IETF Logo Mail Archive

Re: [Uta] Opportunistic TLS and draft-ietf-uta-tls-bcp-04

Pete Resnick <presnick@qti.qualcomm.com> Thu, 09 October 2014 21:34 UTC

Return-Path: <presnick@qti.qualcomm.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6AFA1A88BA for <uta@ietfa.amsl.com>; Thu, 9 Oct 2014 14:34:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.787
X-Spam-Level:
X-Spam-Status: No, score=-7.787 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XtckgGBlQ-zp for <uta@ietfa.amsl.com>; Thu, 9 Oct 2014 14:34:02 -0700 (PDT)
Received: from wolverine01.qualcomm.com (wolverine01.qualcomm.com [199.106.114.254]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45A6E1A88B1 for <uta@ietf.org>; Thu, 9 Oct 2014 14:34:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1412890442; x=1444426442; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=JbfBQGTKrU81TBPyG3rzg23DJr1jAmPiZ6oXB6KAPs8=; b=A3cRcQ4EroZ32gM6cibprL+RaRD2W+okkJCkElAkFycjn7Lk9u/7XJ3G UiDSJecEkucdXxBvNuMoYOuYJPcMZk2tmdiv3IHXw2hFM7NVVuDjT2JEL Obu/SSVQKrb12HnUVxmaGNC8E00IIXKJmwqgqdhbMUfVjZ14qu71tyCUP Q=;
X-IronPort-AV: E=McAfee;i="5600,1067,7586"; a="73516119"
Received: from ironmsg04-r.qualcomm.com ([172.30.46.18]) by wolverine01.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 09 Oct 2014 14:34:02 -0700
X-IronPort-AV: E=Sophos;i="5.04,687,1406617200"; d="scan'208";a="821287913"
Received: from nasanexhc02.na.qualcomm.com ([10.46.56.110]) by Ironmsg04-R.qualcomm.com with ESMTP/TLS/RC4-SHA; 09 Oct 2014 14:34:01 -0700
Received: from NASANEXM01F.na.qualcomm.com (10.46.201.192) by NASANEXHC02.na.qualcomm.com (10.46.56.110) with Microsoft SMTP Server (TLS) id 14.3.181.6; Thu, 9 Oct 2014 14:34:00 -0700
Received: from resnick2.qualcomm.com (10.80.80.8) by NASANEXM01F.na.qualcomm.com (10.46.201.192) with Microsoft SMTP Server (TLS) id 15.0.913.22; Thu, 9 Oct 2014 14:33:50 -0700
Message-ID: <5436FF35.3090907@qti.qualcomm.com>
Date: Thu, 09 Oct 2014 16:33:41 -0500
From: Pete Resnick <presnick@qti.qualcomm.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv:1.9.1.9) Gecko/20100630 Eudora/3.0.4
MIME-Version: 1.0
To: "Orit Levin (LCA)" <oritl@microsoft.com>
References: <4FBFECBC-1492-441B-B703-E6E49924EF14@ieca.com> <20141003134257.GW13254@mournblade.imrryr.org> <54319B57.3010204@gmail.com> <522601C0-AD2C-4CBD-A5F1-92F356864471@isode.com> <f26213bf465945b7a912993b83420332@BL2PR03MB290.namprd03.prod.outlook.com> <020101cfe2d9$294e1f40$4001a8c0@gateway.2wire.net> <20141009030704.GL13254@mournblade.imrryr.org> <016201cfe3a1$15ee1cc0$4001a8c0@gateway.2wire.net> <83c93b3b23e041a292616f130622c91b@BL2PR03MB290.namprd03.prod.outlook.com>
In-Reply-To: <83c93b3b23e041a292616f130622c91b@BL2PR03MB290.namprd03.prod.outlook.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.80.80.8]
X-ClientProxiedBy: nasanexm01a.na.qualcomm.com (129.46.53.228) To NASANEXM01F.na.qualcomm.com (10.46.201.192)
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/P-CP3LkjZ81uMZ1jF230oJctdsU
Cc: "uta@ietf.org" <uta@ietf.org>, "t.p." <daedulus@btconnect.com>
Subject: Re: [Uta] Opportunistic TLS and draft-ietf-uta-tls-bcp-04
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Oct 2014 21:34:04 -0000

On 10/9/14 3:40 PM, Orit Levin (LCA) wrote:
>> Orit said
>> "We have the "Opportunistic TLS" topic as one of the UTA potential
>> deliverables, so we welcome the interested parties to write a separate
>> draft on the subject ..... "
>>      
> On Jan 17, the charter was mapped to a list of proposed deliverable. Please, see the WG archive for the corresponding thread. One of the identified deliverables is:
> 4. A document discussing (and potentially defining) how to apply the opportunistic encryption approach (preliminary outlined in draft-farrelll-mpls-opportunistic-encrypt-00.txt) to TLS. (Category TBD)
>
>    
>> Well, no.  The charter does not mention opportunistic, so again, we lack
>> a definition, or at least a link between whichever part of the charter
>> people have in mind and the term "Opportunistic TLS".
>>      
> That's probably a statement for the ADs to address... Pete, could you, please, chime in and clarify (again) what the intention of the Charter language is and how it corresponds to the "Opportunistic ..." concept?
>
>  From the UTA Charter:
> "- Consider, and possibly define, a standard way for an application client and server to use unauthenticated encryption through TLS when server and/or client authentication cannot be achieved."
>    

Orit has it exactly correct: What people are now referring to as 
"opportunistic TLS" is what the charter refers to as "unauthenticated 
encryption through TLS". That was the IESG's intention when the charter 
was approved.

It is up to the WG whether this document will additionally discuss the 
issue of doing authentication in an opportunistic manner.

I think references to the Opportunistic Security draft are perfectly 
reasonable.

(And just to be clear: One of the primary reasons that the term 
"opportunistic encryption" was not chosen for the title of the O-S 
document is because the term "opportunistic encryption" was already used 
by RFC 4322 in an incompatible way. Claims that it is "yet to be 
defined" are simply mistaken.)

pr

-- 
Pete Resnick<http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478

v2.23.0 | Report a Bug | By Email