Re: [TLS] TLS Impact on Network Security draft updated

Watson Ladd <watsonbladd@gmail.com> Tue, 23 July 2019 22:58 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD91C1200B8 for <tls@ietfa.amsl.com>; Tue, 23 Jul 2019 15:58:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fIDnFKlx2ZJD for <tls@ietfa.amsl.com>; Tue, 23 Jul 2019 15:58:20 -0700 (PDT)
Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 765D01200B1 for <tls@ietf.org>; Tue, 23 Jul 2019 15:58:20 -0700 (PDT)
Received: by mail-lj1-x22f.google.com with SMTP id m23so42557329lje.12 for <tls@ietf.org>; Tue, 23 Jul 2019 15:58:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YIxqV+2yJEO102CyPkEwlnSO2tbCEgm3llSBaCwQYQ4=; b=ofyfS1IllB9Ovcb5pPM5BpH/tuvYg4H/vANLblxqxY97Kxqzj+Uktg21eIe5wt5Lu+ H1Pj7l/dk0E8Hk9dA3MEyP63mG6GPH3GdPlJf718GlknKFBhRbLmDZEIUxw9pmnoLEqQ 7Ml5AQAfBMqL74b6dg4A5DO872m343ZNzLOgToHMczoL5UxT5rtElXhhuJSMrEk90m9r GJN11Jlk6Ndi9yUYPUNFoEnYPUI8t8pv+6cmFQVYDFEsyJtfNoVxXsAHBKkIYbGIAoPY QBZgdFxwZU/1pKB2vCg+ASWoQGKh2BsQOmeaO6IZSKp4P+r9yBfzU9Qq9CJqcm7N0N5j qApA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YIxqV+2yJEO102CyPkEwlnSO2tbCEgm3llSBaCwQYQ4=; b=UIJ7oUELG6qVz2LEwWbQ1HogWiWvOKLU477A6/wREE28KJ9A4AE1vpFdRnxvxnmKXW lMPQ6p2IJZAAZ3wDPCGx/6DuMv7gCH/epCXEFaDXuBoW3DSCySXN13SojbjY0fOpQhJq Fdl1onAq1ejQzI6DznZ5D5l8+I5DNt7iY764aSRdXpOBF+wgXDc17w0Hy2j+YszOkPTu pJi965kLLDvwT7+LHP+5q+u359k796l/qe/jnUXfkNdZ5a1UYRHGffxGtDHRHFln2g/Y mUrXvtwI3Q5j8ebgtzA2JH52H311qg1T4UUlZaRoB8BqSygPmBsCIz8a4hiGB4WOxQUv vyew==
X-Gm-Message-State: APjAAAWnD578RVDVcQxdQ8tr/pVYbcxBGi7nlqp7BRm0yHQc44bMJ74Q PZEbFZ7JIWv5Mx6Urj5cEPpqDbm6nBzWz55dXqrUF2+h
X-Google-Smtp-Source: APXvYqzIkV9eGT/ej4L7XNupdQll/CH5NYmUeuZjcZQcD5sSDaNQdMvBryVlMmlXzHsC56wxmgXKRY1wCL5tr0ML/TE=
X-Received: by 2002:a2e:8602:: with SMTP id a2mr38983377lji.206.1563922698613; Tue, 23 Jul 2019 15:58:18 -0700 (PDT)
MIME-Version: 1.0
References: <6AF48228-19C2-41C7-BA86-BA16940C3CFF@cisco.com> <77d58a41-7a6b-4886-a4d4-22dcb229100b@www.fastmail.com>
In-Reply-To: <77d58a41-7a6b-4886-a4d4-22dcb229100b@www.fastmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Tue, 23 Jul 2019 15:58:06 -0700
Message-ID: <CACsn0cmxuUTxAGxdmmtyg7BX0GPJLht343CRcFrakLvsbKM2zQ@mail.gmail.com>
To: Filippo Valsorda <filippo@ml.filippo.io>
Cc: TLS List <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e83794058e612077"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/yALjsjrDbYMr3MiYATpNiqAQLxk>
Subject: Re: [TLS] TLS Impact on Network Security draft updated
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 22:58:23 -0000

On Tue, Jul 23, 2019, 3:47 PM Filippo Valsorda <filippo@ml.filippo.io>
wrote:

> Before any technical or wording feedback, I am confused as to the nature
> of this document. It does not seem to specify any protocol change or
> mechanism, and it does not even focus on solutions to move the web further.
>
> Instead, it looks like a well edited blog post, presenting the perspective
> of one segment of the industry. (The perspective seems to also lack
> consensus, but I believe even that is secondary.) Note how as of
> draft-camwinget-tls-use-cases-05 there are no IANA considerations, no
> security considerations, and no occurrences of any of the BCP 14 key words
> (MUST, SHOULD, etc.).
>
> Is there precedent for publishing such a document as an RFC?
>

I was going to say RFC 691 but no, it recommends changes to the protocol
(as well as being quite amusing). RFC 4074 comes close describing bad
behavior without an explicit plea to stop doing it, but has a security
considerations section. RFC 7021 describes the impact of a particular
networking technique on applications.

So there is precedent.

Sincerely,
Watson