Re: [TLS] Getting started, clock not set yet
Kyle Rose <krose@krose.org> Wed, 17 August 2022 15:21 UTC
Return-Path: <krose@krose.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5CA5C1522BE for <tls@ietfa.amsl.com>; Wed, 17 Aug 2022 08:21:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=krose.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q4k9v3y8V14b for <tls@ietfa.amsl.com>; Wed, 17 Aug 2022 08:20:56 -0700 (PDT)
Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82DACC1522B2 for <tls@ietf.org>; Wed, 17 Aug 2022 08:20:56 -0700 (PDT)
Received: by mail-ed1-x52d.google.com with SMTP id b16so17946979edd.4 for <tls@ietf.org>; Wed, 17 Aug 2022 08:20:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=B0iEKqpUT+v/v0Q8UEgLbX86IusL9tXu9QTEzGWS0PQ=; b=IcBxSDlbpsxoySX0X6aEEg64uE2uBBUeG+1lSNUhgfcH24FUjvl7V4IUiOTOnK4uuj 3xI6ViCkBe29amF8bbb8HjkVYoustfevQhNg6eVgbPcJOFwPr6Y66bzIVnTN3lDLu0uN /CXs74qir0tNbOUInVHPoLMi6qwRxGIRDeDNc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=B0iEKqpUT+v/v0Q8UEgLbX86IusL9tXu9QTEzGWS0PQ=; b=o0jnfIKScapPJox2+HT/9xkYUd+PRCnUaG7idn4AbENIi5NKuy+1YoboCJ3FZgYthl h3vO/nDnsHT9CBfbVsDYeTnipgcuXJTHu/Uu5/k2Wnwq6DqOENoD7eM5LxqL9nIduT/X Do1EboojQsxknBcgX0cxB4D2Atd4P7Oifrrtzgx1CHqqo+pPKxmisXIXVVSo4rmxRMsI jEQD6fOazTMZBY1MrUEVaUJVQJlHSEnzRX6q4mM6HujmKc7lX/OBNk6olcZl+dIry+M8 aSpqqcOvZtOIx9vFA51U6KKdriZwk0D/0V7vwScPDqn0lMN+5Q/5bwno4J9CWCyhKdNP Wihg==
X-Gm-Message-State: ACgBeo0bq6/lRVYsu7us3Br2LMPiuwufgjNBKr9PodJkRpyXHVZ4vT9f hJH01I+j6ilo5eTaNoVW0nNtuyPOKQtN69MIhGcADDkh8moDLg==
X-Google-Smtp-Source: AA6agR6rxaqvSbwtppSWrnJENnQ0HP/pPXlmdzqdbrGmNNTRMEjPfFystHFPvwVNa1mcut6byOi94GKGL/sMcJqC5YU=
X-Received: by 2002:a05:6402:28cb:b0:43b:c6d7:ef92 with SMTP id ef11-20020a05640228cb00b0043bc6d7ef92mr24160060edb.333.1660749654557; Wed, 17 Aug 2022 08:20:54 -0700 (PDT)
MIME-Version: 1.0
References: <krose@krose.org> <CAJU8_nWC+GRZFm02trAgB_bmUfkNF9bMfUHenVRNojydzi1NNw@mail.gmail.com> <20220814212506.A6A1A28C1CA@107-137-68-211.lightspeed.sntcca.sbcglobal.net> <CAJU8_nUZCR3ihGBj101n8zd6e9+nqFR0NW=u6EgpqDwKX+=aUg@mail.gmail.com> <SY4PR01MB6251E83F8D285B2EAEA86CF5EE6A9@SY4PR01MB6251.ausprd01.prod.outlook.com>
In-Reply-To: <SY4PR01MB6251E83F8D285B2EAEA86CF5EE6A9@SY4PR01MB6251.ausprd01.prod.outlook.com>
From: Kyle Rose <krose@krose.org>
Date: Wed, 17 Aug 2022 11:20:43 -0400
Message-ID: <CAJU8_nWU9RnBVgUBPKShwZ=XyT+Q=rm-xhiOMPBWymOuWQ26mg@mail.gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: Hal Murray <halmurray+tls@sonic.net>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000038abe205e67169dc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/uaMvmjoWkQB5xZg1V_jNksTqBeg>
Subject: Re: [TLS] Getting started, clock not set yet
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Aug 2022 15:21:01 -0000
On Wed, Aug 17, 2022 at 11:10 AM Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote: > See my earlier comments on this. > Honestly, it sounds like these devices maybe shouldn't be using internet technologies that were designed with certain assumptions about extensibility in mind. With such strong constraints not only on behavior but on implementation, it really seems like the right thing to do is to shrink-wrap every interface around exactly what you need and avoid all unnecessary complexity. That means no TLS, no X.509, no IP, etc. IMO, the two requirements "Prohibit upgrades" and "Leverage general-purpose network protocols with large attack surfaces" are in direct conflict. Kyle
- [TLS] Getting started, clock not set yet Hal Murray
- Re: [TLS] Getting started, clock not set yet Peter Gutmann
- Re: [TLS] Getting started, clock not set yet Rob Sayre
- Re: [TLS] Getting started, clock not set yet Kyle Rose
- Re: [TLS] Getting started, clock not set yet Eric Rescorla
- Re: [TLS] Getting started, clock not set yet Rob Sayre
- Re: [TLS] Getting started, clock not set yet Eric Rescorla
- Re: [TLS] Getting started, clock not set yet Rob Sayre
- Re: [TLS] Getting started, clock not set yet Eric Rescorla
- Re: [TLS] Getting started, clock not set yet Christopher Wood
- Re: [TLS] Getting started, clock not set yet Benjamin Kaduk
- Re: [TLS] Getting started, clock not set yet Eric Rescorla
- Re: [TLS] Getting started, clock not set yet Benjamin Kaduk
- Re: [TLS] Getting started, clock not set yet Peter Gutmann
- Re: [TLS] Getting started, clock not set yet Kyle Rose
- Re: [TLS] Getting started, clock not set yet Christian Huitema
- Re: [TLS] Getting started, clock not set yet Benjamin Kaduk
- Re: [TLS] Getting started, clock not set yet Robert Relyea
- Re: [TLS] Getting started, clock not set yet Christian Huitema
- Re: [TLS] Getting started, clock not set yet Hal Murray
- Re: [TLS] Getting started, clock not set yet Peter Gutmann
- Re: [TLS] Getting started, clock not set yet Kyle Rose
- Re: [TLS] Getting started, clock not set yet Hal Murray
- Re: [TLS] Getting started, clock not set yet Kyle Rose
- Re: [TLS] Getting started, clock not set yet Salz, Rich
- Re: [TLS] Getting started, clock not set yet Peter Gutmann
- Re: [TLS] Getting started, clock not set yet Peter Gutmann
- Re: [TLS] Getting started, clock not set yet Kyle Rose
- Re: [TLS] Getting started, clock not set yet Peter Gutmann
- Re: [TLS] Getting started, clock not set yet Kyle Rose
- Re: [TLS] Getting started, clock not set yet Peter Gutmann