Re: [tsvwg] [saag] TSVWG WGLC: draft-ietf-tsvwg-transport-encrypt-08, -> logging

Lars Eggert <lars@eggert.org> Sun, 13 October 2019 20:06 UTC

Return-Path: <lars@eggert.org>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E946120047 for <tsvwg@ietfa.amsl.com>; Sun, 13 Oct 2019 13:06:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wfo0XaqIfjVJ for <tsvwg@ietfa.amsl.com>; Sun, 13 Oct 2019 13:06:19 -0700 (PDT)
Received: from emh02.mail.saunalahti.fi (emh02.mail.saunalahti.fi [62.142.5.108]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B708C120024 for <tsvwg@ietf.org>; Sun, 13 Oct 2019 13:06:19 -0700 (PDT)
Received: from eggert.org (unknown [62.248.255.8]) by emh02.mail.saunalahti.fi (Postfix) with ESMTP id 14C152009A; Sun, 13 Oct 2019 23:06:15 +0300 (EEST)
From: Lars Eggert <lars@eggert.org>
Message-Id: <E3E6C83F-1415-4268-BCEE-EDE0860C0318@eggert.org>
Content-Type: multipart/signed; boundary="Apple-Mail=_968576AA-605C-433A-A3E9-EFA83A89DFB2"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Sun, 13 Oct 2019 22:05:54 +0200
In-Reply-To: <6EC6417807D9754DA64F3087E2E2E03E2D499E66@rznt8114.rznt.rzdir.fht-esslingen.de>
Cc: Gorry Fairhust <gorry@erg.abdn.ac.uk>, Christian Huitema <huitema@huitema.net>, "tsvwg@ietf.org" <tsvwg@ietf.org>
To: "Scharf, Michael" <Michael.Scharf@hs-esslingen.de>
References: <CE03DB3D7B45C245BCA0D2432779493630766752@MX307CL04.corp.emc.com> <e8c30f3f-606f-0c0d-a7dd-b2bb6f31a9fd@huitema.net> <5DA18567.9060400@erg.abdn.ac.uk> <6EC6417807D9754DA64F3087E2E2E03E2D499E66@rznt8114.rznt.rzdir.fht-esslingen.de>
X-MailScanner-ID: 6FE8F844D0B.A76AC
X-MailScanner: Found to be clean
X-MailScanner-From: lars@eggert.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/DEUry38l5CzDzaw92axN0BVr8X8>
Subject: Re: [tsvwg] [saag] TSVWG WGLC: draft-ietf-tsvwg-transport-encrypt-08, -> logging
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Oct 2019 20:06:22 -0000

Hi,

On 2019-10-13, at 7:58, Scharf, Michael <Michael.Scharf@hs-esslingen.de> wrote:
> I guess many generations of young engineers and future software developers have learnt TCP/IP by looking at the IP and TCP headers in PCAP files.

my guess is that most students would be in control of one of the endpoints (sending or receiving the traffic of interest), in which case they can still dissect the protocol. Wireshark can decode QUIC traffic just fine if you provide it with the keys.

Lars