Re: [dns-privacy] More WGLC reviews for TLS Profiles draft?
Stephane Bortzmeyer <bortzmeyer@nic.fr> Tue, 13 December 2016 15:45 UTC
Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52BE9129B46 for <dns-privacy@ietfa.amsl.com>; Tue, 13 Dec 2016 07:45:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.796
X-Spam-Level:
X-Spam-Status: No, score=-9.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-2.896] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZK02dJFZX2ah for <dns-privacy@ietfa.amsl.com>; Tue, 13 Dec 2016 07:45:32 -0800 (PST)
Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4F6E129B56 for <dns-privacy@ietf.org>; Tue, 13 Dec 2016 07:45:31 -0800 (PST)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id 55D812801C0; Tue, 13 Dec 2016 16:45:30 +0100 (CET)
Received: from relay2.nic.fr (relay2.nic.fr [192.134.4.163]) by mx4.nic.fr (Postfix) with ESMTP id 501EC28010E; Tue, 13 Dec 2016 16:45:30 +0100 (CET)
Received: from b12.nic.fr (unknown [192.134.7.106]) by relay2.nic.fr (Postfix) with ESMTP id 4E2F6B38003; Tue, 13 Dec 2016 16:45:00 +0100 (CET)
Received: by b12.nic.fr (Postfix, from userid 1000) id 47DDC3FC09; Tue, 13 Dec 2016 16:45:00 +0100 (CET)
Date: Tue, 13 Dec 2016 16:45:00 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Sara Dickinson <sara@sinodun.com>
Message-ID: <20161213154500.jiixuasis6ixuhh4@nic.fr>
References: <6cdc7899-f0f4-e735-a844-1a40bf1314fb@gmail.com> <EF0487AF-5D73-417F-A4C3-F3D42CCA3E05@sinodun.com> <20161210085205.GA6532@laperouse.bortzmeyer.org> <73C3176A-9A02-4CD4-9632-E8DE690AD961@sinodun.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <73C3176A-9A02-4CD4-9632-E8DE690AD961@sinodun.com>
X-Operating-System: Debian GNU/Linux stretch/sid
X-Kernel: Linux 4.7.0-1-amd64 x86_64
X-Charlie: Je suis Charlie
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: NeoMutt/20161126 (1.7.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/DxsMgZUi2_mmguY5_Wz6UB5LBFA>
Cc: dns-privacy@ietf.org, Stephane Bortzmeyer <bortzmeyer@nic.fr>
Subject: Re: [dns-privacy] More WGLC reviews for TLS Profiles draft?
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Dec 2016 15:45:34 -0000
On Tue, Dec 13, 2016 at 03:22:50PM +0000, Sara Dickinson <sara@sinodun.com> wrote a message of 51 lines which said: > > I'm still a bit concerned about the issue of detection (that there > > is an attack). Detection for passive attacks is only possible if > > there is a prior history, unlike the detection for active attacks, ... > I was trying to indicate that simply using clear text is essentially > the same as an attack because the traffic _can_ be subject to > passive eavesdropping. OK (a bit far-fetched but OK). > Would it help to replace the “N, D” labels in the table with just > “N” and update the text to say “N == no protection, may be subject > to attack” IMHO, no, since, in some cases, there is really the possibility of a detection, for instance if a server was doing encryption before and now refuses, you may suspect an attack (or a downgrade of the server...)
- [dns-privacy] Thanks for input on padding-profile… Tim Wicinski
- [dns-privacy] More WGLC reviews for TLS Profiles … Sara Dickinson
- Re: [dns-privacy] More WGLC reviews for TLS Profi… Christian Huitema
- Re: [dns-privacy] More WGLC reviews for TLS Profi… Stephane Bortzmeyer
- Re: [dns-privacy] More WGLC reviews for TLS Profi… John R Levine
- Re: [dns-privacy] More WGLC reviews for TLS Profi… Stephane Bortzmeyer
- Re: [dns-privacy] More WGLC reviews for TLS Profi… Sara Dickinson
- Re: [dns-privacy] More WGLC reviews for TLS Profi… Sara Dickinson
- Re: [dns-privacy] More WGLC reviews for TLS Profi… Sara Dickinson
- Re: [dns-privacy] More WGLC reviews for TLS Profi… Stephane Bortzmeyer
- Re: [dns-privacy] More WGLC reviews for TLS Profi… Warren Kumari
- Re: [dns-privacy] More WGLC reviews for TLS Profi… Sara Dickinson
- Re: [dns-privacy] More WGLC reviews for TLS Profi… Warren Kumari