Rich, Well, I didn't write this to merely get things off my chest. I have been active in the IETF for over 25 years, and this is the first time I have seen an attack pass IETF LC.
Regarding using 5-tuples, random dynamic + 443 port numbers are mostly useless, and server IP address does not provide granular application classification. I don't really care if the server belongs to Google since the same IP address can be used for about 20 different applications with wildly diverging forwarding policy requirements. Gmail can be delayed for seconds, search has intermediate delay but low data-rate, Youtube DASH has critical delay issues at startup and then none afterwards, but high bandwidth, etc. And a large percentage of the traffic may be on an operator CDN, so that different OTTs share IP addresses. And that covers only the traffic management issue I raised. Regarding the more serious malware detection issue, I assume that you expect me to rely on the RFC 3514 marking in the IP header? Y(J)S From: Salz, Rich <rsalz=40akamai....@dmarc.ietf.org> Sent: Wednesday, July 2, 2025 6:28 PM To: Yaakov Stein <yst...@allot.com>; <tls@ietf.org> <tls@ietf.org> Subject: [EXTERNAL] Re: New Version Notification for draft-stein-tls-ech-considered-harmful-00.txt External Email: Be cautious do not click links or open attachments unless you recognize the sender and know the content is safe I appreciate that sometimes it's just good to get something off your chest. Why doesn't TCP-level filtering and control work? Nobody's hiding the five-tuple. This message is intended only for the designated recipient(s). It may contain confidential or proprietary information. If you are not the designated recipient, you may not review, copy or distribute this message. If you have mistakenly received this message, please notify the sender by a reply e-mail and delete this message. Thank you.
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
