Re: [TLS] New direction for TLS?
Benjamin Kaduk <bkaduk@akamai.com> Fri, 14 February 2020 20:03 UTC
Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7D40120B3F for <tls@ietfa.amsl.com>; Fri, 14 Feb 2020 12:03:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id drjR6eLUAvgV for <tls@ietfa.amsl.com>; Fri, 14 Feb 2020 12:03:10 -0800 (PST)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28A67120A99 for <tls@ietf.org>; Fri, 14 Feb 2020 12:03:10 -0800 (PST)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.0.42/8.16.0.42) with SMTP id 01EK1sdx027779; Fri, 14 Feb 2020 20:03:09 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=jan2016.eng; bh=ugsWFbFouvO7SyvatnUKXYbI//XXrWAtFJgcLPls3dw=; b=AgRDRpzPfS7K79L2aUeC1HKdPXN88/xxaWPQQZ9Tk9+u/QjILi6uhw9/Y9xXGPeo9I5n fa6wtwUS318/O0Wlrbky5A/uybgQMNYhO+r5yZZCT5KX1m/IxZeHKa8CNwdNJ7XOETL3 mqxhAFCM0ENYFGPwxTJKhDMa1th4JhSKIt/MHfAQkIfzI6AQUR3UBYiNV4xMCWgCjYOJ QnmBGNJB7cpLzUJfbz0e12k42OLub9oIrfB4Z/kpyONAV3qQmGPaR4f5ZLkodvgn1nzL r6XZ5PPzldo+Xmhxi4sdoWAh7m7bGrWHkiTRHZh/tsW3hkPyN31V8gqYP6eaKj7oWfEv ZQ==
Received: from prod-mail-ppoint4 (prod-mail-ppoint4.akamai.com [96.6.114.87] (may be forged)) by m0050102.ppops.net-00190b01. with ESMTP id 2y45815hj3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 14 Feb 2020 20:03:09 +0000
Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.0.27/8.16.0.27) with SMTP id 01EJpT1m028532; Fri, 14 Feb 2020 15:03:08 -0500
Received: from prod-mail-relay15.akamai.com ([172.27.17.40]) by prod-mail-ppoint4.akamai.com with ESMTP id 2y5bdcnb28-1; Fri, 14 Feb 2020 15:03:08 -0500
Received: from akamai.com (bos-lpczi.santaclara.corp.akamai.com [172.19.105.107]) by prod-mail-relay15.akamai.com (Postfix) with ESMTP id 1063421F86; Fri, 14 Feb 2020 20:03:07 +0000 (GMT)
Date: Fri, 14 Feb 2020 12:03:07 -0800
From: Benjamin Kaduk <bkaduk@akamai.com>
To: Michael D'Errico <mike-list@pobox.com>
Cc: tls@ietf.org
Message-ID: <20200214200306.GA27885@akamai.com>
References: <c8452bf3-54ed-475e-8040-b3cd520b609e@www.fastmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <c8452bf3-54ed-475e-8040-b3cd520b609e@www.fastmail.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2020-02-14_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=619 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2002050000 definitions=main-2002140143
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-02-14_07:2020-02-14, 2020-02-14 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 impostorscore=0 bulkscore=0 adultscore=0 suspectscore=0 lowpriorityscore=0 phishscore=0 clxscore=1011 spamscore=0 malwarescore=0 priorityscore=1501 mlxscore=0 mlxlogscore=641 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2001150001 definitions=main-2002140145
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/wD0FL3YWi7zVvxYmrPq7CZW2Qf4>
Subject: Re: [TLS] New direction for TLS?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Feb 2020 20:03:12 -0000
Hi Mike, On Fri, Feb 14, 2020 at 09:46:56AM -0500, Michael D'Errico wrote: > Hi, > > It's been a long time since I posted to this list but saw that the charter is being updated and wanted to share an idea I had a while ago but have not found the time to work on. The TL;DR is to deprecate TLS and rebuild security on top of DTLS. With DTLS, you have encrypted packets, so think of them as the new IP and build TCP on top of that. It'd be like making the internet run on TCP/DTLS instead of TCP/IP, so most of the work is already done. I think this is all I need to say to get the idea across, but I can add detail if needed. This sounds really similar to QUIC (https://datatracker.ietf.org/wg/quic/documents); perhaps you could take a look and try to describe any differences between your idea and what's being done there? -Ben
- [TLS] New direction for TLS? Michael D'Errico
- Re: [TLS] New direction for TLS? Benjamin Kaduk
- Re: [TLS] New direction for TLS? Yoav Nir
- Re: [TLS] New direction for TLS? Michael D'Errico