Re: [tsvwg] [saag] Comments on draft-ietf-tsvwg-transport-encrypt-08.txt

Phillip Hallam-Baker <phill@hallambaker.com> Sat, 09 November 2019 17:41 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0C1C1200DF; Sat, 9 Nov 2019 09:41:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.646
X-Spam-Level:
X-Spam-Status: No, score=-1.646 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d_ou4yZr77mp; Sat, 9 Nov 2019 09:41:11 -0800 (PST)
Received: from mail-ot1-f50.google.com (mail-ot1-f50.google.com [209.85.210.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97C7C12001E; Sat, 9 Nov 2019 09:41:11 -0800 (PST)
Received: by mail-ot1-f50.google.com with SMTP id r24so7931938otk.12; Sat, 09 Nov 2019 09:41:11 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4Z2nrpbkl7DAGEImb1j1IU8wCyTShzhSLhrCU2apWGM=; b=PtNSLUwdET0DSoMOoAMi2beRQWFFOlIuDjFXjGwZftlN1vXZrKQ2T/yhILezVUkUyJ pgI3x/Ej8nWv5Sx66PJrGHLGz6c/NtpGqZqUDIZ4Kp+VgroT78PfND2XAPG0+I8oDYGJ 3Nqh4reYKsta9eWqC7SpvPAfVdov6TliPY/thUvirXItVXR4WZbBse4GOGw/aPLLsCAw TZoFr5UJZJPHQ+/5D9vVMNaZsm04W4k3GrujNK8yEZdVGLEnC5t4L76t1UBnQ1/nRc5L TDo+hFNtBMs5CWn/Dcf55wmvByLZURuLWyjYmeZyI9cXAQcwcx+CaG8fRa9YtEOTHemd xzGw==
X-Gm-Message-State: APjAAAWsc6kscYg43JBvhs8D4C50PRXLVt2hWE7wFJ7YCG0KyXJeEOul scyIp9wZE7u+TeLTzwxgK3rBH5yuQIQLpKP67VIObQ==
X-Google-Smtp-Source: APXvYqx11V670DL4Z1T5oy4mrxGKV222w34anhLmSbBKyv93X1pzyVFhKq96FcX0kwYkoNPTdJwcrUAaY3tFw2rq1Y8=
X-Received: by 2002:a9d:6f15:: with SMTP id n21mr11002779otq.231.1573321270727; Sat, 09 Nov 2019 09:41:10 -0800 (PST)
MIME-Version: 1.0
References: <CABcZeBPajzuEdw8=M1g1i-TAniJ9O+H5dEMxv8c6N3tD=7mSvw@mail.gmail.com> <CAMm+Lwg2SxwKoqS3wDe6X3X-2W5i-eR76094GqzERM0OxWOR6w@mail.gmail.com>
In-Reply-To: <CAMm+Lwg2SxwKoqS3wDe6X3X-2W5i-eR76094GqzERM0OxWOR6w@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Sat, 9 Nov 2019 12:40:59 -0500
Message-ID: <CAMm+LwiJ_kTr_eg9CBr4a+FXDtXxY6Ck2v7Xj50yBzryynCUWg@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: tsvwg IETF list <tsvwg@ietf.org>, IETF SAAG <saag@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007598730596ed6787"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/3_jn9h2T-6RguWPPxTFGBCma7jc>
Subject: Re: [tsvwg] [saag] Comments on draft-ietf-tsvwg-transport-encrypt-08.txt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Nov 2019 17:41:13 -0000

People have asked me for an infographic to illustrate my point. Well I only
have text here.

Encryption is like a too-short blanket when you are trying to sleep in bed.
If you pull it up over your shoulders, you get cold toes. If you cover your
feet, the rest of you gets cold. There is nowhere that you can put that
blanket that is going to keep all of you warm and they only come in one
size. So what you need is more blankets.

If we only have one layer of encryption for headers and payload, it is all
or nothing. If the payload is encrypted inside the encrypted transport, we
can strip off the transport encryption with much less risk.


And that is part of what we will be discussing in the MATHMESH BOF in the
first session of the first day in Singapore.