IETF Logo Mail Archive

Re: [Uta] Opportunistic encryption and authentication agility

Trevor Perrin <trevp@trevp.net> Sat, 22 March 2014 06:54 UTC

Return-Path: <trevp@trevp.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 751E71A0880 for <uta@ietfa.amsl.com>; Fri, 21 Mar 2014 23:54:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lrvsxqTgOoaG for <uta@ietfa.amsl.com>; Fri, 21 Mar 2014 23:54:47 -0700 (PDT)
Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) by ietfa.amsl.com (Postfix) with ESMTP id 1FAAC1A087F for <uta@ietf.org>; Fri, 21 Mar 2014 23:54:46 -0700 (PDT)
Received: by mail-wg0-f50.google.com with SMTP id x13so2139871wgg.33 for <uta@ietf.org>; Fri, 21 Mar 2014 23:54:37 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=XpWjgOMcFtJ6Q7ctFWuY32vmaltwZbcIG5uMFragPW0=; b=HzJjKb3Aojfj09maAK1yoanQ1k4Y1je2ziDp9i67Ct5cWDI3S8dq+WrTQEq4dfim2h VDxrgjg/rE2gjLsIRBdFx3xLBY6X7Ei9OKhykcbUNOzUCpjsdzWr2HOP2eFNpPXvuoxl 9aYNHZSDr+oOUb44xiyPtA3WnvCmLKtKiUy5JtwbP1lh71EUgrt7tqvT/dNND6+zeuje B+CdtYoX6QDcSfsJGLz6o08Jw0xNE/4MvCqDJ4nONLRWUWWL3mtzLsE1XjYy4XqLRxC3 0v18Eefb6NgT6VY+X9J6TTAZCYJdcBRfyayWtpd/M1LeeKZYRvS5v2iOGWPAOp6zeSH8 251A==
X-Gm-Message-State: ALoCoQlXNMmP75Jrb9IDy439KXevDOg1Uk1OUgFXMGG+05bZsaj/x5tYIFYtEpqhYJVQBguZIRqm
MIME-Version: 1.0
X-Received: by 10.180.185.197 with SMTP id fe5mr1970865wic.56.1395471277058; Fri, 21 Mar 2014 23:54:37 -0700 (PDT)
Received: by 10.216.45.146 with HTTP; Fri, 21 Mar 2014 23:54:37 -0700 (PDT)
X-Originating-IP: [184.23.29.222]
In-Reply-To: <532CFAB0.4070301@network-heretics.com>
References: <CAGZ8ZG0rBxiE2dGZXhpvhKiyJOu=6Bn8sQ2seJ9_KvgPjmaaRg@mail.gmail.com> <532CFAB0.4070301@network-heretics.com>
Date: Fri, 21 Mar 2014 23:54:37 -0700
Message-ID: <CAGZ8ZG2OYeP23-wB=rwBgNCOaczjbHq=st9tGeo8JN_WvasXzg@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: Keith Moore <moore@network-heretics.com>
Content-Type: text/plain; charset="ISO-8859-1"
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/Cd3jZm5gGxJlx4xvmDAT5c2VDMc
Cc: "uta@ietf.org" <uta@ietf.org>
Subject: Re: [Uta] Opportunistic encryption and authentication agility
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Mar 2014 06:54:48 -0000

On Fri, Mar 21, 2014 at 7:51 PM, Keith Moore <moore@network-heretics.com> wrote:
>
> So our task is to make recommendations that server operators and client
> implementors want to implement, but which still improve security in the near
> term - and (perhaps more importantly) which also leave room for security to
> get better in the future.   To me this says that to endorse bare OE for any
> particular application should be an absolute last resort.

I'm not sure how much we disagree.  Of course authentication is better
than none.

But I disagree with the HTTPS approach of disallowing encryption
unless it can be done with an IETF-approved method of authentication
and signalled to the user as a secure connection.

I think we should have the ability to encrypt HTTP using new auth
methods which may or may not get signalled.  That would lower the bar
for experimenting with and deploying new methods.


>> In the case of HTTPS, the Web PKI has been mandated.  A small site
>> that doesn't want to pay the costs of Web PKI but would be willing to
>> deploy cheaper methods (pinning; DNSSEC/DANE) cannot do so.
>
>
> Who has mandated the "Web PKI" as the only way to verify a server cert?   Is
> this carved in stone?

I'm talking about mandates on the server.

The installed base mandates that any HTTPS URL requires a valid cert.
That pretty much *is* carved in stone.


>> If opportunistic TLS was allowed, then we would have the ability to
>> deploy new auth methods without having to forever support whatever was
>> in vogue when the initial standard came out.
>>
>> I think that argues in favor of opportunistic TLS, for HTTP and other
>> protocols.
>
>
> I don't get it.  If the UTA WG can recommend that web clients permit OE, why
> can't it just as easily recommend that web clients treat OE (from a UI
> perspective) as no better than cleartext, but support pinning and/or DANE
> TLSA as alternative ways to verify a server cert to provide some indication
> to the user that the connection is secure?

Sounds great, that's what I want.


Trevor

v2.23.0 | Report a Bug | By Email