On 24 September 2013 09:36, Stephen Farrell <[email protected]> wrote: > > Hi Ben, Mark, > > On 09/17/2013 05:15 PM, Ben Laurie wrote: >> On 17 September 2013 13:17, Mark Handley <[email protected]> wrote: >>> >>> On Tue, Sep 17, 2013, at 04:40 AM, Scott Brim wrote: >>> >>> With the entire web moving To UDP and QUIC, tcpcrypt isn't nearly so >>> interesting. >>> >>> QUIC is pretty interesting as a protocol and does a lot of things that TCP >>> should have evolved to do. From a security point of view, if I understand >>> the design documents correctly, it's really a drop-in replacement for >>> TLS/TCP. Thus it seems to suffer from the same issues TLS does - not >>> enabled sufficiently frequently (you can argue about why, but we've been >>> doing that for a very long time), and dependence on the CA infrastructure. >>> Thus it seems likely to be mostly deployed in places that already do TLS. >>> >>> QUIC could, of course, take the same approach as tcpcrypt. Do encryption by >>> default using ephemeral public keys, even with no configuration, but provide >>> the hooks to enable various forms of authentication. From what I've read, >>> it doesn't seem to do that. Please correct me if I misunderstood though. >> >> You are right, but there's no reason not to extend QUIC to do >> ephemeral encryption. That wasn't the use case we were thinking about >> when we designed it. >> >> Seems like a useful thing for the IETF to consider. > > So does someone have some concrete next steps in this master > plan? (Which sounds interesting to me at least.) > > Maybe make a proposal to the tcpm wg to adopt tcpcrypt, > examine tcpcrypt as an approach for mptcp and then start > on a QUIC-with-similar-crypto or something? > > If its too early for that last step, is someone gonna > propose one or both of the others?
We're certainly interested in bringing QUIC to the IETF. Extending it for ephemeral sounds like a useful thing to me. > > Or something else? > > This being the IETF, someone needs to push it along or > nothing will happen. > > Cheers, > S. > _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
