq/ag/87m2hOkL/pxVpKMmVXsmJ ZkLEnUPzDiiOb2WXdBSlGXftfaLTXB5dalaexed30uwUnTqn/qPifd2+Wj9QwCKVstfD sCdYEDepRAVHjlb0GfSfhPJ+52O+dkUB8G8zM/l59ULXSTrsgVFPDv+uz6nnD2ECGtt3 9Huw==
X-Gm-Message-State: ACgBeo0BJeqzKMonjpj9joVTYEF4rYrqKB5hJaMzuNte/kM7rZqzQxYN wuvRVFjjzwzq1noDamgQtDc4MuQ+ptJFM+IUY0razQ==
X-Google-Smtp-Source: AA6agR4BBw2PAOiwMEoKzJymaW+roTJIP7gN/zelRxGuxDL46joMzxQm+arUoA0OMmsoS0ehlLl4iL6iN6+6IhWE+tM=
X-Received: by 2002:a05:6402:2384:b0:43c:fb7d:82a1 with SMTP id j4-20020a056402238400b0043cfb7d82a1mr23089964eda.82.1660750617867; Wed, 17 Aug 2022 08:36:57 -0700 (PDT)
MIME-Version: 1.0
References: <krose@krose.org> <CAJU8_nWC+GRZFm02trAgB_bmUfkNF9bMfUHenVRNojydzi1NNw@mail.gmail.com> <20220814212506.A6A1A28C1CA@107-137-68-211.lightspeed.sntcca.sbcglobal.net> <CAJU8_nUZCR3ihGBj101n8zd6e9+nqFR0NW=u6EgpqDwKX+=aUg@mail.gmail.com> <SY4PR01MB6251E83F8D285B2EAEA86CF5EE6A9@SY4PR01MB6251.ausprd01.prod.outlook.com> <CAJU8_nWU9RnBVgUBPKShwZ=XyT+Q=rm-xhiOMPBWymOuWQ26mg@mail.gmail.com> <SY4PR01MB62513521F1522D0BCBE02379EE6A9@SY4PR01MB6251.ausprd01.prod.outlook.com>
In-Reply-To: <SY4PR01MB62513521F1522D0BCBE02379EE6A9@SY4PR01MB6251.ausprd01.prod.outlook.com>
From: Kyle Rose <krose@krose.org>
Date: Wed, 17 Aug 2022 11:36:46 -0400
Message-ID: <CAJU8_nW_g1RO2yUkEOUgdMhfoMBEwGW7w7CrpxsVXFH4Q2b19w@mail.gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: Hal Murray <halmurray+tls@sonic.net>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a38f0705e671a299"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/V4hYlK91KDYbK0MMGGuLf2CJwHs>
Subject: Re: [TLS] Getting started, clock not set yet
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Aug 2022 15:37:04 -0000

On Wed, Aug 17, 2022 at 11:34 AM Peter Gutmann <pgut001@cs.auckland.ac.nz>
wrote:

> Kyle Rose <krose@krose.org> writes:
>
> >IMO, the two requirements "Prohibit upgrades" and "Leverage
> general-purpose
> >network protocols with large attack surfaces" are in direct conflict.
>
> Only if you implement them with large attack surfaces, for which again see
> my
> earlier comments.
>

A large attack surface can't be avoided with the MTI for these protocols.
And if you don't implement what's required, don't complain when it doesn't
interop. 🤷‍♂️

Kyle

v2.23.0 | Report a Bug | By Email