IETF Logo Mail Archive

Re: [Uta] Proposed definition of opportunistic encryption using TLS: draft-hoffman-uta-opportunistic-tls-00.txt

Paul Hoffman <paul.hoffman@vpnc.org> Mon, 03 February 2014 21:34 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BE661A0210 for <uta@ietfa.amsl.com>; Mon, 3 Feb 2014 13:34:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.347
X-Spam-Level:
X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aq7BSFwHz5NH for <uta@ietfa.amsl.com>; Mon, 3 Feb 2014 13:34:50 -0800 (PST)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id E42441A01EE for <uta@ietf.org>; Mon, 3 Feb 2014 13:34:49 -0800 (PST)
Received: from [10.20.30.90] (50-1-98-67.dsl.dynamic.sonic.net [50.1.98.67]) (authenticated bits=0) by hoffman.proper.com (8.14.7/8.14.7) with ESMTP id s13LEkww008062 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Mon, 3 Feb 2014 14:14:47 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: hoffman.proper.com: Host 50-1-98-67.dsl.dynamic.sonic.net [50.1.98.67] claimed to be [10.20.30.90]
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <CAKhHsXGHdC9-3hM4JuXnt=TQfY9YVbUX_fnTBPz=te05dNrfCw@mail.gmail.com>
Date: Mon, 03 Feb 2014 13:34:38 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <C32D6057-55E5-4825-93ED-F54556DE1CD0@vpnc.org>
References: <20140203045910.9714.53880.idtracker@ietfa.amsl.com> <B8691415-07F3-4081-8247-E103A60E5CF0@vpnc.org> <700ECF7E-253E-4CCC-BD73-6008216E5429@edvina.net> <CAKhHsXFmbc_CxPHSfzji-J7mJTUh4MOfwVFjnOdk-B+bA9miqA@mail.gmail.com> <D9374419-5EFE-455D-B348-F2698001BDF6@vpnc.org> <CAKhHsXHvme7-26MFHwsdvR-osqhy4L1dk6gZve9YR5jPduNi1A@mail.gmail.com> <52EFD1E4.6020200@fifthhorseman.net> <CAKhHsXGHdC9-3hM4JuXnt=TQfY9YVbUX_fnTBPz=te05dNrfCw@mail.gmail.com>
To: Alan Johnston <alan.b.johnston@gmail.com>
X-Mailer: Apple Mail (2.1827)
Cc: uta@ietf.org
Subject: Re: [Uta] Proposed definition of opportunistic encryption using TLS: draft-hoffman-uta-opportunistic-tls-00.txt
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2014 21:34:51 -0000

On Feb 3, 2014, at 11:19 AM, Alan Johnston <alan.b.johnston@gmail.com> wrote:

> I think this is the opportunisticky property that we need a good working definition.  However, in the next paragraph, sentences such as this, don't help:
> 
>    When an application that supports opportunistic encryption negotiates
>    TLS, that application might or might not authenticate the TLS server.
> 
> 
> That is true, but it is irrelevant to the definition.  

Unfortunately not, because authentication is inherently part of TLS, so we have to call out what in TLS we are doing differently.

> An opportunistic encryption system might also use PFS, do logging, cache keys, or any number of other things.

All those are optional; authentication of the server by the client is not.

>   We need separate definitions for each of these, and not conflate them together. Otherwise, we can't make any sensible recommendations about opportunistic approaches, especially when different people conflate different things and use the same word.

I'm definitely open to wording suggestions.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email