Re: [Uta] Proposed definition of opportunistic encryption using TLS: draft-hoffman-uta-opportunistic-tls-00.txt
Alan Johnston <alan.b.johnston@gmail.com> Tue, 04 February 2014 15:02 UTC
Return-Path: <alan.b.johnston@gmail.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B3201A0140 for <uta@ietfa.amsl.com>; Tue, 4 Feb 2014 07:02:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Id6vfBiywrQ6 for <uta@ietfa.amsl.com>; Tue, 4 Feb 2014 07:02:36 -0800 (PST)
Received: from mail-pb0-x235.google.com (mail-pb0-x235.google.com [IPv6:2607:f8b0:400e:c01::235]) by ietfa.amsl.com (Postfix) with ESMTP id C49401A0161 for <uta@ietf.org>; Tue, 4 Feb 2014 07:02:36 -0800 (PST)
Received: by mail-pb0-f53.google.com with SMTP id md12so8508479pbc.12 for <uta@ietf.org>; Tue, 04 Feb 2014 07:02:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=11nhwOYlk7hZ7pLvv4XRrpaPvfbcpITWTb6wK9RgAAs=; b=K1shEErbm3V3M1ag3If7vrM2t6DvsaN2yR8ztYTdhi3yqVJUecW0zkdEFIweaBdFM7 ZWqFGdBgao0LToy6WFK4bZIJytGR9bDExgxIrHSHezKLCrn5UDQ5cFy4eDURDKccdg1x l0TEiDf+O3xy0GUtGYt9T05ubzsxl0jkD1SRnkF6cqVlmWCoIqo9ndAfNE94YeglNHUg wK2xWyiWh09sUzWGa3FEl560pW2QxmK/rfOUxtAf5n1GYaeKtkk9ctsDXslAiPrml9SP Yx+DIBt5mwPWZ3lxc3XUoU2Ivm0wvS3tsaCOD9mNIuTpjE8HWlTrTPhoSz3GFy9z10BT kYyA==
MIME-Version: 1.0
X-Received: by 10.68.241.134 with SMTP id wi6mr43856438pbc.44.1391526155127; Tue, 04 Feb 2014 07:02:35 -0800 (PST)
Received: by 10.68.168.132 with HTTP; Tue, 4 Feb 2014 07:02:34 -0800 (PST)
In-Reply-To: <C32D6057-55E5-4825-93ED-F54556DE1CD0@vpnc.org>
References: <20140203045910.9714.53880.idtracker@ietfa.amsl.com> <B8691415-07F3-4081-8247-E103A60E5CF0@vpnc.org> <700ECF7E-253E-4CCC-BD73-6008216E5429@edvina.net> <CAKhHsXFmbc_CxPHSfzji-J7mJTUh4MOfwVFjnOdk-B+bA9miqA@mail.gmail.com> <D9374419-5EFE-455D-B348-F2698001BDF6@vpnc.org> <CAKhHsXHvme7-26MFHwsdvR-osqhy4L1dk6gZve9YR5jPduNi1A@mail.gmail.com> <52EFD1E4.6020200@fifthhorseman.net> <CAKhHsXGHdC9-3hM4JuXnt=TQfY9YVbUX_fnTBPz=te05dNrfCw@mail.gmail.com> <C32D6057-55E5-4825-93ED-F54556DE1CD0@vpnc.org>
Date: Tue, 04 Feb 2014 09:02:34 -0600
Message-ID: <CAKhHsXE77Nu6Z_P5W3JwW==_cOU5ey_ShBpVf8+hMwa8Bys4WA@mail.gmail.com>
From: Alan Johnston <alan.b.johnston@gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: multipart/alternative; boundary="047d7b339be72c107c04f195ee8f"
Cc: uta@ietf.org
Subject: Re: [Uta] Proposed definition of opportunistic encryption using TLS: draft-hoffman-uta-opportunistic-tls-00.txt
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Feb 2014 15:02:38 -0000
Paul, Thanks for the reply. See below for a few comments. Also, I wanted to say that I really like this approach of using a short draft that tries to define a term and says what it is and what it isn't.. - Alan - On Mon, Feb 3, 2014 at 3:34 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote: > On Feb 3, 2014, at 11:19 AM, Alan Johnston <alan.b.johnston@gmail.com> > wrote: > > > I think this is the opportunisticky property that we need a good working > definition. However, in the next paragraph, sentences such as this, don't > help: > > > > When an application that supports opportunistic encryption negotiates > > TLS, that application might or might not authenticate the TLS server. > > > > > > That is true, but it is irrelevant to the definition. > > Unfortunately not, because authentication is inherently part of TLS, so we > have to call out what in TLS we are doing differently. > > > An opportunistic encryption system might also use PFS, do logging, cache > keys, or any number of other things. > > All those are optional; authentication of the server by the client is not. > Help me understand. You are saying authentication of the server by the client in TLS is not optional. I suspect you mean that the client must try to authenticate the server. If this authentication fails, this doesn't automatically mean TLS will close the connection, right? Or, when, for example, a browser pops up a error message which can allow a user to click yes, is this treated by TLS as a successful authentication? I guess what I'm saying is that from a non-TLS expert's perspective, it appears that authentication is optional by TLS, at least the way it is used with web browsers. > > > We need separate definitions for each of these, and not conflate them > together. Otherwise, we can't make any sensible recommendations about > opportunistic approaches, especially when different people conflate > different things and use the same word. > > I'm definitely open to wording suggestions. > I guess this is the problem of trying to define opportunistic for a single protocol, rather than trying to define the term generically and then apply it to a given protocol. For example, it is possible that TLS can only support opportunistic encryption with PKI authentication, but this doesn't mean that we should change what we mean by opportunistic encryption to fit the particulars of how TLS is designed. On the other hand, if the word opportunistic has too much baggage, then maybe we just need to treat it as a generic feature name which mean different things in different contexts. In this case, we would need a new term for the concept that you describe in the first sentence of your definition, IMO. > > --Paul Hoffman
- [Uta] Proposed definition of opportunistic encryp… Paul Hoffman
- Re: [Uta] Proposed definition of opportunistic en… Olle E. Johansson
- Re: [Uta] Proposed definition of opportunistic en… Stephen Farrell
- Re: [Uta] Proposed definition of opportunistic en… Alan Johnston
- Re: [Uta] Proposed definition of opportunistic en… Paul Hoffman
- Re: [Uta] Proposed definition of opportunistic en… Paul Hoffman
- Re: [Uta] Proposed definition of opportunistic en… Alan Johnston
- Re: [Uta] Proposed definition of opportunistic en… Daniel Kahn Gillmor
- Re: [Uta] Proposed definition of opportunistic en… Leif Johansson
- Re: [Uta] Proposed definition of opportunistic en… Daniel Kahn Gillmor
- Re: [Uta] Proposed definition of opportunistic en… Alan Johnston
- Re: [Uta] Proposed definition of opportunistic en… Daniel Kahn Gillmor
- Re: [Uta] Proposed definition of opportunistic en… Paul Hoffman
- Re: [Uta] Proposed definition of opportunistic en… Paul Hoffman
- Re: [Uta] Proposed definition of opportunistic en… Paul Hoffman
- Re: [Uta] Proposed definition of opportunistic en… Daniel Kahn Gillmor
- Re: [Uta] Proposed definition of opportunistic en… Paul Hoffman
- Re: [Uta] Proposed definition of opportunistic en… Stephen Farrell
- Re: [Uta] Proposed definition of opportunistic en… Alan Johnston
- Re: [Uta] Proposed definition of opportunistic en… Paul Hoffman