IETF Logo Mail Archive

Re: [Uta] opportunistic keying / encryption considered of dubious value

t.p. <daedulus@btconnect.com> Tue, 25 March 2014 09:50 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F2CA1A0386 for <uta@ietfa.amsl.com>; Tue, 25 Mar 2014 02:50:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.099
X-Spam-Level:
X-Spam-Status: No, score=0.099 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IV89KzTQcqv9 for <uta@ietfa.amsl.com>; Tue, 25 Mar 2014 02:50:08 -0700 (PDT)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1lp0012.outbound.protection.outlook.com [213.199.154.12]) by ietfa.amsl.com (Postfix) with ESMTP id 7482E1A038C for <uta@ietf.org>; Tue, 25 Mar 2014 02:50:02 -0700 (PDT)
Received: from AMXPRD0111HT003.eurprd01.prod.exchangelabs.com (157.56.250.117) by DB4PR07MB252.eurprd07.prod.outlook.com (10.242.231.153) with Microsoft SMTP Server (TLS) id 15.0.898.11; Tue, 25 Mar 2014 09:49:54 +0000
Message-ID: <00e601cf480e$c720eec0$4001a8c0@gateway.2wire.net>
From: "t.p." <daedulus@btconnect.com>
To: Watson Ladd <watsonbladd@gmail.com>, Trevor Perrin <trevp@trevp.net>
References: <53249D4E.2080104@network-heretics.com> <5324ECFC.2050004@akr.io> <53256D07.7020005@network-heretics.com> <5325AEB2.9070804@mnt.se> <5325B3E7.3060508@network-heretics.com> <5326271D.40107@eff.org> <532660F5.908@cs.tcd.ie> <CAGZ8ZG0LDrHNo2W-Ho2OssPTYNjoaiRCZ3u4rcvWXhj=vG+3cQ@mail.gmail.com> <532D9B4B.8040106@cs.tcd.ie> <CAGZ8ZG1MKuXbM+AuUt4y0jRVEw4a2o7Mcf_11J=FFR3aOPt1ow@mail.gmail.com> <CACsn0c=DzmuLBX1X5RwKRxv_r4ihPj2M5vgxUKabSf_gyMYOuQ@mail.gmail.com>
Date: Tue, 25 Mar 2014 09:37:47 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [157.56.250.117]
X-ClientProxiedBy: DBXPR07CA004.eurprd07.prod.outlook.com (10.255.191.162) To DB4PR07MB252.eurprd07.prod.outlook.com (10.242.231.153)
X-Forefront-PRVS: 01613DFDC8
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009001)(6009001)(428001)(51704005)(189002)(199002)(377454003)(13464003)(24454002)(56816005)(85306002)(83072002)(47446002)(89996001)(62236002)(65816001)(63696002)(20776003)(93516002)(86362001)(98676001)(93916002)(69226001)(47776003)(74662001)(31966008)(74366001)(87976001)(83322001)(19580405001)(46102001)(85852003)(19580395003)(4396001)(80022001)(59766001)(93136001)(94316002)(15975445006)(80976001)(88136002)(81342001)(74502001)(50986001)(87286001)(87266001)(77156001)(95416001)(77982001)(92726001)(66066001)(23756003)(42186004)(74876001)(61296002)(84392001)(62966002)(14496001)(49866001)(47736001)(50226001)(53806001)(95666003)(94946001)(33646001)(97336001)(76786001)(79102001)(47976001)(92566001)(44716002)(51856001)(90146001)(74706001)(76796001)(44736004)(56776001)(81542001)(50466002)(97186001)(54316002)(76482001)(77096001)(74416001)(7726001); DIR:OUT; SFP:1101; SCL:1; SRVR:DB4PR07MB252; H:AMXPRD0111HT003.eurprd01.prod.exchangelabs.com; FPR:7A64C19B.A6236742.FDD33547.9AE4C17C.203B5; MLV:nov; PTR:InfoNoRecords; MX:1; A:0; LANG:en;
Received-SPF: None (: btconnect.com does not designate permitted sender hosts)
X-OriginatorOrg: btconnect.com
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/yD32P915auih2xKFpbqxptFWNK4
Cc: uta@ietf.org
Subject: Re: [Uta] opportunistic keying / encryption considered of dubious value
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Mar 2014 09:50:11 -0000

----- Original Message -----
From: "Watson Ladd" <watsonbladd@gmail.com>
To: "Trevor Perrin" <trevp@trevp.net>
Cc: <uta@ietf.org>; "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
Sent: Saturday, March 22, 2014 9:25 PM
> On Sat, Mar 22, 2014 at 1:00 PM, Trevor Perrin <trevp@trevp.net>
wrote:
> > On Sat, Mar 22, 2014 at 7:16 AM, Stephen Farrell
> > <stephen.farrell@cs.tcd.ie> wrote:
> >.
> >
> > You mean the browser devs who support the world's main TLS libraries
> > and TLS applications, understand the HTTPS ecosystem better than
> > anyone, and are the implementors (and thus gatekeepers) for any
> > changes?
>
> Personally I have never understood why connecting to a site with a bad
> certificate shows me a warning, while visiting a site over HTTP does
> not.

In a similar vein, but perhaps at a slight tangent, I have never
understood why every browser I have installed has CRL checking turned
off.  Or perhaps I do, since when I turn it on, I find that there are
those on IETF lists who send e-mails which invoke CRLs over 1Mbyte in
size which take 30s to download every time I want to view their e-mail
(round trips, not bandwidth, being the problem).

So do we continue to recommend that CRL checking is turned off and so
open certificates to another attack vector?

Tom Petch





> It should simply not indicate security. Perhaps an exemption should be
> made for some websites which have known good certificates but then the
> UI should never permit bypassing checks. Current behavior amounts to
> limiting the use of alternatives to the current PKI, without actually
> providing a gain in security. Browser vendors are working on DANE,
> TACK, and CT, which I think are much more promising for encrypting
> everything if we can reduce the administrative load involved.
>
> Sincerely,
> Watson Ladd
> >
> > We should be encouraging more of their participation and viewpoints.
> >
> > It's frustrating when they don't race to support your great new
idea.
> > I've been there.  But working to "beat up" and alienate them is not
> > the solution.
> >
> >
> > Trevor
> >
> > _______________________________________________
> > Uta mailing list
> > Uta@ietf.org
> > https://www.ietf.org/mailman/listinfo/uta
>
>
>
> --
> "Those who would give up Essential Liberty to purchase a little
> Temporary Safety deserve neither  Liberty nor Safety."
> -- Benjamin Franklin
>
> _______________________________________________
> Uta mailing list
> Uta@ietf.org
> https://www.ietf.org/mailman/listinfo/uta

v2.23.0 | Report a Bug | By Email