IETF Logo Mail Archive

Re: [Uta] Proposed definition of opportunistic encryption using TLS: draft-hoffman-uta-opportunistic-tls-00.txt

Paul Hoffman <paul.hoffman@vpnc.org> Mon, 03 February 2014 16:43 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A9CB1A0139 for <uta@ietfa.amsl.com>; Mon, 3 Feb 2014 08:43:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.347
X-Spam-Level:
X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OWMIgLZq6geS for <uta@ietfa.amsl.com>; Mon, 3 Feb 2014 08:43:31 -0800 (PST)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id D303E1A0121 for <uta@ietf.org>; Mon, 3 Feb 2014 08:43:31 -0800 (PST)
Received: from [10.20.30.90] (50-1-98-67.dsl.dynamic.sonic.net [50.1.98.67]) (authenticated bits=0) by hoffman.proper.com (8.14.7/8.14.7) with ESMTP id s13GNNbT000873 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Mon, 3 Feb 2014 09:23:25 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: hoffman.proper.com: Host 50-1-98-67.dsl.dynamic.sonic.net [50.1.98.67] claimed to be [10.20.30.90]
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <52EF8F72.4050905@cs.tcd.ie>
Date: Mon, 03 Feb 2014 08:43:22 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <3C6E4DFB-AD3D-421C-ACBD-151AEDFE0124@vpnc.org>
References: <20140203045910.9714.53880.idtracker@ietfa.amsl.com> <B8691415-07F3-4081-8247-E103A60E5CF0@vpnc.org> <52EF8F72.4050905@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.1827)
Cc: uta@ietf.org
Subject: Re: [Uta] Proposed definition of opportunistic encryption using TLS: draft-hoffman-uta-opportunistic-tls-00.txt
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2014 16:43:33 -0000

On Feb 3, 2014, at 4:45 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:

> On this one, I don't really care which, if any, WG, ends up
> processing a draft defining these terms, but it is important
> that the definitions related to the use of the term
> opportunistic and crypto be ones that work for more than
> TLS, this WG and the apps area, but are as well accepted
> for the entire IETF. For example, IPsec and even MPLS folk
> should be able to use the same terms without confusion arising.

That would be nice, but it is also impossible. What *is* possible is that each area's use of "opportunistic encryption using XYZ" felt similar enough to prevent confusion. If you insist that all possible definitions be in a single document, the understanding of specific use case (here, TLS) will be greatly diminished.

As you can see for this document, whatever the apps-with-TLS folks here in UTA do, we need to deal with terms for both "opportunistic encryption" *and* "unauthenticated TLS". For some of the other places that need to deal with "opportunistic encryption", the latter is not needed.

Assuming that there are approximately five definition documents, someone could write a short directory document that lists them and is updated when new ones are added.

> Note also that there will be discussion on this topic at the
> STRINT w/s before IETF-89 and I have some hope that we can
> get agreement quickly enough between there and the following
> week of meetings that it won't matter which WG "owns" the
> draft.

A different, and I hope better, conclusion from the workshop would be agreement about what areas need definitions of "opportunistic encryption using XYZ" and start coordination among them. 

> On your draft Paul, I don't think it really covers that
> charter work item since it only has some definitions. But
> that said, if we conclude a WG document is better, I'm fine
> if this WG is the place to write down the definitions so
> long as those are more broadly accepted.

The charter item is limited to TLS. Are you saying you want the WG to ignore that and try to work with other encryption mechanisms as well?


> And a few more near-random comments:
> 
> Ending up with substantively different definitions for
> the term opportunistic e.g. when used with TLS and IPsec
> would be a dumb outcome IMO.

Fully agree.

> At present we do have such
> confusion and we do need to fix that, so a draft like
> Paul's that does define the terms is something we do
> want. I know that Steve Kent is also working on a different
> draft that defines these terms, perhaps differently.
> I've not thought about which of the two might be a
> better starting point, and Steve's isn't yet published
> so others can't either. (Steve's text will be published
> at the end of this week with other STRINT submissions
> though.)

Steve let me see an early pre-draft of his draft. It is quite comprehensive and complicated. While it might be useful to security experts and academics, I don't think that is as helpful to protocol developers as a short, concise document such as this one.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email