IETF Logo Mail Archive

Re: [Tsv-art] game over, EH [Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06]

Eric Rescorla <ekr@rtfm.com> Fri, 07 December 2018 13:02 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4D3B12DD85 for <tsv-art@ietfa.amsl.com>; Fri, 7 Dec 2018 05:02:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.358
X-Spam-Level:
X-Spam-Status: No, score=-3.358 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fK0DhbLkCS1o for <tsv-art@ietfa.amsl.com>; Fri, 7 Dec 2018 05:02:55 -0800 (PST)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB253128D68 for <tsv-art@ietf.org>; Fri, 7 Dec 2018 05:02:54 -0800 (PST)
Received: by mail-lj1-x233.google.com with SMTP id s5-v6so3450918ljd.12 for <tsv-art@ietf.org>; Fri, 07 Dec 2018 05:02:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=AHh9o6qH8rx1HdF8tHV7hLMjbEMhz6/faR8iGtDE5GA=; b=CqqEXi2azI3Hxm8mV8b9bYm0oNcTSlf+hxSTzG7CbUSJEg0shvpiKOHpZoCR+IW6jX 3fM2fEfLSX5WJqBOeL/nTNWpDN1LgqglES4WsF1GyZxs4d+3XYlZPBVrBLniq6GtMhX+ VVLfn1gLE8cx1OVh/uYF7jx7gHKvn707fLK2oeueSmqM9qV81wa+W8V/fTLe1BxiELVu +QIbrkPZO7jQr+VTTvXC1YGaEWl1TR0zwRIHE+vMG+7Vvz7cSHYrF/kUeJH5w1Rvk33/ 2V5ALSrlzrrhop5+5IczPMCSMdmD577ag01BQXPOKtORHYlU6C0aA50jKLmNVCTZQGrG J8OA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=AHh9o6qH8rx1HdF8tHV7hLMjbEMhz6/faR8iGtDE5GA=; b=IupJZ9zYvoQX0L6OcBOpBbjdTVfpqPMdcUa3RGHD7rclumKCJdgW3uvg/541Whs6Bs z71PFt7b6BkUkfN3j7QCzmZTrwsasrIgCXmLp8HgD2R8BRehrqAOBSJhXQFDZY20DEnU mQjxci/TvE3BSjYCCqmKDRNjOxaQrDMh4W8awsZROr66++25voYZxUv27kWDqqnLZOLz K/fimEm1pdR5m0stHReOkFeju9OSSyafvy+hDx7ow/Guym7P90TndCn79P2wId+m5FZo 4LpdRNvtORUK8WlFzh/P16CyuoY87OIavk6irxg1IWEmlIlSPexXCx48U9+riIzu7V23 TV8w==
X-Gm-Message-State: AA+aEWZz9grmDavwq+O782azaGCT6tH4gALfynA/cTStigXfCE8t0vYC gqCDwA5yBkl/4I/Z43sdkRFxxCAtWX1zZC2IXASEhg==
X-Google-Smtp-Source: AFSGD/Xx4y8FygJJhi4qdvc9Wnmn386133oySDNtKM1D8GqKLwdUa4b1l89RFYdgDJml5R2NqG+txfEJQBieGmzaKXM=
X-Received: by 2002:a2e:2d11:: with SMTP id t17-v6mr1289155ljt.159.1544187773077; Fri, 07 Dec 2018 05:02:53 -0800 (PST)
MIME-Version: 1.0
References: <CACL_3VGeJPzDhS0RVAvpQs9W8b4EODft-qJRwBD6Xxm+X6BZ6A@mail.gmail.com> <CAL9jLabK0bZz2nki=oFNHT0OrpVAB8pw7emAj2BtkHRCzkfmqQ@mail.gmail.com> <cf64abbf-e447-71e3-b983-4e525cc139aa@gmail.com> <CAL9jLaYMRDGFa7Qzj4ukRV1FPbJM40qbuZ34SYxoA30Z+h3EWw@mail.gmail.com> <20181205085227.GG1543@Space.Net> <9ba948f9-f286-1016-2dbd-f7056a15e744@gmail.com> <74d89efc-bfba-6e54-ebb2-d688e45b139f@gmail.com> <20181206125726.GG1543@Space.Net> <d078ea0f-3c2c-f782-4c1a-b54c463b48ce@gmail.com> <CAKKJt-eNCeV4hS=v99NGAYFkkmLdSO5Cp9gk2ojdbZ5vrU7img@mail.gmail.com> <90130407-2B6E-491A-AB9B-BEBB45604D50@puck.nether.net> <CABcZeBNB3scdEm0aF99KeD3F=JvqCU1yaxL1cepFhnE+dg=0Wg@mail.gmail.com> <CAL9jLaYiMbMfyLK8b97TEqNcJVaQzfyC=HZvo4F01b3KZaYdVg@mail.gmail.com>
In-Reply-To: <CAL9jLaYiMbMfyLK8b97TEqNcJVaQzfyC=HZvo4F01b3KZaYdVg@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 07 Dec 2018 05:02:13 -0800
Message-ID: <CABcZeBOrBLYYDB-kd=UF_wJy5n4KzcE9AU=kXMNbX_0_uQVc6g@mail.gmail.com>
To: morrowc.lists@gmail.com
Cc: jared@puck.nether.net, IETF discussion list <ietf@ietf.org>, draft-ietf-opsec-ipv6-eh-filtering.all@ietf.org, heard@pobox.com, opsec@ietf.org, tsv-art@ietf.org, gert@space.net
Content-Type: multipart/alternative; boundary="000000000000ae7434057c6e3b4c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/IBJsKlFzqmlWA-A8hEAMogtvwtg>
Subject: Re: [Tsv-art] game over, EH [Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06]
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Dec 2018 13:02:58 -0000

On Thu, Dec 6, 2018 at 9:10 PM Christopher Morrow <morrowc.lists@gmail.com>
wrote:

>
>
> On Thu, Dec 6, 2018 at 5:41 PM Eric Rescorla <ekr@rtfm.com> wrote:
>
>>
>> routing area (key agility, a stronger algorithm than MD5). And of course
>> TCP-AO doesn't attempt to provide privacy. Perhaps you can elaborate on
>> what you're referring to here?
>>
>>>
>>>
> "TCP-AO is a lie, there is zero deployable code anywhere that supports it"
>
> was that the gist of his comment?
>

A rather more elaborated version of this


it'd be the whole of mine... because honestly it's the truth.
>

Sure, but as I said, I don't think of TCP-AO as an example of crypto
overreach. It's not something that security people tried to force on the
routing people, but rather something that was designed to what we
understood the requirements of the routing community. It's of course
possible, perhaps even likely, that we got it wrong, but that's a very
different thing.

-Ekr

v2.23.0 | Report a Bug | By Email