Michael Thomas wrote on 08/06/2020 17:59:
On 6/8/20 2:09 AM, Nick Hilliard wrote:
in their current incarnations, transport mode ipsec and tcp-ao aren't
deployable at scale in the same way that tls is.
why would you say that? what layer the crypto is performed seems sort of
irrelevant: rsa, aes and sha don't care who calls them. i assume that
you can hack ipsec to emulate clients not having certs. what's left?
Usability? How about you put someone's granny in front of a computer
and give her the simple task of transferring some data over tls, or
tcp-ao, or ipsec. Any data would do, e.g a http GET, or a one-line
message to her grand-daughter to say happy birthday.
Regarding transport layer integrity, there are distant echoes of the
old circuit-switched vs packet-switched arguments going on here.
tcp/ip made circuit switching redundant by loosening its assumptions
about transport layer reliability. I wonder are we now seeing
something similar with TLS, which no longer depends on either
underlying transport or ip header integrity by pushing data stream
integrity management higher up the stack.
Quic seems to have done the opposite by moving it down. But do I trust
higher levels to deal with congestion avoidance correctly? Not at all.
That's a tragedy of the commons waiting to melt down.
The other aspect of these distant echoes related to how previous
incumbencies gave pretty serious push-back due to their concerns about
people not paying enough attention to lower-layer considerations.
Nick
