Re: [Uta] opportunistic keying / encryption considered of dubious value
Keith Moore <moore@network-heretics.com> Sat, 15 March 2014 18:52 UTC
Return-Path: <moore@network-heretics.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CB8D1A01D5 for <uta@ietfa.amsl.com>; Sat, 15 Mar 2014 11:52:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kEhAkCLbf-uf for <uta@ietfa.amsl.com>; Sat, 15 Mar 2014 11:52:57 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) by ietfa.amsl.com (Postfix) with ESMTP id A65211A0193 for <uta@ietf.org>; Sat, 15 Mar 2014 11:52:57 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.mail.srv.osa [10.202.2.41]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 6F4BF207AD for <uta@ietf.org>; Sat, 15 Mar 2014 14:52:50 -0400 (EDT)
Received: from frontend1 ([10.202.2.160]) by compute1.internal (MEProxy); Sat, 15 Mar 2014 14:52:50 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; s=smtpout; bh=om3/KieEna1WHbJcVi05qO MJWC4=; b=IXctfMkkl3Y5zdwEF/mHmiRk7FUDi5WSIU8dK3mLuuB9r4redjLCBl ry1VrZasa0Dvin+w/FGMVDC0zVW18SipVtX8gvSCqsHuV1K43H6w7+FNr0DaGOqV qGaNQjjp5S85aF9V7vCQCWDQQt4/Vo+mphAXbdrlmMenTB5ZV4cX4=
X-Sasl-enc: DfQT6T9AOdlo+QKMda93e2/VBfSpdHbZq0fHoKceJ1Z8 1394909570
Received: from [192.168.1.4] (unknown [65.16.145.177]) by mail.messagingengine.com (Postfix) with ESMTPA id B46A2C00005; Sat, 15 Mar 2014 14:52:49 -0400 (EDT)
Message-ID: <5324A17B.2010705@network-heretics.com>
Date: Sat, 15 Mar 2014 14:52:43 -0400
From: Keith Moore <moore@network-heretics.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Watson Ladd <watsonbladd@gmail.com>
References: <53249D4E.2080104@network-heretics.com> <CACsn0ckE8_-r1RcbfV-szOjPB7m4dLvc2qRJoY5L34qK0yYuYA@mail.gmail.com>
In-Reply-To: <CACsn0ckE8_-r1RcbfV-szOjPB7m4dLvc2qRJoY5L34qK0yYuYA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/Ftn5gOInrEJfUnBmyDON01hsCUg
Cc: "uta@ietf.org" <uta@ietf.org>
Subject: Re: [Uta] opportunistic keying / encryption considered of dubious value
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Mar 2014 18:52:59 -0000
On 03/15/2014 02:43 PM, Watson Ladd wrote: > All DANE/TOFU/latching imply a commitment by both sides to maintain > and manage identity. This cost is why we don't encrypt today. I don't think so. I think we don't encrypt today because many application protocols solidified in the late 1990s when there were more barriers to use of encryption, and there simply hasn't been sufficient pressure to update them and overcome the inertia of the installed base until (perhaps) now. Also, I don't see how DANE implies a commitment by both sides. And I don't think latching or TOFU requires (much) additional effort on the part of sysadmins. > Furthermore, with the new email headers, we can probably design > mechanisms to say "send only to nodes with verified identity. If you > run into trouble don't." vs "hide me from casual inspection" vs. "it > needs to get there". I'd need to see a specific proposal, but offhand trying to embed such requests in email headers strikes me as poor design (i.e. layering violation) and also easy to defeat. Keith
- [Uta] opportunistic keying / encryption considere… Keith Moore
- Re: [Uta] opportunistic keying / encryption consi… Watson Ladd
- Re: [Uta] opportunistic keying / encryption consi… Keith Moore
- Re: [Uta] opportunistic keying / encryption consi… Paul Hoffman
- Re: [Uta] opportunistic keying / encryption consi… Keith Moore
- Re: [Uta] opportunistic keying / encryption consi… Michael Richardson
- Re: [Uta] opportunistic keying / encryption consi… Keith Moore
- Re: [Uta] opportunistic keying / encryption consi… Michael Richardson
- Re: [Uta] opportunistic keying / encryption consi… Keith Moore
- Re: [Uta] opportunistic keying / encryption consi… Yan Zhu
- Re: [Uta] opportunistic keying / encryption consi… Stephen Farrell
- Re: [Uta] opportunistic keying / encryption consi… Alyssa Rowan
- Re: [Uta] opportunistic keying / encryption consi… Olle E. Johansson
- Re: [Uta] opportunistic keying / encryption consi… Keith Moore
- Re: [Uta] opportunistic keying / encryption consi… Leif Johansson
- Re: [Uta] opportunistic keying / encryption consi… Alan Johnston
- Re: [Uta] opportunistic keying / encryption consi… Keith Moore
- Re: [Uta] opportunistic keying / encryption consi… Keith Moore
- Re: [Uta] opportunistic keying / encryption consi… Yan Zhu
- Re: [Uta] opportunistic keying / encryption consi… Daniel Kahn Gillmor
- Re: [Uta] opportunistic keying / encryption consi… Keith Moore
- Re: [Uta] opportunistic keying / encryption consi… Stephen Farrell
- Re: [Uta] opportunistic keying / encryption consi… Keith Moore
- Re: [Uta] opportunistic keying / encryption consi… Michael Richardson
- [Uta] getting back to UTA and injecting clue (was… Eliot Lear
- Re: [Uta] opportunistic keying / encryption consi… Salz, Rich
- Re: [Uta] opportunistic keying / encryption consi… Alyssa Rowan
- Re: [Uta] opportunistic keying / encryption consi… Olle E. Johansson
- Re: [Uta] opportunistic keying / encryption consi… Daniel Kahn Gillmor
- Re: [Uta] opportunistic keying / encryption consi… Alyssa Rowan
- Re: [Uta] opportunistic keying / encryption consi… Alyssa Rowan
- Re: [Uta] opportunistic keying / encryption consi… Stephen Farrell
- Re: [Uta] getting back to UTA and injecting clue Stephen Farrell
- Re: [Uta] opportunistic keying / encryption consi… Stephen Farrell
- Re: [Uta] getting back to UTA and injecting clue … Olle E. Johansson
- Re: [Uta] opportunistic keying / encryption consi… Keith Moore
- Re: [Uta] opportunistic keying / encryption consi… Orit Levin (LCA)
- Re: [Uta] opportunistic keying / encryption consi… Rick Andrews
- Re: [Uta] opportunistic keying / encryption consi… Stephen Farrell
- Re: [Uta] opportunistic keying / encryption consi… Trevor Perrin
- Re: [Uta] opportunistic keying / encryption consi… Stephen Farrell
- Re: [Uta] opportunistic keying / encryption consi… Trevor Perrin
- Re: [Uta] opportunistic keying / encryption consi… Watson Ladd
- Re: [Uta] opportunistic keying / encryption consi… Christian Huitema
- Re: [Uta] opportunistic keying / encryption consi… t.p.
- Re: [Uta] opportunistic keying / encryption consi… Adam Langley
- Re: [Uta] opportunistic keying / encryption consi… t.p.
- Re: [Uta] getting back to UTA and injecting clue Peter Saint-Andre
- Re: [Uta] getting back to UTA and injecting clue Peter Saint-Andre
- Re: [Uta] getting back to UTA and injecting clue Alexey Melnikov
- Re: [Uta] getting back to UTA and injecting clue Leif Johansson