IETF Logo Mail Archive

Re: [Uta] Opportunistic encryption and authentication agility

Aaron Zauner <azet@azet.org> Sat, 22 March 2014 02:50 UTC

Return-Path: <azet@azet.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A59101A043A for <uta@ietfa.amsl.com>; Fri, 21 Mar 2014 19:50:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ylmB9X0fYpK for <uta@ietfa.amsl.com>; Fri, 21 Mar 2014 19:50:49 -0700 (PDT)
Received: from mail-yk0-f177.google.com (mail-yk0-f177.google.com [209.85.160.177]) by ietfa.amsl.com (Postfix) with ESMTP id 296431A033B for <uta@ietf.org>; Fri, 21 Mar 2014 19:50:49 -0700 (PDT)
Received: by mail-yk0-f177.google.com with SMTP id q200so8494222ykb.8 for <uta@ietf.org>; Fri, 21 Mar 2014 19:50:39 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=YoKl24Ciu+1pWtBSstOAEAj/uFBLA/m3ltVBY9WqJbs=; b=Ko9Q3+Qs5toN9sAT+Md6Pvnv/5QOsm4h6epxc8icBzsTbd196EcFe5MOMcPLYdzhBR M7V2j+5qqgEe+MD6da/8NUnmRSa5PBy/CH8BLIP9zKDX+Iv2JaQY/qEf8F2q4b28yXmt BBGGEDHyinM8g1JAEHSBlM9ah6lkGrJVAdJyU2NaeXIiwphVYDmvFqumrkMI8vRJNx5g r6pwAdhbwWDZ/lwvkyxY1i5B28IggwMfCgqFNxdnFB5iUD3+CvY9hxxXjN8qKlf7BTeP KDh5wC+RTXXkK74aDb2fhUaMU3jnY0Oc0zEhuDrSMhkWK+Jk8IZJTj6k9Ramnco6SuiM /iEg==
X-Gm-Message-State: ALoCoQnxreMXcjiMCI+X61N69Ye5XwOyy09z9oPKf/z7DLZJP+yKu/fkjI518UGw3OZqNDXWcyPX
X-Received: by 10.236.131.19 with SMTP id l19mr46922946yhi.0.1395456639389; Fri, 21 Mar 2014 19:50:39 -0700 (PDT)
Received: from [0.0.0.0] ([37.48.84.43]) by mx.google.com with ESMTPSA id d32sm11287998yhq.27.2014.03.21.19.50.34 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 21 Mar 2014 19:50:37 -0700 (PDT)
Message-ID: <532CFA85.5040501@azet.org>
Date: Sat, 22 Mar 2014 03:50:45 +0100
From: Aaron Zauner <azet@azet.org>
User-Agent: Postbox 3.0.9 (Macintosh/20140129)
MIME-Version: 1.0
To: Trevor Perrin <trevp@trevp.net>
References: <CAGZ8ZG0rBxiE2dGZXhpvhKiyJOu=6Bn8sQ2seJ9_KvgPjmaaRg@mail.gmail.com>
In-Reply-To: <CAGZ8ZG0rBxiE2dGZXhpvhKiyJOu=6Bn8sQ2seJ9_KvgPjmaaRg@mail.gmail.com>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="------------enig0EBA5A031992C663492208DC"
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/hbNOu_CuXesLzX0ZmFz8E-vHhaQ
Cc: "uta@ietf.org" <uta@ietf.org>
Subject: Re: [Uta] Opportunistic encryption and authentication agility
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Mar 2014 02:50:50 -0000

Trevor Perrin wrote:
> A point I haven't seen in the recent debate:
> 
> Whether a TLS connection is "opportunistic" or "authenticated" depends
> not just on the wire protocol but on the client's capabilities.
> 
> A client who possesses an HPKP or TACK pin, or is capable of querying
> DANE or Convergence, might be able to authenticate a connection which
> to a different client would be opportunistic.
> 
> So when we talk about OE at the protocol level, I think we're really
> talking about whether to allow agility of authentication methods, or
> mandate a specific method.
We should, yes. And we should get rid of the term "opportunistic". It
seems to me that a lot of people do mean different things by that. Not
necessarily on this ML: Just Google through blogs and search twitter.

But I certainly do not want to start up this discussion again. The thing
is, we need to be clear on what we define as "opportunistic".

> In the case of HTTPS, the Web PKI has been mandated.  A small site
> that doesn't want to pay the costs of Web PKI but would be willing to
> deploy cheaper methods (pinning; DNSSEC/DANE) cannot do so.
Common sense tells you that trust is not something you can buy. Trust
has to be earned, just like in the real world, and proven over and over
again.

I have repeated myself for the last couple of years on this issue, and
am repeating myself almost continuously since last summer: just get rid
of X.509 for trust on the internet. On local scale it might make sense,
it does not, however, on a widely dispersed and distributed system.

TACK is an elegant proposal that might in the end be able to fade out CA
bound trust as in use today. I hope it does get accepted and deployed,
as of today I cannot see any reason why it shouldn't be.

> If opportunistic TLS was allowed, then we would have the ability to
> deploy new auth methods without having to forever support whatever was
> in vogue when the initial standard came out.
+1

> I think that argues in favor of opportunistic TLS, for HTTP and other protocols.
+1

Aaron

v2.23.0 | Report a Bug | By Email