IETF Logo Mail Archive

Re: [TLS] Getting started, clock not set yet

Kyle Rose <krose@krose.org> Wed, 17 August 2022 15:21 UTC

Return-Path: <krose@krose.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5CA5C1522BE for <tls@ietfa.amsl.com>; Wed, 17 Aug 2022 08:21:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=krose.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q4k9v3y8V14b for <tls@ietfa.amsl.com>; Wed, 17 Aug 2022 08:20:56 -0700 (PDT)
Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82DACC1522B2 for <tls@ietf.org>; Wed, 17 Aug 2022 08:20:56 -0700 (PDT)
Received: by mail-ed1-x52d.google.com with SMTP id b16so17946979edd.4 for <tls@ietf.org>; Wed, 17 Aug 2022 08:20:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=B0iEKqpUT+v/v0Q8UEgLbX86IusL9tXu9QTEzGWS0PQ=; b=IcBxSDlbpsxoySX0X6aEEg64uE2uBBUeG+1lSNUhgfcH24FUjvl7V4IUiOTOnK4uuj 3xI6ViCkBe29amF8bbb8HjkVYoustfevQhNg6eVgbPcJOFwPr6Y66bzIVnTN3lDLu0uN /CXs74qir0tNbOUInVHPoLMi6qwRxGIRDeDNc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=B0iEKqpUT+v/v0Q8UEgLbX86IusL9tXu9QTEzGWS0PQ=; b=o0jnfIKScapPJox2+HT/9xkYUd+PRCnUaG7idn4AbENIi5NKuy+1YoboCJ3FZgYthl h3vO/nDnsHT9CBfbVsDYeTnipgcuXJTHu/Uu5/k2Wnwq6DqOENoD7eM5LxqL9nIduT/X Do1EboojQsxknBcgX0cxB4D2Atd4P7Oifrrtzgx1CHqqo+pPKxmisXIXVVSo4rmxRMsI jEQD6fOazTMZBY1MrUEVaUJVQJlHSEnzRX6q4mM6HujmKc7lX/OBNk6olcZl+dIry+M8 aSpqqcOvZtOIx9vFA51U6KKdriZwk0D/0V7vwScPDqn0lMN+5Q/5bwno4J9CWCyhKdNP Wihg==
X-Gm-Message-State: ACgBeo0bq6/lRVYsu7us3Br2LMPiuwufgjNBKr9PodJkRpyXHVZ4vT9f hJH01I+j6ilo5eTaNoVW0nNtuyPOKQtN69MIhGcADDkh8moDLg==
X-Google-Smtp-Source: AA6agR6rxaqvSbwtppSWrnJENnQ0HP/pPXlmdzqdbrGmNNTRMEjPfFystHFPvwVNa1mcut6byOi94GKGL/sMcJqC5YU=
X-Received: by 2002:a05:6402:28cb:b0:43b:c6d7:ef92 with SMTP id ef11-20020a05640228cb00b0043bc6d7ef92mr24160060edb.333.1660749654557; Wed, 17 Aug 2022 08:20:54 -0700 (PDT)
MIME-Version: 1.0
References: <krose@krose.org> <CAJU8_nWC+GRZFm02trAgB_bmUfkNF9bMfUHenVRNojydzi1NNw@mail.gmail.com> <20220814212506.A6A1A28C1CA@107-137-68-211.lightspeed.sntcca.sbcglobal.net> <CAJU8_nUZCR3ihGBj101n8zd6e9+nqFR0NW=u6EgpqDwKX+=aUg@mail.gmail.com> <SY4PR01MB6251E83F8D285B2EAEA86CF5EE6A9@SY4PR01MB6251.ausprd01.prod.outlook.com>
In-Reply-To: <SY4PR01MB6251E83F8D285B2EAEA86CF5EE6A9@SY4PR01MB6251.ausprd01.prod.outlook.com>
From: Kyle Rose <krose@krose.org>
Date: Wed, 17 Aug 2022 11:20:43 -0400
Message-ID: <CAJU8_nWU9RnBVgUBPKShwZ=XyT+Q=rm-xhiOMPBWymOuWQ26mg@mail.gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: Hal Murray <halmurray+tls@sonic.net>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000038abe205e67169dc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/uaMvmjoWkQB5xZg1V_jNksTqBeg>
Subject: Re: [TLS] Getting started, clock not set yet
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Aug 2022 15:21:01 -0000

On Wed, Aug 17, 2022 at 11:10 AM Peter Gutmann <pgut001@cs.auckland.ac.nz>
wrote:

> See my earlier comments on this.
>

Honestly, it sounds like these devices maybe shouldn't be using internet
technologies that were designed with certain assumptions about
extensibility in mind. With such strong constraints not only on behavior
but on implementation, it really seems like the right thing to do is to
shrink-wrap every interface around exactly what you need and avoid all
unnecessary complexity. That means no TLS, no X.509, no IP, etc. IMO, the
two requirements "Prohibit upgrades" and "Leverage general-purpose network
protocols with large attack surfaces" are in direct conflict.

Kyle

v2.23.0 | Report a Bug | By Email