On 8/2/2014 7:59 AM, Stephen Farrell wrote:
I'm not clear on why this thread isn't relitigating the
chartering discussion. Can someone explain that?
From the charter:
---
The goal of this WG is to provide an additional security tool that
complements existing protocols at other layers in the stack. The WG will
be looking for the designs that find the right tradeoff spot between
conflicting requirements
---
Fortunately, the charter has several such conflicting requirements.
1) pervasive monitoring vs. unauthenticated mechanisms
- seeks to use unauthenticated encryption
- seeks to protect against pervasive monitoring
Pervasive monitoring concerns are driven by on-path monitoring and
traffic metadata. Unauthenticated security protects against off-path
attacks and broadcast channel monitoring, and does nothing to address
pervasive monitoring.
2) confusing implementation with protocol layer:
Providing unauthenticated encryption and integrity protection at
the TCP layer will provide a set of features that cannot be achieved
with existing tools...
vs.
encryption and integrity protection without modifications to the
upper layers (no API changes)
BITW can achieve the same protection as BITS.
----
We can either discuss these issues or continue to ignore them.
Joe
_______________________________________________
Tcpinc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tcpinc
